Additionally, this had big implications for cloud providers. If additional liabilities of data leaks are foisted on companies, insurance companies and corporate counsel may just say no more using amazon, google cloud, azure, etc.
More likely some agencies don't want their exploits to stop working.
I can understand a state agency keeping a security flaw a secret to exploit in the near term... but stockpiling for years only to let stuff leak eventually is just irresponsible.
Note: I'm not saying that I like state sponsored hacking, only that I understand it being a reality and pragmatically wish they struck a better balance.
Block everything except io is just one of its blocking mode.
And the list is even configurable. Docker do use such ability to filter out sys-calls that shouldn't be used in the container.