During guadec someone was asking me how do we get flatpak-builder to work inside containers. I can't remember the handle/nickname of who it was, though I do remember the face, but the answer is that we are using a custom seccomp policy that we pass to podman/docker
Something like this:
--cap-drop all --security-opt seccomp=flatpak.seccomp.json
And the file is here: https://github.com/gnome-infra/ansible/blob/master/roles/gitlab-runner/files/flatpak.seccomp.json