diff --git a/profiles/seccomp/default.json b/profiles/seccomp/default.json
index dbf1fa86f1514..fbee6eac0e959 100644
--- a/profiles/seccomp/default.json
+++ b/profiles/seccomp/default.json
@@ -348,7 +348,6 @@
 				"signalfd4",
 				"sigprocmask",
 				"sigreturn",
-				"socket",
 				"socketcall",
 				"socketpair",
 				"splice",
@@ -417,6 +416,22 @@
 			},
 			"excludes": {}
 		},
+		{
+			"names": [
+				"socket"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [
+				{
+					"index": 0,
+					"value": 40,
+					"op": "SCMP_CMP_NE"
+				}
+			],
+			"comment": "",
+			"includes": {},
+			"excludes": {}
+		},
 		{
 			"names": [
 				"personality"
diff --git a/profiles/seccomp/default_linux.go b/profiles/seccomp/default_linux.go
index a7e2c8049ab15..3c06d520135d9 100644
--- a/profiles/seccomp/default_linux.go
+++ b/profiles/seccomp/default_linux.go
@@ -343,7 +343,6 @@ func DefaultProfile() *Seccomp {
 				"signalfd4",
 				"sigprocmask",
 				"sigreturn",
-				"socket",
 				"socketcall",
 				"socketpair",
 				"splice",
@@ -404,6 +403,17 @@ func DefaultProfile() *Seccomp {
 				MinKernel: &KernelVersion{4, 8},
 			},
 		},
+		{
+			Names:  []string{"socket"},
+			Action: specs.ActAllow,
+			Args: []*specs.LinuxSeccompArg{
+				{
+					Index: 0,
+					Value: unix.AF_VSOCK,
+					Op:    specs.OpNotEqual,
+				},
+			},
+		},
 		{
 			Names:  []string{"personality"},
 			Action: specs.ActAllow,