diff --git a/openssh-6.7p1-seccomp-aarch64.patch b/openssh-6.7p1-seccomp-aarch64.patch
new file mode 100644
index 0000000..e11905e
--- /dev/null
+++ b/openssh-6.7p1-seccomp-aarch64.patch
@@ -0,0 +1,50 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -764,9 +764,12 @@ main() { if (NSVersionOfRunTimeLibrary("
+ 	i*86-*)
+ 		seccomp_audit_arch=AUDIT_ARCH_I386
+ 		;;
+-        arm*-*)
++	aarch64*-*)
++		seccomp_audit_arch=AUDIT_ARCH_AARCH64
++		;;
++	arm*-*)
+ 		seccomp_audit_arch=AUDIT_ARCH_ARM
+-                ;;
++		;;
+ 	esac
+ 	if test "x$seccomp_audit_arch" != "x" ; then
+ 		AC_MSG_RESULT(["$seccomp_audit_arch"])
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index 095b04a..59c3682 100644
+--- a/sandbox-seccomp-filter.c
++++ b/sandbox-seccomp-filter.c
+@@ -90,8 +90,10 @@ static const struct sock_filter preauth_insns[] = {
+ 	/* Load the syscall number for checking. */
+ 	BPF_STMT(BPF_LD+BPF_W+BPF_ABS,
+ 		offsetof(struct seccomp_data, nr)),
+-	SC_DENY(open, EACCES),
++	SC_DENY(openat, EACCES), /* no open() on AArch64 */
++#ifdef __NR_stat
+ 	SC_DENY(stat, EACCES),
++#endif
+ 	SC_ALLOW(getpid),
+ 	SC_ALLOW(gettimeofday),
+ 	SC_ALLOW(clock_gettime),
+@@ -111,12 +113,16 @@ static const struct sock_filter preauth_insns[] = {
+ 	SC_ALLOW(shutdown),
+ #endif
+ 	SC_ALLOW(brk),
++#ifdef __NR_poll /* Not available on AArch64 */
+ 	SC_ALLOW(poll),
++#endif
+ #ifdef __NR__newselect
+ 	SC_ALLOW(_newselect),
+ #else
++#ifdef __NR_select /* Not available on AArch64 */
+ 	SC_ALLOW(select),
+ #endif
++#endif
+ 	SC_ALLOW(madvise),
+ #ifdef __NR_mmap2 /* EABI ARM only has mmap2() */
+ 	SC_ALLOW(mmap2),
diff --git a/openssh.spec b/openssh.spec
index bc83f23..3b04be5 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -215,6 +215,8 @@ Patch921: openssh-6.7p1-debian-restore-tcp-wrappers.patch
 Patch922: openssh-6.7p1-sshdT-output.patch
 # fix ssh-copy-id on non-sh shells (#1045191)
 Patch923: openssh-6.7p1-fix-ssh-copy-id-on-non-sh-shell.patch
+# AArch64 has seccomp support since 3.19 kernel (#1195065)
+Patch924: openssh-6.7p1-seccomp-aarch64.patch
 
 
 License: BSD
@@ -434,6 +436,7 @@ popd
 %patch921 -p1 -b .tcp_wrappers
 %patch922 -p1 -b .sshdt
 %patch923 -p1 -b .ssh-copy-id
+%patch924 -p1 -b .seccomp
 
 %patch200 -p1 -b .audit
 %patch700 -p1 -b .fips
@@ -509,7 +512,7 @@ fi
 %endif
 %if %{WITH_SELINUX}
 	--with-selinux --with-audit=linux \
-%ifarch %{ix86} x86_64 %{arm}
+%ifarch %{ix86} x86_64 %{arm} aarch64
 	--with-sandbox=seccomp_filter \
 %else
 	--with-sandbox=rlimit \