diff --git a/backport-sys_linux-allow-clone3-and-pread64-in-secco.patch b/backport-sys_linux-allow-clone3-and-pread64-in-secco.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ab61de8aa35e31c443fbe382b1975c420b8cc156
--- /dev/null
+++ b/backport-sys_linux-allow-clone3-and-pread64-in-secco.patch
@@ -0,0 +1,37 @@
+From fbe60da9eba8f5968aeefce65fd6df3a3963587c Mon Sep 17 00:00:00 2001
+From: Miroslav Lichvar mlichvar@redhat.com
+Date: Mon Aug 9 11:48:21 2021 +0200
+Subject: [PATCH] sys_linux: allow clone3 and pread64 in seccomp filter
+
+ These seem to be needed with the latest glibc.
+
+Reference: https://github.com/mlichvar/chrony/commit/bbbd80bf03223f181d4abf5c8e5fe6136ab6129a.patch
+---
+ sys_linux.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/sys_linux.c b/sys_linux.c
+index 50c0843..2b53f72 100644
+--- a/sys_linux.c
++++ b/sys_linux.c
+@@ -503,6 +503,9 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
+ 
+     /* Process */
+     SCMP_SYS(clone),
++#ifdef __NR_clone3
++    SCMP_SYS(clone3),
++#endif
+     SCMP_SYS(exit),
+     SCMP_SYS(exit_group),
+     SCMP_SYS(getpid),
+@@ -595,6 +598,7 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
+ #ifdef __NR_ppoll_time64
+     SCMP_SYS(ppoll_time64),
+ #endif
++    SCMP_SYS(pread64),
+     SCMP_SYS(pselect6),
+ #ifdef __NR_pselect6_time64
+     SCMP_SYS(pselect6_time64),
+-- 
+2.27.0
+
diff --git a/chrony.spec b/chrony.spec
index 7294c87114aa42d6141627e917692e9fd914cc36..73915a057e88a3946fa806a7e918ae4d4a27247a 100644
--- a/chrony.spec
+++ b/chrony.spec
@@ -2,7 +2,7 @@
 
 Name:      chrony
 Version:   4.1
-Release:   2
+Release:   3
 Summary:   An NTP client/server
 License:   GPLv2
 URL:       https://chrony.tuxfamily.org
@@ -15,6 +15,8 @@ Patch1:	   chrony-nm-dispatcher-dhcp.patch
 
 Patch6000: backport-rework-command-and-limit-the-length-of-command.patch
 
+Patch6001: backport-sys_linux-allow-clone3-and-pread64-in-secco.patch
+
 BuildRequires: gcc gcc-c++ bison systemd libcap-devel libedit-devel nettle-devel pps-tools-devel libseccomp-devel
 
 Requires:      shadow-utils systemd timedatex
@@ -33,6 +35,7 @@ service to other computers in the network.
 %setup -q -n  %{name}-%{version} -a 6
 %patch1 -p1
 %patch6000 -p1
+%patch6001 -p1
 mv clknetsim-%{clknetsim_ver}* test/simulation/clknetsim
 
 %build
@@ -139,6 +142,12 @@ fi
 %{_mandir}/man[158]/%{name}*.[158]*
 
 %changelog
+* Fri Dec 23 2022 yaoguangzhong <yaoguangzhong@xfusion.com> - 4.1-3
+- Type:bugfix
+- Id:NA
+- SUG:NA
+- DESC:fix chrony to synchronize system clock
+
 * Tue Oct 18 2022 chengyechun <chengyechun1@huawei.com> - 4.1-2
 - Type:bugfix
 - Id:NA