diff --git a/VERSION-vendor b/VERSION-vendor
index 23af16f9c0997e5a58a5fd4cc6e4e7430d9801a1..eaef1643e20c844a25134a90ea9bbdaf78ac5ae0 100644
--- a/VERSION-vendor
+++ b/VERSION-vendor
@@ -1 +1 @@
-18.09.0.267
+18.09.0.268
diff --git a/docker-engine-openeuler.spec b/docker-engine-openeuler.spec
index c7cb8eb2304201197e04a60f43306db4b92889b8..d96bf956817bb804e35743e032e5bb4f95c88e39 100644
--- a/docker-engine-openeuler.spec
+++ b/docker-engine-openeuler.spec
@@ -1,6 +1,6 @@
 Name: docker-engine
 Version: 18.09.0
-Release: 267
+Release: 268
 Epoch: 1
 Summary: The open-source application container engine
 Group: Tools/Docker
@@ -199,6 +199,12 @@ fi
 %endif
 
 %changelog
+* Fri Aug 02 2024 zhongjiawei<zhongjiawei1@huawei.com> - 1:18.09.0-268
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:add clone3 seccomp whitelist for arm64
+
 * Fri Jul 26 2024 zhongjiawei<zhongjiawei1@huawei.com> - 18.09.0-267
 - Type:CVE
 - CVE:CVE-2024-41110
diff --git a/patch/0278-docker-add-clone3-seccomp-whitelist-for-arm64.patch b/patch/0278-docker-add-clone3-seccomp-whitelist-for-arm64.patch
new file mode 100644
index 0000000000000000000000000000000000000000..282c7bb5bb414e7a0aa575049b5978b4aa4c0d36
--- /dev/null
+++ b/patch/0278-docker-add-clone3-seccomp-whitelist-for-arm64.patch
@@ -0,0 +1,41 @@
+From c2bc614038532cfbd1db9bfe8ff3949b1867a5c5 Mon Sep 17 00:00:00 2001
+From: zhongjiawei <zhongjiawei1@huawei.com>
+Date: Fri, 2 Aug 2024 16:26:00 +0800
+Subject: [PATCH] docker:add clone3 seccomp whitelist for arm64
+
+---
+ components/engine/profiles/seccomp/seccomp_default.go | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/components/engine/profiles/seccomp/seccomp_default.go b/components/engine/profiles/seccomp/seccomp_default.go
+index 2c670623..a90e441c 100644
+--- a/components/engine/profiles/seccomp/seccomp_default.go
++++ b/components/engine/profiles/seccomp/seccomp_default.go
+@@ -482,7 +482,6 @@ func DefaultProfile() *types.Seccomp {
+ 		{
+ 			Names: []string{
+ 				"modify_ldt",
+-				"clone3",
+ 			},
+ 			Action: types.ActAllow,
+ 			Args:   []*types.Arg{},
+@@ -490,6 +489,16 @@ func DefaultProfile() *types.Seccomp {
+ 				Arches: []string{"amd64", "x32", "x86"},
+ 			},
+ 		},
++		{
++                        Names: []string{
++				"clone3",
++                        },
++                        Action: types.ActAllow,
++                        Args:   []*types.Arg{},
++                        Includes: types.Filter{
++                                Arches: []string{"arm64", "amd64", "x32", "x86"},
++                        },
++                },
+ 		{
+ 			Names: []string{
+ 				"s390_pci_mmio_read",
+-- 
+2.33.0
+
diff --git a/series.conf b/series.conf
index 9564733453f21dbdfe18d176e70d7dbf601fef76..f3e9b9db60af1c9e67ece8231dc63a443d66107f 100644
--- a/series.conf
+++ b/series.conf
@@ -266,4 +266,5 @@ patch/0274-backport-fix-CVE-2024-29018.patch
 patch/0275-backport-fix-CVE-2024-32473.patch
 patch/0276-docker-Ignore-SIGURG-on-Linux.patch
 patch/0277-backport-fix-CVE-2024-41110.patch
+patch/0278-docker-add-clone3-seccomp-whitelist-for-arm64.patch
 #end