@JonB It's an internal (private) distro, based on som ancient version of Ubuntu, I guess. Preinstalled on all of thier machines, so I have to stick to that.
(Hell they even have Qt4.8 preinstalled sxs!)
I have now found this thread posted 2 years ago which seems very similar to what I was looking for. The solution was to create a new QML component which create a new QML engine instance and isolates the untrusted QML code inside it.
That does isolate the execution context, it does't however monitor the network traffic generated by the component. In my case network communication must be restricted to a certain set of domains, so I need to intercept network going in and out of the component, any idea how?