diff --git a/virtio-devices/src/seccomp_filters.rs b/virtio-devices/src/seccomp_filters.rs
index 02de8107d..1cbbb0c21 100644
--- a/virtio-devices/src/seccomp_filters.rs
+++ b/virtio-devices/src/seccomp_filters.rs
@@ -392,6 +392,7 @@ fn virtio_vsock_thread_rules() -> Vec<SyscallRuleSet> {
         #[cfg(feature = "mshv")]
         allow_syscall(libc::SYS_clock_gettime),
         allow_syscall(libc::SYS_close),
+        allow_syscall(libc::SYS_connect),
         allow_syscall(libc::SYS_dup),
         allow_syscall(libc::SYS_epoll_create1),
         allow_syscall(libc::SYS_epoll_ctl),
@@ -402,11 +403,13 @@ fn virtio_vsock_thread_rules() -> Vec<SyscallRuleSet> {
         allow_syscall_if(libc::SYS_ioctl, create_vsock_ioctl_seccomp_rule()),
         allow_syscall(libc::SYS_futex),
         allow_syscall(libc::SYS_madvise),
+        allow_syscall(libc::SYS_mmap),
         allow_syscall(libc::SYS_munmap),
         allow_syscall(libc::SYS_read),
         allow_syscall(libc::SYS_recvfrom),
         allow_syscall(libc::SYS_rt_sigprocmask),
         allow_syscall(libc::SYS_sigaltstack),
+        allow_syscall(libc::SYS_socket),
         allow_syscall(libc::SYS_write),
     ]
 }
diff --git a/vmm/src/seccomp_filters.rs b/vmm/src/seccomp_filters.rs
index 7ac71fd9f..23bf8351e 100644
--- a/vmm/src/seccomp_filters.rs
+++ b/vmm/src/seccomp_filters.rs
@@ -562,6 +562,7 @@ fn vcpu_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> {
         allow_syscall_if(libc::SYS_ioctl, create_vcpu_ioctl_seccomp_rule()?),
         allow_syscall(libc::SYS_lseek),
         allow_syscall(libc::SYS_madvise),
+        allow_syscall(libc::SYS_mmap),
         allow_syscall(libc::SYS_mprotect),
         allow_syscall(libc::SYS_munmap),
         allow_syscall(libc::SYS_nanosleep),