diff --git a/openssh-8.4p1-sandbox-seccomp.patch b/openssh-8.4p1-sandbox-seccomp.patch
new file mode 100644
index 0000000..ac4ee61
--- /dev/null
+++ b/openssh-8.4p1-sandbox-seccomp.patch
@@ -0,0 +1,14 @@
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index e0768c06..5065ae7e 100644
+--- a/sandbox-seccomp-filter.c
++++ b/sandbox-seccomp-filter.c
+@@ -267,6 +267,9 @@ static const struct sock_filter preauth_insns[] = {
+ #ifdef __NR_pselect6
+ 	SC_ALLOW(__NR_pselect6),
+ #endif
++#ifdef __NR_pselect6_time64
++	SC_ALLOW(__NR_pselect6_time64),
++#endif
+ #ifdef __NR_read
+ 	SC_ALLOW(__NR_read),
+ #endif
diff --git a/openssh.spec b/openssh.spec
index df39c02..a712857 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -197,6 +197,8 @@ Patch965: openssh-8.2p1-visibility.patch
 # Do not break X11 without IPv6
 Patch966: openssh-8.2p1-x11-without-ipv6.patch
 Patch967: openssh-8.4p1-ssh-copy-id.patch
+# https://bugzilla.mindrot.org/show_bug.cgi?id=3232
+Patch968: openssh-8.4p1-sandbox-seccomp.patch
 
 License: BSD
 Requires: /sbin/nologin
@@ -381,6 +383,7 @@ popd
 %patch965 -p1 -b .visibility
 %patch966 -p1 -b .x11-ipv6
 %patch967 -p1 -b .ssh-copy-id
+%patch968 -p1 -b .seccomp
 
 %patch200 -p1 -b .audit
 %patch201 -p1 -b .audit-race