When calling seccomp_rule_add(), you must pass the native syscall number
even if the context is a 32-bit context.  So use resolve_name rather
than resolve_name_arch.

Enhance the check of /proc/self/status for Seccomp: so that we do not
enable seccomp policies if seccomp is not built into the kernel.  This
is needed before we can enable by-default seccomp policies (which we
want to do next)

Fix wrong return value check from seccomp_arch_exist, and remove
needless abstraction in arch handling.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>