diff --git a/src/nspawn/nspawn-seccomp.c b/src/nspawn/nspawn-seccomp.c
index 2a64cf8258..1ab50553a9 100644
--- a/src/nspawn/nspawn-seccomp.c
+++ b/src/nspawn/nspawn-seccomp.c
@@ -171,6 +171,13 @@ static int add_syscall_filters(
                 log_warning_errno(r, "Failed to add rule for @known set on %s, ignoring: %m",
                                   seccomp_arch_to_string(arch));
 
+#if (SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR >= 5) || SCMP_VER_MAJOR > 2
+        /* We have a large filter here, so let's turn on the binary tree mode if possible. */
+        r = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_OPTIMIZE, 2);
+        if (r < 0)
+                return r;
+#endif
+
         return 0;
 }