Docker SECCOMP prevents system calls issued by OCI runtime

seccomp is enforced in runc.

The call chain looks like this: dockerd -> containerd -> containerd-shim -> runc

You can’t apply a seccomp profile that would prevent runc from being able to run your process.