Comment 17 for bug 1943049

Disabling the clone3 call should only be a temporary workaround to get 21.10 released, this still must be fixed properly so it can be reenabled in 22.04.

I feel like that docker change is working around a bug in crun/runc regarding the default seccomp policy and not the proper fix either. It will do nothing to prevent this from happening again with the next syscall glibc uses.

Any changes for the host docker/runc/crun/libpod/whatever needs to be SRUed to all releases like we did for newfstatat() in glibc 2.33.

I really want to make sure that we don't just fix this issue but also don't end up with the same thing when glibc 2.35 or later drops with another syscall.