suggesting --security-opt seccomp:unconfined is irresponsible

[b-jam]

Here it is recommended to disable docker seccomp in order to run athenapdf.

According to https://docs.docker.com/engine/security/seccomp/, name_to_handle_at syscall has a good reason to be blocked, that is - Cause of an old container breakout

Rather than suggest users to allow historic vulnerabilities, it makes sense to instead refactor not to use the name_to_handle_at syscall.
libudev is the culprit here, I'm not sure where that dependency is pulled in.

[cedws]

Container escapes are a dime a dozen anyway. It should not be used as a blast door for running untrusted or insecure software.