Comment # 7 on bug 1190985 from Aleksa Sarai

I looked at this with William, basically the issue only pops up if you're using
a builder built with docker buildx create ... because the underlying issue is
that their builder buildkit images (which contain the docker daemon used for
building with build contexts) do not have the seccomp patch applied.

Unfortunately there isn't really a way for us to patch this, because the image
is pulled from the internet. On paper it should be possible to work around the
issue with --buildkitd-flags '--security-opt=seccomp=<the upstream
seccomp.json>' however because the daemon is running inside a custom image it
won't be able to access any file you download. You could use --driver-opt
image=... to make a custom build image but I'm not sure how to build one of
those.

All of this means that we basically just have to wait until upstream Docker
releases an update with the patch applied and updates all of their buildkit
images.

As an aside, this conversation lead me to discover that buildx has been split
off from the docker-cli and now is part of a CLI plugin system. The third-party
packages provided by Docker automatically provide the binary, but we don't have
it in our packages so I'll need to figure out how to package it...