diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index b3495c9785..f138dedacf 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1505,6 +1505,10 @@
                 <entry>@resources</entry>
                 <entry>System calls for changing resource limits, memory and scheduling parameters (<citerefentry project='man-pages'><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>setpriority</refentrytitle><manvolnum>2</manvolnum></citerefentry>, …)</entry>
               </row>
+              <row>
+                <entry>@setuid</entry>
+                <entry>System calls for changing user ID and group ID credentials, (<citerefentry project='man-pages'><refentrytitle>setuid</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>setgid</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>setresuid</refentrytitle><manvolnum>2</manvolnum></citerefentry>, …)</entry>
+              </row>
               <row>
                 <entry>@swap</entry>
                 <entry>System calls for enabling/disabling swap devices (<citerefentry project='man-pages'><refentrytitle>swapon</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>swapoff</refentrytitle><manvolnum>2</manvolnum></citerefentry>)</entry>
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 147b1b2ab2..e80d98ea0c 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -639,6 +639,25 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "sched_setattr\0"
                 "prlimit64\0"
         },
+        [SYSCALL_FILTER_SET_SETUID] = {
+                .name = "@setuid",
+                .help = "Operations for changing user/group credentials",
+                .value =
+                "setgid32\0"
+                "setgid\0"
+                "setgroups32\0"
+                "setgroups\0"
+                "setregid32\0"
+                "setregid\0"
+                "setresgid32\0"
+                "setresgid\0"
+                "setresuid32\0"
+                "setresuid\0"
+                "setreuid32\0"
+                "setreuid\0"
+                "setuid32\0"
+                "setuid\0"
+        },
         [SYSCALL_FILTER_SET_SWAP] = {
                 .name = "@swap",
                 .help = "Enable/disable swap devices",
diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h
index 596539e8f5..f6b6889460 100644
--- a/src/shared/seccomp-util.h
+++ b/src/shared/seccomp-util.h
@@ -58,6 +58,7 @@ enum {
         SYSCALL_FILTER_SET_RAW_IO,
         SYSCALL_FILTER_SET_REBOOT,
         SYSCALL_FILTER_SET_RESOURCES,
+        SYSCALL_FILTER_SET_SETUID,
         SYSCALL_FILTER_SET_SWAP,
         _SYSCALL_FILTER_SET_MAX
 };