diff --git a/default.conf b/default.conf
index f8f6814..f1b656e 100644
--- a/default.conf
+++ b/default.conf
@@ -14,7 +14,7 @@ lxc.pivotdir = lxc_putold
 
 # Blacklist some syscalls which are not safe in privileged
 # containers
-lxc.seccomp = /usr/share/lxc/config/common.seccomp
+lxc.seccomp = /etc/lxc/default.seccomp
 
 lxc.network.type = veth
 lxc.network.link = br0
diff --git a/default.seccomp b/default.seccomp
new file mode 100644
index 0000000..cc17d95
--- /dev/null
+++ b/default.seccomp
@@ -0,0 +1,13 @@
+2
+blacklist
+reject_force_umount  # comment this to allow umount -f;  not recommended
+[all]
+kexec_load errno 1
+open_by_handle_at errno 1
+init_module errno 1
+finit_module errno 1
+delete_module errno 1
+iopl errno 1
+ioperm errno 1
+swapon errno 1
+swapoff errno 1