diff --git a/apparmor.changes b/apparmor.changes
index 02c6353..821012b 100644
--- a/apparmor.changes
+++ b/apparmor.changes
@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Thu Jan 24 21:13:43 UTC 2019 - Christian Boltz <suse-beta@cboltz.de>
+
+- add dnsmasq-libvirtd.diff: allow peer=libvirtd in the dnsmasq profile
+  to match the newly added libvirtd profile name (boo#1118952#c3)
+
+-------------------------------------------------------------------
+Mon Jan 14 14:41:14 CET 2019 - kukuk@suse.de
+
+- Use %license instead of %doc [bsc#1082318]
+
 -------------------------------------------------------------------
 Sun Jan  6 19:10:58 UTC 2019 - Christian Boltz <suse-beta@cboltz.de>
 
diff --git a/apparmor.spec b/apparmor.spec
index f2504ab..d1a959e 100644
--- a/apparmor.spec
+++ b/apparmor.spec
@@ -72,6 +72,9 @@ Patch9:         profile_filename_cornercase.diff
 # workaround for boo#1119937 / lp#1784499 - allow network access for reading files on NFS (proper solution needs kernel fix)
 Patch10:        apparmor-lessopen-nfs-workaround.diff
 
+# add peer=libvirtd to dnsmasq profile (from upstream 20fe099cede7cb5ec7dcf62a5427936766a6d4e4)
+Patch11:        dnsmasq-libvirtd.diff
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define apparmor_bin_prefix /lib/apparmor
@@ -362,6 +365,7 @@ SubDomain.
 %patch8 -p1
 %patch9 -p1
 %patch10
+%patch11 -p1
 
 %build
 export SUSE_ASNEEDED=0
@@ -536,7 +540,8 @@ echo -------------------------------------------------------------------
 
 %files parser
 %defattr(-,root,root)
-%doc parser/README parser/COPYING.GPL
+%license parser/COPYING.GPL
+%doc parser/README
 /sbin/apparmor_parser
 %{_bindir}/aa-enabled
 %{_bindir}/aa-exec
diff --git a/dnsmasq-libvirtd.diff b/dnsmasq-libvirtd.diff
new file mode 100644
index 0000000..b6fa17c
--- /dev/null
+++ b/dnsmasq-libvirtd.diff
@@ -0,0 +1,27 @@
+commit 20fe099cede7cb5ec7dcf62a5427936766a6d4e4
+Author: Christian Boltz <apparmor@cboltz.de>
+Date:   Sun Jan 13 17:38:09 2019 +0100
+
+    dnsmasq: allow peer=libvirtd to support named profile
+    
+    The /usr/sbin/libvirtd profile will get a profile name ("libvirtd").
+    
+    This patch adjusts the dnsmasq profile to support the named profile in
+    addition to the "old" path-based profile name.
+    
+    References: https://bugzilla.opensuse.org/show_bug.cgi?id=1118952#c3
+
+diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq
+index a308e3f7..2627f6d6 100644
+--- a/profiles/apparmor.d/usr.sbin.dnsmasq
++++ b/profiles/apparmor.d/usr.sbin.dnsmasq
+@@ -28,7 +28,9 @@ profile dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
+   network inet6 raw,
+ 
+   signal (receive) peer=/usr/{bin,sbin}/libvirtd,
++  signal (receive) peer=libvirtd,
+   ptrace (readby) peer=/usr/{bin,sbin}/libvirtd,
++  ptrace (readby) peer=libvirtd,
+ 
+   owner /dev/tty rw,
+