diff --git a/virtio-devices/src/seccomp_filters.rs b/virtio-devices/src/seccomp_filters.rs
index c82fda5af..b7e4cd698 100644
--- a/virtio-devices/src/seccomp_filters.rs
+++ b/virtio-devices/src/seccomp_filters.rs
@@ -290,6 +290,13 @@ fn virtio_vhost_net_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> {
         allow_syscall(libc::SYS_futex),
         allow_syscall(libc::SYS_read),
         allow_syscall(libc::SYS_write),
+        allow_syscall(libc::SYS_close),
+        allow_syscall(libc::SYS_sigaltstack),
+        allow_syscall(libc::SYS_munmap),
+        #[cfg(target_arch = "aarch64")]
+        allow_syscall(libc::SYS_madvise),
+        #[cfg(target_arch = "aarch64")]
+        allow_syscall(libc::SYS_exit),
     ])
 }
 
@@ -304,6 +311,15 @@ fn virtio_vhost_net_ctl_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> {
         allow_syscall(libc::SYS_epoll_wait),
         allow_syscall(libc::SYS_futex),
         allow_syscall(libc::SYS_read),
+        allow_syscall(libc::SYS_close),
+        #[cfg(target_arch = "aarch64")]
+        allow_syscall(libc::SYS_sigaltstack),
+        #[cfg(target_arch = "aarch64")]
+        allow_syscall(libc::SYS_munmap),
+        #[cfg(target_arch = "aarch64")]
+        allow_syscall(libc::SYS_madvise),
+        #[cfg(target_arch = "aarch64")]
+        allow_syscall(libc::SYS_exit),
     ])
 }