diff --git a/etc/profile-a-l/dnsmasq.profile b/etc/profile-a-l/dnsmasq.profile
index 2db1548a4..71b960311 100644
--- a/etc/profile-a-l/dnsmasq.profile
+++ b/etc/profile-a-l/dnsmasq.profile
@@ -19,6 +19,9 @@ include disable-interpreters.inc
 include disable-programs.inc
 include disable-xdg.inc
 
+whitelist /var/lib/libvirt/dnsmasq
+whitelist /var/run
+
 caps.keep net_admin,net_bind_service,net_raw,setgid,setuid
 no3d
 nodvd
@@ -35,3 +38,4 @@ disable-mnt
 private
 private-cache
 private-dev
+writable-var