diff --git a/common/flatpak-run.c b/common/flatpak-run.c
index 888f7f90..0a7fb28c 100644
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
@@ -3026,6 +3026,11 @@ setup_seccomp (GPtrArray  *argv_array,
     /* Don't allow reading current quota use */
     {SCMP_SYS (quotactl)},
 
+    /* Don't allow access to the kernel keyring */
+    {SCMP_SYS (add_key)},
+    {SCMP_SYS (keyctl)},
+    {SCMP_SYS (request_key)},
+
     /* Scary VM/NUMA ops */
     {SCMP_SYS (move_pages)},
     {SCMP_SYS (mbind)},