2 files changed, 7 insertions, 3 deletions

diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c
index fb02a345ab..a15f99ad76 100644
--- a/src/lib/sandbox/sandbox.c
+++ b/src/lib/sandbox/sandbox.c
@@ -252,6 +252,9 @@ static int filter_nopar_gen[] = {
     SCMP_SYS(sigreturn),
 #endif
     SCMP_SYS(stat),
+#if defined(__i386__) && defined(__NR_statx)
+    SCMP_SYS(statx),
+#endif
     SCMP_SYS(uname),
     SCMP_SYS(wait4),
     SCMP_SYS(write),
diff --git a/src/test/test_sandbox.c b/src/test/test_sandbox.c
index ab3356771f..7ec08a3546 100644
--- a/src/test/test_sandbox.c
+++ b/src/test/test_sandbox.c
@@ -332,12 +332,13 @@ struct testcase_t sandbox_tests[] = {
 
 /* Currently the sandbox is unable to filter stat() calls on systems where
  * glibc implements this function using either of the legacy "stat" or "stat64"
- * system calls, or where glibc version 2.33 or later is in use and the newer
- * "newfstatat" syscall is available.
+ * system calls, or (in glibc version 2.33 and later) either of the newer
+ * "newfstatat" or "statx" syscalls.
  *
  * Skip testing sandbox_cfg_allow_stat_filename() if it seems the likely the
  * function will have no effect and the test will therefore not succeed. */
-#if !defined(__NR_stat) && !defined(__NR_stat64) && !defined(__NR_newfstatat)
+#if !defined(__NR_stat) && !defined(__NR_stat64) && !defined(__NR_newfstatat) \
+  && !(defined(__i386__) && defined(__NR_statx))
   SANDBOX_TEST_IN_SANDBOX(stat_filename),
 #else
   SANDBOX_TEST_SKIPPED(stat_filename),