diff --git a/Dockerfile b/Dockerfile
index 770d0ad..aa31586 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -32,6 +32,10 @@ ARG PODMAN_BUILDTAGS='seccomp selinux apparmor exclude_graphdriver_devicemapper
 ARG PODMAN_CGO=1
 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${PODMAN_VERSION} https://github.com/containers/podman src/github.com/containers/podman
 WORKDIR $GOPATH/src/github.com/containers/podman
+RUN set -eux; \
+	COMMON_VERSION=$(grep -Eom1 'github.com/containers/common [^ ]+' go.mod | sed 's!github.com/containers/common !!'); \
+	mkdir -p /etc/containers; \
+	curl -fsSL "https://raw.githubusercontent.com/containers/common/${COMMON_VERSION}/pkg/seccomp/seccomp.json" > /etc/containers/seccomp.json
 RUN set -ex; \
 	export CGO_ENABLED=$PODMAN_CGO; \
 	make bin/podman LDFLAGS_PODMAN="-s -w -extldflags '-static'" BUILDTAGS='${PODMAN_BUILDTAGS}'; \
@@ -186,3 +190,4 @@ RUN apk add --no-cache iptables ip6tables
 COPY --from=catatonit /catatonit/catatonit /usr/local/lib/podman/catatonit
 COPY --from=runc   /usr/local/bin/runc   /usr/local/bin/runc
 COPY --from=aardvark-dns /aardvark-dns/target/release/aardvark-dns /usr/local/lib/podman/aardvark-dns
+COPY --from=podman /etc/containers/seccomp.json /etc/containers/seccomp.json
diff --git a/Makefile b/Makefile
index f4cb525..ee4f2ff 100644
--- a/Makefile
+++ b/Makefile
@@ -101,10 +101,10 @@ tar: .podman-from-container
 .podman-from-container: podman
 	rm -rf $(ASSET_DIR)
 	mkdir -p $(ASSET_DIR)/etc $(ASSET_DIR)/usr/local
-	cp -r conf/containers $(ASSET_DIR)/etc/containers
-	cp README.md $(ASSET_DIR)/
+	cp -r $(IMAGE_ROOTFS)/etc/containers $(ASSET_DIR)/etc/containers
 	cp -r $(IMAGE_ROOTFS)/usr/local/lib $(ASSET_DIR)/usr/local/lib
 	cp -r $(IMAGE_ROOTFS)/usr/local/bin $(ASSET_DIR)/usr/local/bin
+	cp README.md $(ASSET_DIR)/
 
 signed-tar: tar .gpg
 	@echo Running gpg signing container with GPG_SIGN_KEY and GPG_SIGN_KEY_PASSPHRASE