Enable seccomp support for docker

Makefile

@@ -43,7 +43,8 @@ BUILD_ASSETS := $(PWD)/build/assets
 BUILDDIR ?= $(PWD)/build
 BUILDDIR := $(shell realpath $(BUILDDIR))
 KUBE_VER := v1.5.7
-DOCKER_VER := 1.12.6-0~debian-jessie
+SECCOMP_VER := 2.2.3-3~bpo8+1
+DOCKER_VER := 1.12.6
 FLANNEL_VER := amed/awsvpc-multi-routing-table-backend
 PUBLIC_IP := 127.0.0.1
 export
@@ -162,7 +163,7 @@ os:
 # needs (like bridge-utils or kmod)
 base: os
 	@echo -e "\n---> Making Planet/Base Docker image based on Planet/OS...\n"
-	$(MAKE) -e BUILDIMAGE=planet/base DOCKERFILE=base.dockerfile EXTRA_ARGS="--build-arg DOCKER_VER=$(DOCKER_VER)" make-docker-image
+	$(MAKE) -e BUILDIMAGE=planet/base DOCKERFILE=base.dockerfile EXTRA_ARGS="--build-arg SECCOMP_VER=$(SECCOMP_VER) --build-arg DOCKER_VER=$(DOCKER_VER)" make-docker-image
 
 # Builds a "buildbox" docker image. Actual building is done inside of Docker, and this
 # image is used as a build box. It contains dev tools (Golang, make, git, vi, etc)

build.assets/docker/base.dockerfile

@@ -1,9 +1,10 @@
 FROM planet/os
 
+ARG SECCOMP_VER
 ARG DOCKER_VER
 
 RUN apt-get install -q -y bridge-utils \
-        docker-engine=$DOCKER_VER \
+        seccomp=$SECCOMP_VER \
         bash-completion \
         kmod \
         iptables \
@@ -43,5 +44,11 @@ RUN apt-get install -q -y bridge-utils \
         dnsmasq ; \
     apt-get -y autoclean; apt-get -y clean
 
+# do not install docker from Debian repositories but rather download static binaries for seccomp support
+RUN curl https://get.docker.com/builds/Linux/x86_64/docker-$DOCKER_VER.tgz -o /tmp/docker-$DOCKER_VER.tgz && \
+    tar -xvzf /tmp/docker-$DOCKER_VER.tgz -C /tmp && \
+    cp /tmp/docker/* /usr/bin && \
+    rm -rf /tmp/docker*
+
 RUN groupadd --system --non-unique --gid 1000 planet ;\
     useradd --system --non-unique --no-create-home -g 1000 -u 1000 planet