diff --git a/apparmor-profiles-dnsmasq.diff b/apparmor-profiles-dnsmasq.diff
new file mode 100644
index 0000000..dab10ac
--- /dev/null
+++ b/apparmor-profiles-dnsmasq.diff
@@ -0,0 +1,17 @@
+=== modified file 'profiles/apparmor.d/usr.sbin.dnsmasq'
+--- profiles/apparmor.d/usr.sbin.dnsmasq	2013-01-04 17:46:39 +0000
++++ profiles/apparmor.d/usr.sbin.dnsmasq	2013-10-30 19:32:39 +0000
+@@ -42,10 +42,10 @@
+   @{TFTP_DIR}/ r,
+   @{TFTP_DIR}/** r,
+ 
+-  # libvirt lease and hosts files for dnsmasq
++  # libvirt config, lease and hosts files for dnsmasq
+   /var/lib/libvirt/dnsmasq/            r,
++  /var/lib/libvirt/dnsmasq/*        r,
+   /var/lib/libvirt/dnsmasq/*.leases rw,
+-  /var/lib/libvirt/dnsmasq/*.hostsfile r,
+ 
+   # libvirt pid files for dnsmasq
+   /{,var/}run/libvirt/network/      r,
+
diff --git a/apparmor.changes b/apparmor.changes
index 1681f24..0839640 100644
--- a/apparmor.changes
+++ b/apparmor.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Oct 30 11:06:39 UTC 2013 - opensuse@cboltz.de
+
+- add apparmor-profiles-dnsmasq.diff - add missing permissions for
+  libvirt-generated files to dnsmasq profile (bnc#848215)
+
 -------------------------------------------------------------------
 Sun Oct 20 11:59:28 UTC 2013 - opensuse@cboltz.de
 
diff --git a/apparmor.spec b/apparmor.spec
index ae2a3d9..f90edc1 100644
--- a/apparmor.spec
+++ b/apparmor.spec
@@ -115,6 +115,9 @@ Patch11:        apparmor-profiles-samba4.diff
 # Add support for eDirectory calls in abstractions/nameservice. Not accepted upstream (yet) because of open questions
 Patch12:        apparmor-2.5.1-edirectory-profile
 
+# dnsmasq - add missing read permisions for libvirt files - bnc#848215 - committed upstream trunk r2238, 2.8 branch r2101
+Patch13:        apparmor-profiles-dnsmasq.diff
+
 # create Immunix::SubDomain perl module - only included for openSUSE <= 12.1 - bnc#720617 #c7
 Patch21:        apparmor-utils-subdomain-compat
 
@@ -488,6 +491,7 @@ SubDomain.
 %patch10
 %patch11
 %patch12 -p1
+%patch13
 
 # only create Immunix::SubDomain perl module for openSUSE <= 12.1 
 %if 0%{?suse_version}