diff --git a/backport-seccomp-util-include-missing_syscall_def.h-to-make-__SNR_foo-mapped.patch b/backport-seccomp-util-include-missing_syscall_def.h-to-make-__SNR_foo-mapped.patch
new file mode 100644
index 0000000..051de09
--- /dev/null
+++ b/backport-seccomp-util-include-missing_syscall_def.h-to-make-__SNR_foo-mapped.patch
@@ -0,0 +1,71 @@
+From ddf73c98fcf094201dc813b33765e4eed74e25c5 Mon Sep 17 00:00:00 2001
+From: zhaoxiaohu <zhaoxiaohu@kuaishou.com>
+Date: Wed, 31 Jul 2024 10:24:26 +0800
+Subject: [PATCH] seccomp-util: include missing_syscall_def.h to make __SNR_foo 
+ mapped to __NR_foo
+
+Fixes #21969.
+
+Reference: https://github.com/systemd/systemd/pull/21970/commits/e83156c264d149e8f92f05b4d777317824a430f1
+
+Signed-off-by: zhaoxiaohu <zhaoxiaohu@kuaishou.com>
+Signed-off-by: yuwang <yuwang@kuaishou.com>
+---
+ src/shared/seccomp-util.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
+index ccfa4cc..9e0d415 100644
+--- a/src/shared/seccomp-util.c
++++ b/src/shared/seccomp-util.c
+@@ -3,13 +3,16 @@
+ #include <errno.h>
+ #include <fcntl.h>
+ #include <linux/seccomp.h>
+-#include <seccomp.h>
+ #include <stddef.h>
+ #include <sys/mman.h>
+ #include <sys/prctl.h>
+ #include <sys/shm.h>
+ #include <sys/stat.h>
+ 
++/* include missing_syscall_def.h earlier to make __SNR_foo mapped to __NR_foo. */
++#include "missing_syscall_def.h"
++#include <seccomp.h>
++
+ #include "af-list.h"
+ #include "alloc-util.h"
+ #include "env-util.h"
+@@ -1736,13 +1739,11 @@ int seccomp_memory_deny_write_execute(void) {
+                 if (r < 0)
+                         continue;
+ 
+-#ifdef __NR_pkey_mprotect
+                 r = add_seccomp_syscall_filter(seccomp, arch, SCMP_SYS(pkey_mprotect),
+                                                1,
+                                                SCMP_A2(SCMP_CMP_MASKED_EQ, PROT_EXEC, PROT_EXEC));
+                 if (r < 0)
+                         continue;
+-#endif
+ 
+                 if (shmat_syscall > 0) {
+                         r = add_seccomp_syscall_filter(seccomp, arch, shmat_syscall,
+@@ -2063,7 +2064,6 @@ static int seccomp_restrict_sxid(scmp_filter_ctx seccomp, mode_t m) {
+         else
+                 any = true;
+ 
+-#if SCMP_SYS(open) > 0
+         r = seccomp_rule_add_exact(
+                         seccomp,
+                         SCMP_ACT_ERRNO(EPERM),
+@@ -2075,7 +2075,6 @@ static int seccomp_restrict_sxid(scmp_filter_ctx seccomp, mode_t m) {
+                 log_debug_errno(r, "Failed to add filter for open: %m");
+         else
+                 any = true;
+-#endif
+ 
+         r = seccomp_rule_add_exact(
+                         seccomp,
+-- 
+2.33.0
+
diff --git a/disable-systemd-timesyncd-networkd-resolved-homed-us.patch b/disable-systemd-timesyncd-networkd-resolved-homed-us.patch
deleted file mode 100644
index 8c0381e..0000000
--- a/disable-systemd-timesyncd-networkd-resolved-homed-us.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 72e9c079d0fd769d1bdb7d7db9c49454ce4bd255 Mon Sep 17 00:00:00 2001
-From: licunlong <licunlong1@huawei.com>
-Date: Wed, 1 Dec 2021 17:27:07 +0800
-Subject: [PATCH] disable systemd-{timesyncd, networkd, resolved, homed,
- userdbd, pstore} by default
-
----
- presets/90-systemd.preset | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/presets/90-systemd.preset b/presets/90-systemd.preset
-index d260874..2a7396c 100644
---- a/presets/90-systemd.preset
-+++ b/presets/90-systemd.preset
-@@ -16,12 +16,6 @@ enable remote-cryptsetup.target
- enable machines.target
- 
- enable getty@.service
--enable systemd-timesyncd.service
--enable systemd-networkd.service
--enable systemd-resolved.service
--enable systemd-homed.service
--enable systemd-userdbd.socket
--enable systemd-pstore.service
- 
- disable console-getty.service
- disable debug-shell.service
-@@ -44,3 +38,9 @@ disable syslog.socket
- disable systemd-journal-gatewayd.*
- disable systemd-journal-remote.*
- disable systemd-journal-upload.*
-+disable systemd-timesyncd.service
-+disable systemd-networkd.service
-+disable systemd-resolved.service
-+disable systemd-homed.service
-+disable systemd-userdbd.socket
-+disable systemd-pstore.service
--- 
-2.23.0
-
diff --git a/systemd.spec b/systemd.spec
index 14fd269..f1823c8 100644
--- a/systemd.spec
+++ b/systemd.spec
@@ -25,7 +25,7 @@
 Name:           systemd
 Url:            https://systemd.io/
 Version:        249
-Release:        84
+Release:        85
 License:        MIT and LGPLv2+ and GPLv2+
 Summary:        System and Service Manager
 
@@ -678,6 +678,7 @@ Patch6625:      backport-core-do-not-GC-units-jobs-that-are-in-the-D-Bus-queu.pa
 Patch6626:      backport-Update-hwdb.patch
 Patch6627:      backport-sd-event-fix-fd-leak-when-fd-is-owned-by-IO-event-so.patch
 Patch6628:      backport-fix-cgtop-sscanf-return-code-checks.patch
+Patch6629:      backport-seccomp-util-include-missing_syscall_def.h-to-make-__SNR_foo-mapped.patch
 
 Patch9001:      update-rtc-with-system-clock-when-shutdown.patch
 Patch9002:      udev-add-actions-while-rename-netif-failed.patch
@@ -2192,6 +2193,9 @@ grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null &&
 /usr/bin/systemd-cryptenroll
 
 %changelog
+* Mon Aug 26 2024 fuanan <fuanan3@h-partners.com> - 249-85
+- add backport-seccomp-util-include-missing_syscall_def.h-to-make-__SNR_foo-mapped.patch
+
 * Thu Aug 1 2024 Han Jinpeng <hanjinpeng@kylinos.cn> - 249-84
 - backport: fix cgtop sscanf return code checks