diff --git a/src/security/apparmor/libvirt-qemu b/src/security/apparmor/libvirt-qemu
index 85c9e61d6c..6275b6e95b 100644
--- a/src/security/apparmor/libvirt-qemu
+++ b/src/security/apparmor/libvirt-qemu
@@ -35,6 +35,8 @@
   @{PROC}/sys/vm/overcommit_memory r,
   # detect hardware capabilities via qemu_getauxval
   owner @{PROC}/*/auxv r,
+  # allow reading libnl's classid file
+  /etc/libnl{,-3}/classid r,
 
   # For hostdev access. The actual devices will be added dynamically
   /sys/bus/usb/devices/ r,
diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in
index dd18c8ab89..8ebb47596a 100644
--- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in
+++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in
@@ -19,7 +19,8 @@ profile virt-aa-helper @libexecdir@/virt-aa-helper {
   # Used when internally running another command (namely apparmor_parser)
   @{PROC}/@{pid}/fd/ r,
 
-  @sysconfdir@/libnl-3/classid r,
+  # allow reading libnl's classid file
+  @sysconfdir@/libnl{,-3}/classid r,
 
   # for gl enabled graphics
   /dev/dri/{,*} r,