I can see in the lxc repo README there is a trivial example:
lxc.seccomp = /var/lib/lxc/q1/seccomp.full
whith some commands to fill up a file with a whitelist which (it is claimed) allows everything.
Is there any documentation of what you can do with that seccomp config (specifically with LXC in this case). There seems to be no visible documentation on seccomp and LXC that I can find.
Looking at the config parser source it appears that lxc only supports a whitelist of permitted syscall numbers. Seccomp supports validating the parameters to syscalls, but the config format doesn't provide any way to express that.
Syscalls: http://docs.cs.up.ac.za/programming/asm/derick_tut/syscalls.html