diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go
index 7fd311db429..0d3ba02d77d 100644
--- a/libcontainer/configs/config.go
+++ b/libcontainer/configs/config.go
@@ -33,9 +33,10 @@ type Seccomp struct {
 type Action int
 
 const (
-	Kill Action = iota - 4
+	Kill Action = iota - 5
 	Errno
 	Trap
+	Trace
 	Allow
 )
 
diff --git a/libcontainer/seccomp/config.go b/libcontainer/seccomp/config.go
index 8bac3357b23..f0d062ab81f 100644
--- a/libcontainer/seccomp/config.go
+++ b/libcontainer/seccomp/config.go
@@ -47,6 +47,8 @@ func ConvertStringToAction(in string) (configs.Action, error) {
 		return configs.Trap, nil
 	case "SCMP_ACT_ALLOW":
 		return configs.Allow, nil
+	case "SCMP_ACT_TRACE":
+		return configs.Trace, nil
 	default:
 		return 0, fmt.Errorf("string %s is not a valid action for seccomp", in)
 	}
diff --git a/libcontainer/seccomp/seccomp_linux.go b/libcontainer/seccomp/seccomp_linux.go
index 1e9ccf8f2db..edb2f0220ad 100644
--- a/libcontainer/seccomp/seccomp_linux.go
+++ b/libcontainer/seccomp/seccomp_linux.go
@@ -15,6 +15,7 @@ var (
 	actAllow = libseccomp.ActAllow
 	actTrap  = libseccomp.ActTrap
 	actKill  = libseccomp.ActKill
+	actTrace = libseccomp.ActTrace.SetReturnCode(int16(syscall.EPERM))
 	actErrno = libseccomp.ActErrno.SetReturnCode(int16(syscall.EPERM))
 )
 
@@ -81,6 +82,8 @@ func getAction(act configs.Action) (libseccomp.ScmpAction, error) {
 		return actErrno, nil
 	case configs.Trap:
 		return actTrap, nil
+	case configs.Trace:
+		return actTrace, nil
 	case configs.Allow:
 		return actAllow, nil
 	default: