Hi

I'm searching for a way how to execute syscall.NETLINK_XFRM from inside a container.

I tried to start the container with --privileged mode, without luck. I tried to run the container with --security-opt seccomp=unconfined as described in the docs and also tried to extend the default docker profile by adding"netlink_xfrm" to the by default allowed syscall list (line 360 in the default.json), without success.

Can you tell me how I can make this syscall work? Is the seccomp profile the right way how to tackle that and if so, where and how should I specify the rule for this syscall?

Thank you for your help!