diff --git a/0001-libxl-add-support-for-BlockResize-API.patch b/0001-libxl-add-support-for-BlockResize-API.patch
index 6271063..47749e3 100644
--- a/0001-libxl-add-support-for-BlockResize-API.patch
+++ b/0001-libxl-add-support-for-BlockResize-API.patch
@@ -23,7 +23,7 @@ Index: libvirt-5.0.0/src/libxl/libxl_driver.c
 ===================================================================
 --- libvirt-5.0.0.orig/src/libxl/libxl_driver.c
 +++ libvirt-5.0.0/src/libxl/libxl_driver.c
-@@ -5251,6 +5251,97 @@ libxlDomainMemoryStats(virDomainPtr dom,
+@@ -5252,6 +5252,97 @@ libxlDomainMemoryStats(virDomainPtr dom,
  
  #undef LIBXL_SET_MEMSTAT
  
@@ -121,7 +121,7 @@ Index: libvirt-5.0.0/src/libxl/libxl_driver.c
  static int
  libxlDomainGetJobInfo(virDomainPtr dom,
                        virDomainJobInfoPtr info)
-@@ -6635,6 +6726,7 @@ static virHypervisorDriver libxlHypervis
+@@ -6636,6 +6727,7 @@ static virHypervisorDriver libxlHypervis
  #endif
      .nodeGetFreeMemory = libxlNodeGetFreeMemory, /* 0.9.0 */
      .nodeGetCellsFreeMemory = libxlNodeGetCellsFreeMemory, /* 1.1.1 */
diff --git a/11c8aca9-libxl-set-mem-after-balloon.patch b/11c8aca9-libxl-set-mem-after-balloon.patch
new file mode 100644
index 0000000..b9139a2
--- /dev/null
+++ b/11c8aca9-libxl-set-mem-after-balloon.patch
@@ -0,0 +1,34 @@
+commit 11c8aca938bff7f6b7fb9def732262f3ad9e91f9
+Author: Jim Fehlig <jfehlig@suse.com>
+Date:   Thu Jan 10 15:18:36 2019 -0700
+
+    libxl: Set current memory value after successful balloon
+    
+    The libxl driver does not set the new memory value in the active domain def
+    after a successful balloon. This results in the old memory value in
+    <currentMemory>. E.g.
+    
+    virsh dumpxml test | grep currentMemory
+      <currentMemory unit='KiB'>20971520</currentMemory>
+    virsh setmem test 16777216 --live
+    virsh dumpxml test | grep currentMemory
+      <currentMemory unit='KiB'>20971520</currentMemory>
+    
+    Set the new memory value in active domain def after a successful call to
+    libxl_set_memory_target().
+    
+    Signed-off-by: Jim Fehlig <jfehlig@suse.com>
+    Reviewed-by: Ján Tomko <jtomko@redhat.com>
+
+Index: libvirt-5.0.0/src/libxl/libxl_driver.c
+===================================================================
+--- libvirt-5.0.0.orig/src/libxl/libxl_driver.c
++++ libvirt-5.0.0/src/libxl/libxl_driver.c
+@@ -1676,6 +1676,7 @@ libxlDomainSetMemoryFlags(virDomainPtr d
+                                  " with libxenlight"), vm->def->id);
+                 goto endjob;
+             }
++            vm->def->mem.cur_balloon = newmem;
+         }
+ 
+         if (flags & VIR_DOMAIN_MEM_CONFIG) {
diff --git a/70c2933d-apparmor-named-profiles.patch b/70c2933d-apparmor-named-profiles.patch
new file mode 100644
index 0000000..5f67842
--- /dev/null
+++ b/70c2933d-apparmor-named-profiles.patch
@@ -0,0 +1,38 @@
+commit 70c2933da24dc4b004118afe2f9acaeabc42c0ad
+Author: Jim Fehlig <jfehlig@suse.com>
+Date:   Fri Jan 11 17:26:03 2019 -0700
+
+    apparmor: Add support for named profiles
+    
+    Upstream apparmor is switching to named profiles. In short,
+    
+    /usr/sbin/dnsmasq {
+    
+    becomes
+    
+    profile dnsmasq /usr/sbin/dnsmasq {
+    
+    Consequently, any profiles that reference profiles in a peer= condition
+    need to be updated if the referenced profile switches to a named profile.
+    Apparmor commit 9ab45d81 switched dnsmasq to a named profile. ATM it is
+    the only named profile switch that has affected libvirt. Add rules to the
+    libvirtd profile to reference dnsmasq in peer= conditions by profile name.
+    
+    Signed-off-by: Jim Fehlig <jfehlig@suse.com>
+
+Index: libvirt-5.0.0/src/security/apparmor/usr.sbin.libvirtd
+===================================================================
+--- libvirt-5.0.0.orig/src/security/apparmor/usr.sbin.libvirtd
++++ libvirt-5.0.0/src/security/apparmor/usr.sbin.libvirtd
+@@ -52,9 +52,11 @@
+ 
+   ptrace (read,trace) peer=unconfined,
+   ptrace (read,trace) peer=/usr/sbin/libvirtd,
++  ptrace (read,trace) peer=dnsmasq,
+   ptrace (read,trace) peer=/usr/sbin/dnsmasq,
+   ptrace (read,trace) peer=libvirt-*,
+ 
++  signal (send) peer=dnsmasq,
+   signal (send) peer=/usr/sbin/dnsmasq,
+   signal (read, send) peer=libvirt-*,
+   signal (send) set=("kill", "term") peer=unconfined,
diff --git a/a3ab6d42-apparmor-conv-libvirtd-named-profile.patch b/a3ab6d42-apparmor-conv-libvirtd-named-profile.patch
new file mode 100644
index 0000000..b2b514d
--- /dev/null
+++ b/a3ab6d42-apparmor-conv-libvirtd-named-profile.patch
@@ -0,0 +1,38 @@
+commit a3ab6d42d825499af44b8f19f9299e150d9687bc
+Author: Jim Fehlig <jfehlig@suse.com>
+Date:   Fri Jan 11 17:59:59 2019 -0700
+
+    apparmor: convert libvirtd profile to a named profile
+    
+    Signed-off-by: Jim Fehlig <jfehlig@suse.com>
+
+Index: libvirt-5.0.0/src/security/apparmor/usr.sbin.libvirtd
+===================================================================
+--- libvirt-5.0.0.orig/src/security/apparmor/usr.sbin.libvirtd
++++ libvirt-5.0.0/src/security/apparmor/usr.sbin.libvirtd
+@@ -2,7 +2,7 @@
+ #include <tunables/global>
+ @{LIBVIRT}="libvirt"
+ 
+-/usr/sbin/libvirtd flags=(attach_disconnected) {
++profile libvirtd /usr/sbin/libvirtd flags=(attach_disconnected) {
+   #include <abstractions/base>
+   #include <abstractions/dbus>
+ 
+@@ -51,7 +51,7 @@
+   unix (send, receive) type=stream addr=none peer=(label=unconfined addr=none),
+ 
+   ptrace (read,trace) peer=unconfined,
+-  ptrace (read,trace) peer=/usr/sbin/libvirtd,
++  ptrace (read,trace) peer=@{profile_name},
+   ptrace (read,trace) peer=dnsmasq,
+   ptrace (read,trace) peer=/usr/sbin/dnsmasq,
+   ptrace (read,trace) peer=libvirt-*,
+@@ -123,6 +123,7 @@
+    # For communication/control from libvirtd
+    unix (send, receive) type=stream addr=none peer=(label=/usr/sbin/libvirtd),
+    signal (receive) set=("term") peer=/usr/sbin/libvirtd,
++   signal (receive) set=("term") peer=libvirtd,
+ 
+    /dev/net/tun rw,
+    /etc/qemu/** r,
diff --git a/libvirt.changes b/libvirt.changes
index 7ac8510..d5dd7b8 100644
--- a/libvirt.changes
+++ b/libvirt.changes
@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Wed Jan 23 20:53:29 UTC 2019 - James Fehlig <jfehlig@suse.com>
+
+- apparmor: add support for named profiles and convert libvirtd
+  profile to a named profile
+  70c2933d-apparmor-named-profiles.patch,
+  a3ab6d42-apparmor-conv-libvirtd-named-profile.patch
+  boo#1118952
+- libxl: save current memory value after successful balloon
+  11c8aca9-libxl-set-mem-after-balloon.patch
+  bsc#1120813
+
 -------------------------------------------------------------------
 Wed Jan 23 10:23:23 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
 
diff --git a/libvirt.spec b/libvirt.spec
index d024287..afd0d16 100644
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -332,6 +332,9 @@ Source6:        libvirtd-relocation-server.xml
 Source99:       baselibs.conf
 Source100:      %{name}-rpmlintrc
 # Upstream patches
+Patch0:         11c8aca9-libxl-set-mem-after-balloon.patch
+Patch1:         70c2933d-apparmor-named-profiles.patch
+Patch2:         a3ab6d42-apparmor-conv-libvirtd-named-profile.patch
 # Patches pending upstream review
 Patch100:       libxl-dom-reset.patch
 Patch101:       network-don-t-use-dhcp-authoritative-on-static-netwo.patch
@@ -865,6 +868,9 @@ libvirt plugin for NSS for translating domain names into IP addresses.
 
 %prep
 %setup -q
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1
 %patch100 -p1
 %patch101 -p1
 %patch150 -p1
diff --git a/libxl-dom-reset.patch b/libxl-dom-reset.patch
index 14167df..cc43f71 100644
--- a/libxl-dom-reset.patch
+++ b/libxl-dom-reset.patch
@@ -74,7 +74,7 @@ Index: libvirt-5.0.0/src/libxl/libxl_driver.c
  libxlDomainDestroyFlags(virDomainPtr dom,
                          unsigned int flags)
  {
-@@ -6510,6 +6565,7 @@ static virHypervisorDriver libxlHypervis
+@@ -6511,6 +6566,7 @@ static virHypervisorDriver libxlHypervis
      .domainShutdown = libxlDomainShutdown, /* 0.9.0 */
      .domainShutdownFlags = libxlDomainShutdownFlags, /* 0.9.10 */
      .domainReboot = libxlDomainReboot, /* 0.9.0 */
diff --git a/libxl-set-migration-constraints.patch b/libxl-set-migration-constraints.patch
index 52e60a6..80c2372 100644
--- a/libxl-set-migration-constraints.patch
+++ b/libxl-set-migration-constraints.patch
@@ -56,7 +56,7 @@ Index: libvirt-5.0.0/src/libxl/libxl_driver.c
 ===================================================================
 --- libvirt-5.0.0.orig/src/libxl/libxl_driver.c
 +++ libvirt-5.0.0/src/libxl/libxl_driver.c
-@@ -6117,6 +6117,9 @@ libxlDomainMigratePerform3Params(virDoma
+@@ -6118,6 +6118,9 @@ libxlDomainMigratePerform3Params(virDoma
      const char *dname = NULL;
      const char *uri = NULL;
      int ret = -1;
@@ -66,7 +66,7 @@ Index: libvirt-5.0.0/src/libxl/libxl_driver.c
  
  #ifdef LIBXL_HAVE_NO_SUSPEND_RESUME
      virReportUnsupportedError();
-@@ -6133,6 +6136,18 @@ libxlDomainMigratePerform3Params(virDoma
+@@ -6134,6 +6137,18 @@ libxlDomainMigratePerform3Params(virDoma
          virTypedParamsGetString(params, nparams,
                                  VIR_MIGRATE_PARAM_DEST_NAME,
                                  &dname) < 0 ||
@@ -85,7 +85,7 @@ Index: libvirt-5.0.0/src/libxl/libxl_driver.c
          virTypedParamsGetString(params, nparams,
                                  VIR_MIGRATE_PARAM_URI,
                                  &uri) < 0)
-@@ -6147,11 +6162,11 @@ libxlDomainMigratePerform3Params(virDoma
+@@ -6148,11 +6163,11 @@ libxlDomainMigratePerform3Params(virDoma
  
      if ((flags & (VIR_MIGRATE_TUNNELLED | VIR_MIGRATE_PEER2PEER))) {
          if (libxlDomainMigrationSrcPerformP2P(driver, vm, dom->conn, dom_xml,