ref) https://docs.docker.com/engine/release-notes/ (20.10 series)

• seccomp: Whitelist clock_adjtime. CAP_SYS_TIME is still required for time adjustment moby/moby#40929
• seccomp: Add openat2 and faccessat2 to default seccomp profile moby/moby#41353
• seccomp: allow ‘rseq’ syscall in default seccomp profile moby/moby#41158
• seccomp: allow syscall membarrier moby/moby#40731
• seccomp: whitelist io-uring related system calls moby/moby#39415
• Fix seccomp profile for clone syscall moby/moby#39308