Seems this bug that prevented enabling seccomp is now fixed according to the changelog. Let’s see if it works for the next release.
Minor bugfixes (Linux seccomp2 sandbox):
Fix a bug in our sandboxing rules for the openat() syscall. Previously, no openat() call would be permitted, which would break filesystem operations on recent glibc versions. Fixes bug 25440; bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto.