Docker seccomp filters break Fedora 35+ container images
In GNOME/gnome-desktop!119 (closed) we see the following CI failure:
Error: Error downloading packages:
Curl error (6): Couldn't resolve host name for https://mirrors.fedoraproject.org/metalink?repo=rawhide&arch=x86_64 [getaddrinfo() thread failed to start]
This means we need to update GitLab to use a newer version of docker with fixed seccomp filters to either (a) allow use of the clone3 syscall, or (b) return ENOSYS to cause glibc to fallback to an older clone syscall, rather than EPERM which just causes everything to fail.
This problem was already fixed in docker: