diff --git a/zathura/commands.c b/zathura/commands.c
index 16b2fe3..bfee3d0 100644
--- a/zathura/commands.c
+++ b/zathura/commands.c
@@ -308,6 +308,11 @@ cmd_save(girara_session_t* session, girara_list_t* argument_list)
   g_return_val_if_fail(session->global.data != NULL, false);
   zathura_t* zathura = session->global.data;
 
+  if (zathura->global.sandbox == ZATHURA_SANDBOX_STRICT) {
+    girara_notify(zathura->ui.session, GIRARA_ERROR, _("Saving is not permitted in strict sandbox mode"));
+    return false;
+  }
+
   if (zathura->document == NULL) {
     girara_notify(session, GIRARA_ERROR, _("No document opened."));
     return false;
@@ -330,6 +335,11 @@ cmd_savef(girara_session_t* session, girara_list_t* argument_list)
   g_return_val_if_fail(session->global.data != NULL, false);
   zathura_t* zathura = session->global.data;
 
+  if (zathura->global.sandbox == ZATHURA_SANDBOX_STRICT) {
+    girara_notify(zathura->ui.session, GIRARA_ERROR, _("Saving is not permitted in strict sandbox mode"));
+    return false;
+  }
+
   if (zathura->document == NULL) {
     girara_notify(session, GIRARA_ERROR, _("No document opened."));
     return false;
@@ -426,6 +436,12 @@ cmd_export(girara_session_t* session, girara_list_t* argument_list)
   g_return_val_if_fail(session != NULL, false);
   g_return_val_if_fail(session->global.data != NULL, false);
   zathura_t* zathura = session->global.data;
+
+  if (zathura->global.sandbox == ZATHURA_SANDBOX_STRICT) {
+    girara_notify(zathura->ui.session, GIRARA_ERROR, _("Exporting attachments is not permitted in strict sandbox mode"));
+    return false;
+  }
+
   if (zathura->document == NULL) {
     girara_notify(session, GIRARA_ERROR, _("No document opened."));
     return false;
diff --git a/zathura/seccomp-filters.c b/zathura/seccomp-filters.c
index ad324aa..61e1a26 100644
--- a/zathura/seccomp-filters.c
+++ b/zathura/seccomp-filters.c
@@ -203,7 +203,7 @@ seccomp_enable_strict_filter(zathura_t* zathura)
   /* ALLOW_RULE (open); specified below */
   /* ALLOW_RULE (openat); specified below */
   /* ALLOW_RULE(pipe); unused? */
-  /* ALLOW_RULE(pipe2); unused? required by x11, see below */
+  ALLOW_RULE(pipe2);
   ALLOW_RULE(poll);
   ALLOW_RULE(pwrite64); /* equals pwrite */
   ALLOW_RULE(pread64); /* equals pread */
@@ -257,7 +257,6 @@ seccomp_enable_strict_filter(zathura_t* zathura)
     ALLOW_RULE(setsockopt);
     ALLOW_RULE(getsockopt);
     ALLOW_RULE(getsockname);
-    ALLOW_RULE(pipe2);
     ALLOW_RULE(connect);
     ALLOW_RULE(umask);
     ALLOW_RULE(uname);