diff --git a/openssh-6.5p1-seccomp_getuid.patch b/openssh-6.5p1-seccomp_getuid.patch
new file mode 100644
index 0000000..e10209e
--- /dev/null
+++ b/openssh-6.5p1-seccomp_getuid.patch
@@ -0,0 +1,29 @@
+# HG changeset patch
+# Parent d625afd0d51ac51161b25728bc2f227c098fa0fb
+add 'getuid' syscall to list of allowed ones to prevent the sanboxed thread
+from being killed by the seccomp filter
+
+diff --git a/openssh-6.5p1/sandbox-seccomp-filter.c b/openssh-6.5p1/sandbox-seccomp-filter.c
+--- a/openssh-6.5p1/sandbox-seccomp-filter.c
++++ b/openssh-6.5p1/sandbox-seccomp-filter.c
+@@ -85,16 +85,20 @@ static const struct sock_filter preauth_
+ 		offsetof(struct seccomp_data, arch)),
+ 	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SECCOMP_AUDIT_ARCH, 1, 0),
+ 	BPF_STMT(BPF_RET+BPF_K, SECCOMP_FILTER_FAIL),
+ 	/* Load the syscall number for checking. */
+ 	BPF_STMT(BPF_LD+BPF_W+BPF_ABS,
+ 		offsetof(struct seccomp_data, nr)),
+ 	SC_DENY(open, EACCES),
+ 	SC_ALLOW(getpid),
++	SC_ALLOW(getuid),
++#ifdef __NR_getuid32
++	SC_ALLOW(getuid32),
++#endif
+ 	SC_ALLOW(gettimeofday),
+ 	SC_ALLOW(clock_gettime),
+ #ifdef __NR_time /* not defined on EABI ARM */
+ 	SC_ALLOW(time),
+ #endif
+ 	SC_ALLOW(read),
+ 	SC_ALLOW(write),
+ 	SC_ALLOW(close),
diff --git a/openssh.changes b/openssh.changes
index 5c78c3a..18287b1 100644
--- a/openssh.changes
+++ b/openssh.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Feb 18 12:56:31 UTC 2014 - pcerny@suse.com
+
+- openssh-6.5p1-seccomp_getuid.patch: re-enabling the seccomp sandbox
+  (allowing use of the getuid syscall) (bnc#864171)
+
 -------------------------------------------------------------------
 Wed Feb 12 01:24:16 UTC 2014 - pcerny@suse.com
 
diff --git a/openssh.spec b/openssh.spec
index 1fdb4e0..a39f50e 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -142,6 +142,7 @@ Patch31:        openssh-6.5p1-no_fork-no_pid_file.patch
 Patch32:        openssh-6.5p1-host_ident.patch
 Patch33:        openssh-6.5p1-sftp_homechroot.patch
 Patch34:        openssh-6.5p1-sftp_force_permissions.patch
+Patch35:        openssh-6.5p1-seccomp_getuid.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
@@ -201,6 +202,7 @@ Helper applications for OpenSSH which retrieve keys from various sources.
 %patch32 -p2
 %patch33 -p2
 %patch34 -p2
+%patch35 -p2
 cp %{SOURCE3} %{SOURCE4} .
 
 %build