diff --git a/file-5.38-allow-readlinkat.dif b/file-5.38-allow-readlinkat.dif
new file mode 100644
index 0000000..d36886c
--- /dev/null
+++ b/file-5.38-allow-readlinkat.dif
@@ -0,0 +1,14 @@
+Index: file-5.38/src/seccomp.c
+===================================================================
+--- file-5.38.orig/src/seccomp.c
++++ file-5.38/src/seccomp.c
+@@ -202,6 +202,9 @@ enable_sandbox_full(void)
+ #ifdef __NR_newfstatat
+ 	ALLOW_RULE(newfstatat);
+ #endif
++#ifdef __NR_readlinkat
++	ALLOW_RULE(readlinkat);
++#endif
+ 	ALLOW_RULE(open);
+ 	ALLOW_RULE(openat);
+ 	ALLOW_RULE(pread64);
diff --git a/file.changes b/file.changes
index 693c8ff..9b04074 100644
--- a/file.changes
+++ b/file.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Jan  8 13:55:46 UTC 2020 - Marcus Meissner <meissner@suse.com>
+
+- file-5.38-allow-readlinkat.dif: allow readlinkat() systemcall,
+  reenable sandboxing. (bsc#1160303)
+
 -------------------------------------------------------------------
 Tue Jan  7 11:22:04 UTC 2020 - Dr. Werner Fink <werner@suse.de>
 
diff --git a/file.spec b/file.spec
index 635cd14..9bc6d7e 100644
--- a/file.spec
+++ b/file.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package file
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -64,6 +64,7 @@ Patch34:        file-5.23-endian.patch
 Patch35:        file-5.24-nitpick.dif
 Patch37:        file-secure_getenv.patch
 Patch39:        file-5.28-btrfs-image.dif
+Patch40:        file-5.38-allow-readlinkat.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %global         _sysconfdir /etc
 %global         _miscdir    %{_datadir}/misc
@@ -129,6 +130,7 @@ to develop applications that require the magic "file" interface.
 %patch35 -p0 -b .nitpick
 %patch37 -p1 -b .getenv
 %patch39 -p1 -b .btrfs
+%patch40 -p1 -b .readlinkat
 %patch -b .0
 test -s src/magic.h.in || cp -p src/magic.h src/magic.h.in
 rm -fv src/magic.h
@@ -142,9 +144,6 @@ autoreconf -fiv
 export CFLAGS="%{optflags} -DHOWMANY=69632 -fPIE $(pkg-config libseccomp --cflags)"
 %configure --disable-silent-rules --datadir=%{_miscdir} \
 	--disable-static \
-%ifarch aarch64
-	--disable-libseccomp \
-%endif
 	--enable-fsect-man5
 make %{?_smp_mflags} pkgdatadir='$(datadir)' LDFLAGS="-pie"
 
diff --git a/python-magic.spec b/python-magic.spec
index e1a2e55..8107d49 100644
--- a/python-magic.spec
+++ b/python-magic.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package python-magic
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed