diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index c46e7878bc..aa0c927578 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -81,8 +81,19 @@ qemuCgroupDenyDevicePath(virDomainObj *vm,
                          bool ignoreEacces)
 {
     qemuDomainObjPrivate *priv = vm->privateData;
+    g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(priv->driver);
+    const char *const *deviceACL = (const char *const *)cfg->cgroupDeviceACL;
     int ret;
 
+    if (!deviceACL)
+        deviceACL = defaultDeviceACL;
+
+    if (g_strv_contains(deviceACL, path)) {
+        VIR_DEBUG("Skipping deny of path %s in CGroups because it's in cgroupDeviceACL",
+                  path);
+        return 0;
+    }
+
     VIR_DEBUG("Deny path %s, perms: %s",
               path, virCgroupGetDevicePermsString(perms));