diff --git a/repos/base-linux/src/lib/seccomp/spec/arm_64/seccomp_bpf_policy.bin b/repos/base-linux/src/lib/seccomp/spec/arm_64/seccomp_bpf_policy.bin
index 74cef5c6a7..2c0bd1ded4 100644
Binary files a/repos/base-linux/src/lib/seccomp/spec/arm_64/seccomp_bpf_policy.bin and b/repos/base-linux/src/lib/seccomp/spec/arm_64/seccomp_bpf_policy.bin differ
diff --git a/tool/seccomp/seccomp_bpf_compiler.h b/tool/seccomp/seccomp_bpf_compiler.h
index 389b0e8e79..e0ed9db5f9 100644
--- a/tool/seccomp/seccomp_bpf_compiler.h
+++ b/tool/seccomp/seccomp_bpf_compiler.h
@@ -205,6 +205,9 @@ class Filter
 						_add_allow_rule(SCMP_SYS(mmap));
 						_add_allow_rule(SCMP_SYS(cacheflush));
 						_add_allow_rule(SCMP_SYS(sigreturn));
+
+						/* returning from signal handlers is safe */
+						_add_allow_rule(SCMP_SYS(rt_sigreturn));
 					}
 					break;
 				default: