1 diff --git a/configure.ac b/configure.ac
2 index 4065d0e..d59ad44 100644
5 @@ -764,9 +764,12 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
7 seccomp_audit_arch=AUDIT_ARCH_I386
11 + seccomp_audit_arch=AUDIT_ARCH_AARCH64
14 seccomp_audit_arch=AUDIT_ARCH_ARM
18 if test "x$seccomp_audit_arch" != "x" ; then
19 AC_MSG_RESULT(["$seccomp_audit_arch"])
20 diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
21 index 095b04a..52f6810 100644
22 --- a/sandbox-seccomp-filter.c
23 +++ b/sandbox-seccomp-filter.c
24 @@ -90,8 +90,20 @@ static const struct sock_filter preauth_insns[] = {
25 /* Load the syscall number for checking. */
26 BPF_STMT(BPF_LD+BPF_W+BPF_ABS,
27 offsetof(struct seccomp_data, nr)),
28 - SC_DENY(open, EACCES),
29 - SC_DENY(stat, EACCES),
30 + SC_DENY(openat, EACCES),
32 + SC_DENY(open, EACCES), /* not on AArch64 */
35 + SC_DENY(fstat, EACCES), /* x86_64, Aarch64 */
37 +#if defined(__NR_stat64) && defined(__NR_fstat64)
38 + SC_DENY(stat64, EACCES), /* ix86, arm */
39 + SC_DENY(fstat64, EACCES),
41 +#ifdef __NR_newfstatat
42 + SC_DENY(newfstatat, EACCES), /* Aarch64 */
45 SC_ALLOW(gettimeofday),
46 SC_ALLOW(clock_gettime),
47 @@ -111,12 +123,19 @@ static const struct sock_filter preauth_insns[] = {
51 +#ifdef __NR_poll /* not on AArch64 */
54 #ifdef __NR__newselect
57 +#ifdef __NR_select /* not on AArch64 */
60 +#ifdef __NR_pselect6 /* AArch64 */
65 #ifdef __NR_mmap2 /* EABI ARM only has mmap2() */