Enable LimitUIDRange in Docker (seccomp)
LimitUIDRange uses seccomp to install a BPF on the syscall arguments for setuid.
seccomp requires the CAP_SYS_ADMIN
capability, which is not available by default in Docker, see seccomp.2 under SECCOMP_SET_MODE_FILTER.
By setting prctl(PR_SET_NO_NEW_PRIVS, 1);
this should become possible by default in Docker.