I would like to catch any violations of prohibited systemcalls a container, started with a seccomp profile, executed. For example, my profile defines chown as blocked, which is also prevented within the container. Now, I would like to log if a container tries to execute such system calls.
I found Sysdig which may help, but seems unnecessary as seccomp should be able to enable some kind of logging. I just cannot find out how to log blocked syscalls from the container in host.