Long story short, in Trusty, Docker’s default seccomp profile is not enabled as it should – that’s why it happens to work. In later distributions where that’s fixed, you need to explicitly give the container any additional privileges that it requires.