diff --git a/508.patch b/508.patch
new file mode 100644
index 0000000..83d9421
--- /dev/null
+++ b/508.patch
@@ -0,0 +1,82 @@
+From 2d83d23b56897a047b598a402f505cbad751c261 Mon Sep 17 00:00:00 2001
+From: Yaakov Selkowitz <yselkowi@redhat.com>
+Date: Sun, 11 Feb 2024 19:37:59 -0500
+Subject: [PATCH] build: handle landlock feature as a tristate option
+
+The kernel runtime test does not always work as intended for
+distribution builds.  Instead, if the landlock feature is explicitly
+enabled, then just check that the header is present (meaning the code
+will compile).  Only if the feature is auto, then check the kernel.
+
+Closes: https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/300
+---
+ meson.build | 22 ++++++++++------------
+ 1 file changed, 10 insertions(+), 12 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index 0e0b51e02..3c9099291 100644
+--- a/meson.build
++++ b/meson.build
+@@ -187,7 +187,11 @@ endif
+ 
+ have_landlock = cc.has_header('linux/landlock.h', required: get_option('landlock'))
+ 
+-if have_landlock and not get_option('landlock').disabled()
++# If landlock feature is explicitly enabled and header is present, do not perform
++# a runtime test, as this might be e.g. a distribution build in an isolated build
++# environment and/or on an older kernel.  If feature is auto, then run-check the
++# kernel as well.  https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/300
++if have_landlock and get_option('landlock').auto()
+   landlock_check = cc.run('''
+       #include <fcntl.h>
+       #include <linux/landlock.h>
+@@ -202,10 +206,8 @@ if have_landlock and not get_option('landlock').disabled()
+   ''',
+   name: 'landlock is enabled in kernel')
+ 
+-  landlock_enabled = (landlock_check.compiled() and landlock_check.returncode() == 0)
+-
+-  if get_option('landlock').enabled() and not landlock_enabled
+-    error('Landlock was enabled in build options, but is disabled in the kernel')
++  if not (landlock_check.compiled() and landlock_check.returncode() == 0)
++    error('Landlock was auto-enabled in build options, but is disabled in the kernel')
+   endif
+ endif
+ 
+@@ -395,7 +397,7 @@ conf.set('HAVE_POSIX_FADVISE', cc.has_function('posix_fadvise', prefix : '#inclu
+ conf.set('HAVE_STATVFS64', cc.has_header_symbol('sys/statvfs.h', 'statvfs64', args: '-D_LARGEFILE64_SOURCE'))
+ conf.set('HAVE_STRNLEN', cc.has_function('strnlen', prefix : '#include <string.h>'))
+ conf.set('HAVE_MEMFD_CREATE', cc.has_function('memfd_create', prefix : '#define _GNU_SOURCE\n#include <sys/mman.h>'))
+-conf.set('HAVE_LANDLOCK', have_landlock and landlock_enabled)
++conf.set('HAVE_LANDLOCK', have_landlock)
+ 
+ conf.set_quoted('LOCALEDIR', get_option('prefix') / get_option('localedir'))
+ conf.set_quoted('SHAREDIR', get_option('prefix') / get_option('datadir'))
+@@ -507,7 +509,7 @@ summary = [
+   '    Domain prefix:                          ' + get_option('domain_prefix'),
+   '\nFeature Support:',
+   '    File monitoring:                        @0@glib'.format(have_fanotify ? 'fanotify ' : ''),
+-  '    Landlock:                               ' + (have_landlock and landlock_enabled).to_string(),
++  '    Landlock:                               ' + have_landlock.to_string(),
+   '    BTRFS subvolumes:                       ' + have_btrfs_ioctl.to_string(),
+   '    Battery/mains power detection:          ' + battery_detection_library_name,
+   '    Support for network status detection:   ' + have_network_manager.to_string(),
+@@ -567,14 +569,10 @@ if not get_option('seccomp')
+   warning('Seccomp sandboxing is disabled.')
+   unsafe = true
+ endif
+-if get_option('landlock').disabled()
++if get_option('landlock').disabled() or not have_landlock
+   warning('Landlock sandboxing is disabled.')
+   unsafe = true
+ endif
+-if have_landlock and not landlock_enabled
+-  warning('Landlock sandboxing is disabled by kernel configuration.')
+-  unsafe = true
+-endif
+ 
+ if unsafe
+   warning('Run at your own risk. Distribution is discouraged.')
+-- 
+GitLab
+
diff --git a/tracker-miners.spec b/tracker-miners.spec
index 883c483..2ea8b65 100644
--- a/tracker-miners.spec
+++ b/tracker-miners.spec
@@ -33,7 +33,7 @@
 
 Name:           tracker-miners
 Version:        3.7~alpha
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        Tracker miners and metadata extractors
 
 # libtracker-extract and libtracker-miner libraries are LGPLv2+; the miners are a mix of GPLv2+ and LGPLv2+ code
@@ -41,6 +41,8 @@ License:        GPL-2.0-or-later AND LGPL-2.1-or-later
 URL:            https://gnome.pages.gitlab.gnome.org/tracker/
 Source0:        https://download.gnome.org/sources/%{name}/3.7/%{name}-%{tarball_version}.tar.xz
 Source1:        flatpak-fixup.sh
+# bypass kernel landlock check for distribution builds
+Patch0:         https://gitlab.gnome.org/GNOME/tracker-miners/-/merge_requests/508.patch
 
 BuildRequires:  asciidoc
 BuildRequires:  gcc
@@ -175,6 +177,9 @@ install -D -m 0755 %{SOURCE1} %{buildroot}%{_bindir}/%{name}-flatpak-fixup.sh
 
 
 %changelog
+* Mon Feb 12 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 3.7~alpha-4
+- Bypass kernel landlock check during build
+
 * Wed Jan 31 2024 Pete Walter <pwalter@fedoraproject.org> - 3.7~alpha-3
 - Rebuild for ICU 74