diff --git a/debian/changelog b/debian/changelog
index de7aeb619..69f39fd9c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+rom-properties (2.4-1ppa6~oracular5) oracular; urgency=medium
+
+  * Add statx() to syscall whitelist to fix SIGSYS in amiiboc on armhf.
+
+ -- David Korth <gerbilsoft@gerbilsoft.com>  Tue, 12 Nov 2024 19:57:50 -0500
+
 rom-properties (2.4-1ppa6~oracular4) oracular; urgency=medium
 
   * rom-properties-gtk4: Depend on libromdata5, not libromdata2.
diff --git a/src/amiibo-data/amiiboc.cpp b/src/amiibo-data/amiiboc.cpp
index c32aed44d..5950ccf98 100644
--- a/src/amiibo-data/amiiboc.cpp
+++ b/src/amiibo-data/amiiboc.cpp
@@ -126,8 +126,7 @@ static int set_security_options(void)
 #elif defined(HAVE_SECCOMP)
 	static constexpr int syscall_wl[] = {
 		// Syscalls used by amiiboc.
-		SCMP_SYS(close), SCMP_SYS(fstat), SCMP_SYS(fstat64), // __GI___fxstat() [printf()]
-		SCMP_SYS(fstatat64), SCMP_SYS(newfstatat),           // Ubuntu 19.10 (32-bit)
+		SCMP_SYS(close),
 		SCMP_SYS(gettimeofday),                              // 32-bit only?
 		SCMP_SYS(lseek), SCMP_SYS(_llseek),
 		SCMP_SYS(open),   // Ubuntu 16.04
diff --git a/src/gtk/thumbnailer-dbus/rptsecure.c b/src/gtk/thumbnailer-dbus/rptsecure.c
index 2334c86bc..8b769f9cc 100644
--- a/src/gtk/thumbnailer-dbus/rptsecure.c
+++ b/src/gtk/thumbnailer-dbus/rptsecure.c
@@ -36,8 +36,6 @@ int rpt_do_security_options(void)
 		SCMP_SYS(close),
 		SCMP_SYS(dup),		// gzdopen()
 		SCMP_SYS(fcntl),     SCMP_SYS(fcntl64),		// gcc profiling
-		SCMP_SYS(fstat),     SCMP_SYS(fstat64),		// __GI___fxstat() [printf()]
-		SCMP_SYS(fstatat64), SCMP_SYS(newfstatat),	// Ubuntu 19.10 (32-bit)
 		SCMP_SYS(ftruncate),	// LibRpBase::RpFile::truncate() [from LibRpBase::RpPngWriterPrivate ctors]
 		SCMP_SYS(ftruncate64),
 		SCMP_SYS(futex),	// iconv_open(), dlopen()
@@ -66,11 +64,6 @@ int rpt_do_security_options(void)
 		// NOTE: Only seems to get triggered on PowerPC...
 		SCMP_SYS(clock_gettime), SCMP_SYS(clock_gettime64),
 
-#if defined(__SNR_statx) || defined(__NR_statx)
-		SCMP_SYS(getcwd),	// called by glibc's statx()
-		SCMP_SYS(statx),
-#endif /* __SNR_statx || __NR_statx */
-
 		// glibc ncsd
 		// TODO: Restrict connect() to AF_UNIX.
 		SCMP_SYS(connect), SCMP_SYS(recvmsg), SCMP_SYS(sendto),
diff --git a/src/librpbase/tests/gtest_init.cpp b/src/librpbase/tests/gtest_init.cpp
index 11fe21698..129e708d3 100644
--- a/src/librpbase/tests/gtest_init.cpp
+++ b/src/librpbase/tests/gtest_init.cpp
@@ -49,8 +49,6 @@ int RP_C_API _tmain(int argc, TCHAR *argv[])
 		SCMP_SYS(clock_gettime64),
 #endif /* __SNR_clock_gettime64 || __NR_clock_gettime64 */
 		SCMP_SYS(fcntl),     SCMP_SYS(fcntl64),		// gcc profiling
-		SCMP_SYS(fstat),     SCMP_SYS(fstat64),		// __GI___fxstat() [printf()]
-		SCMP_SYS(fstatat64), SCMP_SYS(newfstatat),	// Ubuntu 19.10 (32-bit)
 		SCMP_SYS(futex),	// iconv_open()
 		SCMP_SYS(gettimeofday),	// 32-bit only? [testing::internal::GetTimeInMillis()]
 		SCMP_SYS(mmap),		// iconv_open()
@@ -89,11 +87,6 @@ int RP_C_API _tmain(int argc, TCHAR *argv[])
 		// TODO: Restrict connect() to AF_UNIX.
 		SCMP_SYS(connect), SCMP_SYS(recvmsg), SCMP_SYS(sendto),
 
-#if defined(__SNR_statx) || defined(__NR_statx)
-		//SCMP_SYS(getcwd),	// called by glibc's statx() [referenced above]
-		SCMP_SYS(statx),
-#endif /* __SNR_statx || __NR_statx */
-
 		// for posix_fadvise()
 		SCMP_SYS(fadvise64), SCMP_SYS(fadvise64_64),
 		SCMP_SYS(arm_fadvise64_64),	// CPU-specific syscall for Linux on 32-bit ARM
diff --git a/src/librpsecure/os-secure_linux.c b/src/librpsecure/os-secure_linux.c
index eab441eb2..98f81cf34 100644
--- a/src/librpsecure/os-secure_linux.c
+++ b/src/librpsecure/os-secure_linux.c
@@ -85,6 +85,16 @@ int rp_secure_enable(rp_secure_param_t param)
 		__NR_faccessat2		// Required for Gentoo's sandbox (amiiboc)
 #endif /* __SNR_faccessat2 || __NR_faccessat2 */
 
+		// stat()
+		SCMP_SYS(fstat), SCMP_SYS(fstat64), 		// __GI___fxstat() [printf()]
+		SCMP_SYS(fstatat64), SCMP_SYS(newfstatat),	// Ubuntu 19.10 (32-bit)
+
+#if defined(__SNR_statx) || defined(__NR_statx)
+		// statx()
+		SCMP_SYS(getcwd),	// called by glibc's statx()
+		SCMP_SYS(statx),
+#endif /* __SNR_statx || __NR_statx */
+
 		// restart_syscall() is called by glibc to restart
 		// certain syscalls if they're interrupted.
 		SCMP_SYS(restart_syscall),
diff --git a/src/rp-download/rp-download.cpp b/src/rp-download/rp-download.cpp
index 4f9997b5e..0cab3cafc 100644
--- a/src/rp-download/rp-download.cpp
+++ b/src/rp-download/rp-download.cpp
@@ -255,8 +255,6 @@ int RP_C_API _tmain(int argc, TCHAR *argv[])
 		SCMP_SYS(close),
 		SCMP_SYS(fcntl),     SCMP_SYS(fcntl64),		// gcc profiling
 		SCMP_SYS(fsetxattr),
-		SCMP_SYS(fstat),     SCMP_SYS(fstat64),		// __GI___fxstat() [printf()]
-		SCMP_SYS(fstatat64), SCMP_SYS(newfstatat),	// Ubuntu 19.10 (32-bit)
 		SCMP_SYS(futex),
 		SCMP_SYS(getdents), SCMP_SYS(getdents64),
 		SCMP_SYS(getppid),	// for bubblewrap verification
@@ -279,11 +277,6 @@ int RP_C_API _tmain(int argc, TCHAR *argv[])
 		SCMP_SYS(unlink),	// to delete expired cache files
 		SCMP_SYS(utimensat),
 
-#if defined(__SNR_statx) || defined(__NR_statx)
-		SCMP_SYS(getcwd),	// called by glibc's statx()
-		SCMP_SYS(statx),
-#endif /* __SNR_statx || __NR_statx */
-
 		// glibc ncsd
 		// TODO: Restrict connect() to AF_UNIX.
 		SCMP_SYS(connect), SCMP_SYS(recvmsg), SCMP_SYS(sendto),
diff --git a/src/rp-stub/rp-stub_secure.c b/src/rp-stub/rp-stub_secure.c
index 3b56d93c9..45cc74e6b 100644
--- a/src/rp-stub/rp-stub_secure.c
+++ b/src/rp-stub/rp-stub_secure.c
@@ -47,8 +47,6 @@ int rp_stub_do_security_options(bool config)
 
 		// dlopen()
 		SCMP_SYS(fcntl),     SCMP_SYS(fcntl64),		// gcc profiling
-		SCMP_SYS(fstat),     SCMP_SYS(fstat64),		// __GI___fxstat() [printf()]
-		SCMP_SYS(fstatat64), SCMP_SYS(newfstatat),	// Ubuntu 19.10 (32-bit)
 		SCMP_SYS(gettimeofday),	// 32-bit only?
 		SCMP_SYS(mmap),
 		SCMP_SYS(mmap2),	// might only be needed on i386...
@@ -78,11 +76,6 @@ int rp_stub_do_security_options(bool config)
 
 		SCMP_SYS(getppid),	// dll-search.c: walk_proc_tree()
 
-#if defined(__SNR_statx) || defined(__NR_statx)
-		SCMP_SYS(getcwd),	// called by glibc's statx()
-		SCMP_SYS(statx),
-#endif /* __SNR_statx || __NR_statx */
-
 		// ConfReader checks timestamps between rpcli runs.
 		// NOTE: Only seems to get triggered on PowerPC...
 		SCMP_SYS(clock_gettime), SCMP_SYS(clock_gettime64),
diff --git a/src/rpcli/rpcli_secure.c b/src/rpcli/rpcli_secure.c
index 2c97d392e..b1c8b61a1 100644
--- a/src/rpcli/rpcli_secure.c
+++ b/src/rpcli/rpcli_secure.c
@@ -36,8 +36,6 @@ int rpcli_do_security_options(void)
 		SCMP_SYS(close),
 		SCMP_SYS(dup),		// gzdopen()
 		SCMP_SYS(fcntl),     SCMP_SYS(fcntl64),		// gcc profiling
-		SCMP_SYS(fstat),     SCMP_SYS(fstat64),		// __GI___fxstat() [printf()]
-		SCMP_SYS(fstatat64), SCMP_SYS(newfstatat),	// Ubuntu 19.10 (32-bit)
 		SCMP_SYS(ftruncate),	// LibRpBase::RpFile::truncate() [from LibRpBase::RpPngWriterPrivate ctors]
 		SCMP_SYS(ftruncate64),
 		SCMP_SYS(futex),
@@ -69,11 +67,6 @@ int rpcli_do_security_options(void)
 		__NR_clock_gettime64,
 #endif /* __SNR_clock_gettime64 || __NR_clock_gettime64 */
 
-#if defined(__SNR_statx) || defined(__NR_statx)
-		SCMP_SYS(getcwd),	// called by glibc's statx()
-		SCMP_SYS(statx),
-#endif /* __SNR_statx || __NR_statx */
-
 		// glibc ncsd
 		// TODO: Restrict connect() to AF_UNIX.
 		SCMP_SYS(connect), SCMP_SYS(recvmsg), SCMP_SYS(sendto),