diff --git a/oci/defaults.go b/oci/defaults.go
index 9c5b5f83dc..049243f495 100644
--- a/oci/defaults.go
+++ b/oci/defaults.go
@@ -98,6 +98,7 @@ func DefaultLinuxSpec() specs.Spec {
 				"/proc/sched_debug",
 				"/proc/scsi",
 				"/sys/firmware",
+				"/sys/devices/virtual/powercap",
 			},
 			ReadonlyPaths: []string{
 				"/proc/bus",
diff --git a/profiles/apparmor/template.go b/profiles/apparmor/template.go
index ed5892a7f6..626e5f6789 100644
--- a/profiles/apparmor/template.go
+++ b/profiles/apparmor/template.go
@@ -49,6 +49,7 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
   deny /sys/fs/c[^g]*/** wklx,
   deny /sys/fs/cg[^r]*/** wklx,
   deny /sys/firmware/** rwklx,
+  deny /sys/devices/virtual/powercap/** rwklx,
   deny /sys/kernel/security/** rwklx,
 
 {{if ge .Version 208095}}