diff --git a/apparmor-Permit-new-capabilities-required-by-libvirt.patch b/apparmor-Permit-new-capabilities-required-by-libvirt.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9efd2e6fd35f759f2168b6eb0d4998c81f5eb680
--- /dev/null
+++ b/apparmor-Permit-new-capabilities-required-by-libvirt.patch
@@ -0,0 +1,38 @@
+From 9abebfb36b2380829be4a901d7c9785a7a8f5f6a Mon Sep 17 00:00:00 2001
+From: Jim Fehlig <jfehlig@suse.com>
+Date: Mon, 7 Jun 2021 16:21:28 -0600
+Subject: [PATCH] apparmor: Permit new capabilities required by libvirtd
+
+The audit log contains the following denials from libvirtd
+
+apparmor="DENIED" operation="capable" profile="libvirtd" pid=6012 comm="daemon-init" capability=17  capname="sys_rawio"
+apparmor="DENIED" operation="capable" profile="libvirtd" pid=6012 comm="rpc-worker" capability=39  capname="bpf"
+apparmor="DENIED" operation="capable" profile="libvirtd" pid=6012 comm="rpc-worker" capability=38  capname="perfmon"
+
+Squelch the denials and allow the capabilities in the libvirtd
+apparmor profile.
+
+Signed-off-by: Jim Fehlig <jfehlig@suse.com>
+Reviewed-by: Neal Gompa <ngompa13@gmail.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/security/apparmor/usr.sbin.libvirtd.in | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in
+index 1e137039e9..49266743f5 100644
+--- a/src/security/apparmor/usr.sbin.libvirtd.in
++++ b/src/security/apparmor/usr.sbin.libvirtd.in
+@@ -25,6 +25,9 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
+   capability fsetid,
+   capability audit_write,
+   capability ipc_lock,
++  capability sys_rawio,
++  capability bpf,
++  capability perfmon,
+ 
+   # Needed for vfio
+   capability sys_resource,
+-- 
+2.27.0
+
diff --git a/libvirt.spec b/libvirt.spec
index 760824fd0bcbec48be081ec1af57d1e1df6e0f9b..759785119f8a98baf2c23b1890ac43aab962943a 100644
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -101,7 +101,7 @@
 Summary: Library providing a simple virtualization API
 Name: libvirt
 Version: 6.2.0
-Release: 35
+Release: 36
 License: LGPLv2+
 URL: https://libvirt.org/
 
@@ -245,6 +245,7 @@ Patch0132: qemu-monitor-Don-t-add-props-wrapper-if-qemu-has-QEM.patch
 Patch0133: qemu-command-Use-JSON-for-QAPIfied-object-directly.patch
 Patch0134: tests-qemuxml2argv-Validate-generation-of-JSON-props.patch
 Patch0135: qemu-capabilities-Enable-detection-of-QEMU_CAPS_OBJE.patch
+Patch0136: apparmor-Permit-new-capabilities-required-by-libvirt.patch
 
 Requires: libvirt-daemon = %{version}-%{release}
 Requires: libvirt-daemon-config-network = %{version}-%{release}
@@ -1979,6 +1980,9 @@ exit 0
 
 
 %changelog
+* Thu Mar 24 2022 yezengruan <yezengruan@huawei.com>
+- apparmor: Permit new capabilities required by libvirtd
+
 * Thu Mar 24 2022 yezengruan <yezengruan@huawei.com>
 - qemuMonitorJSONSetMigrationParams: Take double pointer for @params
 - qemuMonitorJSONAddObject: Take double pointer for @props