diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/use.mask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/use.mask
new file mode 100644
index 0000000000..1f68389902
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/use.mask
@@ -0,0 +1,2 @@
+# TODO(marineam): remove after portage-stable/profiles is updated.
+-seccomp
diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults
index 228ca622e9..36dbf9e60d 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults
@@ -32,6 +32,10 @@ USE="${USE} -zeroconf"
 # No need for OpenMP support in GCC and other apps
 USE="${USE} -openmp"
 
+# Test enabling seccomp globally prior to syncing other profile changes.
+# TODO(marineam): remove after portage-stable/profiles is updated.
+USE="${USE} seccomp"
+
 # Set SELinux policy
 POLICY_TYPES="targeted mcs mls"
 
diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use
index e6a81f1aac..1142d571d4 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use
@@ -41,7 +41,8 @@ app-shells/bash -net vanilla
 # disable nss utilities
 dev-libs/nss -utils
 
-# enable seccomp support in docker
-app-emulation/docker seccomp
-app-emulation/containerd seccomp
+# needed by docker
 sys-libs/libseccomp static-libs
+
+# bind-tools' configure script breaks when cross-compiling with seccomp enabled
+net-dns/bind-tools -seccomp