diff --git a/packages/genodelabs/sandbox.patch b/packages/genodelabs/sandbox.patch
new file mode 100644
index 0000000..049774e
--- /dev/null
+++ b/packages/genodelabs/sandbox.patch
@@ -0,0 +1,56 @@
+commit 20abcefd185d72ecc55e87ff78f8f784d927653d
+Author: Emery Hemingway <ehmry@posteo.net>
+Date:   Sat Apr 25 16:08:45 2020 +0530
+
+    Init/sandbox: always route "ld.lib.so" ROM to parent
+    
+    A livelock may occur if init router the "ld.lib.so" ROM request of a
+    child to another child, and the child providing the ROM interacts with
+    Init during the creation of the session.
+
+diff --git a/repos/os/src/lib/sandbox/child.cc b/repos/os/src/lib/sandbox/child.cc
+index 5361665eac..fa09cca31a 100644
+--- a/repos/os/src/lib/sandbox/child.cc
++++ b/repos/os/src/lib/sandbox/child.cc
+@@ -448,6 +448,8 @@ Sandbox::Child::Route
+ Sandbox::Child::resolve_session_request(Service::Name const &service_name,
+                                         Session_label const &label)
+ {
++	auto no_filter = [] (Service &) -> bool { return false; };
++
+ 	/* check for "config" ROM request */
+ 	if (service_name == Rom_session::service_name() &&
+ 	    label.last_element() == "config") {
+@@ -498,9 +500,20 @@ Sandbox::Child::resolve_session_request(Service::Name const &service_name,
+ 	    label == _unique_name && _unique_name != _binary_name)
+ 		return resolve_session_request(service_name, _binary_name);
+ 
+-	/* supply binary as dynamic linker if '<start ld="no">' */
+-	if (!_use_ld && service_name == Rom_session::service_name() && label == "ld.lib.so")
+-		return resolve_session_request(service_name, _binary_name);
++	/*
++	 * Check for the "ld.lib.so" ROM request
++	 */
++	if (service_name == Rom_session::service_name() && label == "ld.lib.so") {
++		if (_use_ld) {
++			/* forward request to parent */
++			return Route {
++				find_service(_parent_services, Rom_session::service_name(), no_filter),
++				Session_label("ld.lib.so"), Session::Diag { false} };
++		} else {
++			/* supply binary as dynamic linker if '<start ld="no">' */
++			return resolve_session_request(service_name, _binary_name);
++		}
++	}
+ 
+ 	/* check for "session_requests" ROM request */
+ 	if (service_name == Rom_session::service_name()
+@@ -541,8 +554,6 @@ Sandbox::Child::resolve_session_request(Service::Name const &service_name,
+ 				Session::Diag const
+ 					target_diag { target.attribute_value("diag", false) };
+ 
+-				auto no_filter = [] (Service &) -> bool { return false; };
+-
+ 				if (target.has_type("parent")) {
+ 
+ 					try {
diff --git a/packages/genodelabs/targets.nix b/packages/genodelabs/targets.nix
index 078130b..4ad8a46 100644
--- a/packages/genodelabs/targets.nix
+++ b/packages/genodelabs/targets.nix
@@ -3,6 +3,8 @@ with ports; {
 
   gpt_write.portInputs = [ jitterentropy ];
 
+  init.patches = [ ./sandbox.patch ];
+
   intel_fb_drv = {
     BOARD = "pc";
     portInputs = [ dde_linux ];