Right, there is the obvious issue that most programs use at least glibc and are thus susceptible to say glibc being upgraded and using a new system call.
The other issue if one does use glibc is what happens when say a different NSS module is in use than the default, and so all of a sudden calling getpwuid_r() involves creating a TCP socket or something?
SELinux at least has high-level macros in the policy source, as well as runtime booleans that map to popular system configurations.
That's not to say seccomp is bad - it clearly makes sense to use in the way Chrome is using it. But generalizing out is much harder.