--- a/configure.ac

+++ b/configure.ac

@@ -764,9 +764,12 @@ main() { if (NSVersionOfRunTimeLibrary("

 	i*86-*)

 		seccomp_audit_arch=AUDIT_ARCH_I386

 		;;

-        arm*-*)

+	aarch64*-*)

+		seccomp_audit_arch=AUDIT_ARCH_AARCH64

+		;;

+	arm*-*)

 		seccomp_audit_arch=AUDIT_ARCH_ARM

-                ;;

+		;;

 	esac

 	if test "x$seccomp_audit_arch" != "x" ; then

 		AC_MSG_RESULT(["$seccomp_audit_arch"])

diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c

index 095b04a..59c3682 100644

--- a/sandbox-seccomp-filter.c

+++ b/sandbox-seccomp-filter.c

@@ -90,8 +90,10 @@ static const struct sock_filter preauth_insns[] = {

 	/* Load the syscall number for checking. */

 	BPF_STMT(BPF_LD+BPF_W+BPF_ABS,

 		offsetof(struct seccomp_data, nr)),

-	SC_DENY(open, EACCES),

+	SC_DENY(openat, EACCES), /* no open() on AArch64 */

+#ifdef __NR_stat

 	SC_DENY(stat, EACCES),

+#endif

 	SC_ALLOW(getpid),

 	SC_ALLOW(gettimeofday),

 	SC_ALLOW(clock_gettime),

@@ -111,12 +113,16 @@ static const struct sock_filter preauth_insns[] = {

 	SC_ALLOW(shutdown),

 #endif

 	SC_ALLOW(brk),

+#ifdef __NR_poll /* Not available on AArch64 */

 	SC_ALLOW(poll),

+#endif

 #ifdef __NR__newselect

 	SC_ALLOW(_newselect),

 #else

+#ifdef __NR_select /* Not available on AArch64 */

 	SC_ALLOW(select),

 #endif

+#endif

 	SC_ALLOW(madvise),

 #ifdef __NR_mmap2 /* EABI ARM only has mmap2() */

 	SC_ALLOW(mmap2),