Security & supply chainDocker Engine 29.4.3 moves the 'Copy Fail' mitigation off seccomp after the first fix broke 32-bit containers
Docker's default profile now uses AppArmor and SELinux to block the AF_ALG socket path that CVE-2026-31431 exploits, after a seccomp-only fix in 29.4.2 broke i386 binaries, Go 386 builds and Wine. The kernel patch is still the real fix; on Ubuntu it has not landed yet.