Block stime in default seccomp profile

The stime syscall is a legacy syscall on some architectures
to set the clock, should be blocked as time is not namespaced.

Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>

daemon/execdriver/native/seccomp_default.go

@@ -280,6 +280,12 @@ var defaultSeccompProfile = &configs.Seccomp{
 			Action: configs.Errno,
 			Args:   []*configs.Arg{},
 		},
+		{
+			// Time/Date is not namespaced
+			Name:   "stime",
+			Action: configs.Errno,
+			Args:   []*configs.Arg{},
+		},
 		{
 			// Deny start/stop swapping to file/device
 			Name:   "swapon",