diff --git a/generate/seccomp/seccomp_default.go b/generate/seccomp/seccomp_default.go
index 12bc44d6..caf9b5c2 100644
--- a/generate/seccomp/seccomp_default.go
+++ b/generate/seccomp/seccomp_default.go
@@ -513,7 +513,7 @@ func DefaultProfile(rs *specs.Spec) *rspec.LinuxSeccomp {
 				Args: []rspec.LinuxSeccompArg{
 					{
 						Index:    sysCloneFlagsIndex,
-						Value:    CloneNewNS | CloneNewUTS | CloneNewIPC | CloneNewUser | CloneNewPID | CloneNewNet,
+						Value:    CloneNewNS | CloneNewUTS | CloneNewIPC | CloneNewUser | CloneNewPID | CloneNewNet | CloneNewCgroup,
 						ValueTwo: 0,
 						Op:       rspec.OpMaskedEqual,
 					},
diff --git a/generate/seccomp/seccomp_default_linux.go b/generate/seccomp/seccomp_default_linux.go
index 93472fba..5ca9a6da 100644
--- a/generate/seccomp/seccomp_default_linux.go
+++ b/generate/seccomp/seccomp_default_linux.go
@@ -3,14 +3,15 @@
 
 package seccomp
 
-import "syscall"
+import "golang.org/x/sys/unix"
 
 // System values passed through on linux
 const (
-	CloneNewIPC  = syscall.CLONE_NEWIPC
-	CloneNewNet  = syscall.CLONE_NEWNET
-	CloneNewNS   = syscall.CLONE_NEWNS
-	CloneNewPID  = syscall.CLONE_NEWPID
-	CloneNewUser = syscall.CLONE_NEWUSER
-	CloneNewUTS  = syscall.CLONE_NEWUTS
+	CloneNewIPC    = unix.CLONE_NEWIPC
+	CloneNewNet    = unix.CLONE_NEWNET
+	CloneNewNS     = unix.CLONE_NEWNS
+	CloneNewPID    = unix.CLONE_NEWPID
+	CloneNewUser   = unix.CLONE_NEWUSER
+	CloneNewUTS    = unix.CLONE_NEWUTS
+	CloneNewCgroup = unix.CLONE_NEWCGROUP
 )