This isn't specific to netlink. I removed the two rules from the seccomp filter and simplified it to just generally block socket(). I also simplified adding the arches so that only the non-native arch is added, not the native one. Note that adding the socket() filter *does* work on both arches if the non-native architecture does not get added, this only fails with adding x86_64 to the filter on i386.
This isn't specific to netlink. I removed the two rules from the seccomp filter and simplified it to just generally block socket(). I also simplified adding the arches so that only the non-native arch is added, not the native one. Note that adding the socket() filter *does* work on both arches if the non-native architecture does not get added, this only fails with adding x86_64 to the filter on i386.