diff --git a/crun.1 b/crun.1
index 1de638e38c..25ccd93e70 100644
--- a/crun.1
+++ b/crun.1
@@ -467,6 +467,12 @@ are available on the \fB\fCld.so(8)\fR man page.
 If the annotation \fB\fCrun.oci.seccomp\_fail\_unknown\_syscall\fR is present, then crun
 will fail when an unknown syscall is encountered in the seccomp configuration.
 
+.SH \fB\fCrun.oci.seccomp\_bpf\_data\fR
+.PP
+If the annotation \fB\fCrun.oci.seccomp\_bpf\_data\fR is present, then crun
+ignores the seccomp section in the OCI configuration file and use the specified file
+as the raw data to the \fB\fCseccomp(SECCOMP\_SET\_MODE\_FILTER)\fR syscall.
+
 .SH \fB\fCrun.oci.keep\_original\_groups=1\fR
 .PP
 If the annotation \fB\fCrun.oci.keep\_original\_groups\fR is present, then crun
diff --git a/crun.1.md b/crun.1.md
index 354b706f9f..355e29cf88 100644
--- a/crun.1.md
+++ b/crun.1.md
@@ -371,6 +371,12 @@ are available on the `ld.so(8)` man page.
 If the annotation `run.oci.seccomp_fail_unknown_syscall` is present, then crun
 will fail when an unknown syscall is encountered in the seccomp configuration.
 
+## `run.oci.seccomp_bpf_data`
+
+If the annotation `run.oci.seccomp_bpf_data` is present, then crun
+ignores the seccomp section in the OCI configuration file and use the specified file
+as the raw data to the `seccomp(SECCOMP_SET_MODE_FILTER)` syscall.
+
 ## `run.oci.keep_original_groups=1`
 
 If the annotation `run.oci.keep_original_groups` is present, then crun
diff --git a/src/libcrun/container.c b/src/libcrun/container.c
index f6e60ae3c9..93d08c90f0 100644
--- a/src/libcrun/container.c
+++ b/src/libcrun/container.c
@@ -1950,9 +1950,29 @@ libcrun_container_run_internal (libcrun_container_t *container, libcrun_context_
       if (annotation && strcmp (annotation, "0") != 0)
         seccomp_gen_options = LIBCRUN_SECCOMP_FAIL_UNKNOWN_SYSCALL;
 
-      ret = libcrun_generate_seccomp (container, seccomp_fd, seccomp_gen_options, err);
-      if (UNLIKELY (ret < 0))
-        return cleanup_watch (context, pid, sync_socket, terminal_fd, err);
+      annotation = find_annotation (container, "run.oci.seccomp_bpf_data");
+      if (annotation == NULL)
+        {
+          ret = libcrun_generate_seccomp (container, seccomp_fd, seccomp_gen_options, err);
+          if (UNLIKELY (ret < 0))
+            return cleanup_watch (context, pid, sync_socket, terminal_fd, err);
+        }
+      else
+        {
+          cleanup_free char *file_content = NULL;
+          size_t size;
+
+          ret = read_all_file (annotation, &file_content, &size, err);
+          if (UNLIKELY (ret < 0))
+            return cleanup_watch (context, pid, sync_socket, terminal_fd, err);
+
+          ret = safe_write (seccomp_fd, file_content, (ssize_t) size);
+          if (UNLIKELY (ret < 0))
+            {
+              crun_make_error (err, 0, "write to seccomp fd");
+              return cleanup_watch (context, pid, sync_socket, terminal_fd, err);
+            }
+        }
       close_and_reset (&seccomp_fd);
     }