docs: update seccomp documentation with OCI format example

Replace outdated TODO comment with accurate information about runc's seccomp support.
Add OCI seccomp format example and explain conversion to libcontainer format.

This provides users with a practical starting point for creating
custom seccomp configurations using the correct OCI format.

Signed-off-by: Osama Abdelkader <[email protected]>

Author: osamakader

libcontainer/SPEC.md

@@ -367,7 +367,55 @@ profile <profile_name> flags=(attach_disconnected,mediate_deleted) {
 }
 ```
 
-*TODO: seccomp work is being done to find a good default config*
+*Seccomp filtering is supported, users can provide their own seccomp profile*
+
+**Example OCI seccomp profile:**
+An example OCI seccomp profile based on Podman's default configuration is available at:
+https://github.com/containers/common/blob/main/pkg/seccomp/seccomp.json
+
+Note: This is an OCI seccomp profile. Runc converts OCI seccomp profiles to libcontainer format
+using the `SetupSeccomp` function in `libcontainer/specconv/spec_linux.go`.
+
+**Example OCI seccomp format:**
+```json
+{
+  "defaultAction": "SCMP_ACT_ERRNO",
+  "architectures": [
+    "SCMP_ARCH_X86_64",
+    "SCMP_ARCH_X86",
+    "SCMP_ARCH_X32"
+  ],
+  "syscalls": [
+    {
+      "names": [
+        "accept",
+        "accept4",
+        "access",
+        "bind",
+        "brk",
+        "chdir",
+        "chmod",
+        "chown",
+        "close",
+        "connect",
+        "execve",
+        "exit",
+        "exit_group",
+        "fork",
+        "getpid",
+        "getppid",
+        "listen",
+        "open",
+        "read",
+        "write"
+      ],
+      "action": "SCMP_ACT_ALLOW"
+    }
+  ]
+}
+```
+
+This profile can be used as a starting point for creating custom seccomp configurations.
 
 ### Runtime and Init Process