CONFIG_HAVE_ARCH_SECCOMP_FILTER gets set if there is some code that is arch-specific. It doesn’t matter if this is y or n.
LXC_SECCOMP (seccomp supporting LXC) gets selected by default if KERNEL_SECCOMP is set.
KERNEL_SECCOMP seems to not be set by default. This makes sense for OpenWRT in general but hinders secure usage of LXC.
OpenWRT will never enable it by default as it costs some cpu time.
I’m trying to recompile OpenWRT with SECCOMP enabled for the ARMv6-RPI. This is based on the current (2 weeks old) development code for the Omnia and the 4.4 kernel from LEDE and some shortcuts like editing system headers.
There are still some build errors currently but these get ironed out or the packages disabled.