sandbox: expose seccomp interface

There's no point in artificially limiting and abstracting away these options. The higher level hakurei package is responsible for providing a secure baseline and sane defaults. The sandbox package should present everything to the caller.

Signed-off-by: Ophestra <cat@gensokyo.uk>

hst/container.go

@@ -14,6 +14,8 @@ type (
 		SeccompFlags seccomp.ExportFlag `json:"seccomp_flags"`
 		// extra seccomp presets
 		SeccompPresets seccomp.FilterPreset `json:"seccomp_presets"`
+		// disable project-specific filter extensions
+		SeccompCompat bool `json:"seccomp_compat,omitempty"`
 		// allow ptrace and friends
 		Devel bool `json:"devel,omitempty"`
 		// allow userns creation in container