diff --git a/templates/usr.bin.neutron-dhcp-agent b/templates/usr.bin.neutron-dhcp-agent
index ff29a32b..0ba0441b 100644
--- a/templates/usr.bin.neutron-dhcp-agent
+++ b/templates/usr.bin.neutron-dhcp-agent
@@ -15,11 +15,16 @@
   /{,usr/}bin/** rix,
 
   /etc/neutron/** r,
+  /etc/magic r,
   /etc/mime.types r,
   /var/lib/neutron/** rwk,
   /var/log/neutron/** rwk,
   /{,var/}run/neutron/** rwk,
   /{,var/}run/lock/neutron/** rwk,
+  /run/uuidd/request rw,
+
+  /usr/share/file/magic.mgc r,
+  /usr/share/file/magic/ r,
 
   # Allow unconfined sudo to support oslo.rootwrap
   # profile makes no attempt to restrict this as this
diff --git a/templates/usr.bin.neutron-l3-agent b/templates/usr.bin.neutron-l3-agent
index 4067aed2..b9c197fe 100644
--- a/templates/usr.bin.neutron-l3-agent
+++ b/templates/usr.bin.neutron-l3-agent
@@ -15,11 +15,16 @@
   /{,usr/}bin/** rix,
 
   /etc/neutron/** r,
+  /etc/magic r,
   /etc/mime.types r,
   /var/lib/neutron/** rwk,
   /var/log/neutron/** rwk,
   /{,var/}run/neutron/** rwk,
   /{,var/}run/lock/neutron/** rwk,
+  /run/uuidd/request rw,
+
+  /usr/share/file/magic.mgc r,
+  /usr/share/file/magic/ r,
 
   # Allow unconfined sudo to support oslo.rootwrap
   # profile makes no attempt to restrict this as this
diff --git a/templates/usr.bin.neutron-metadata-agent b/templates/usr.bin.neutron-metadata-agent
index 82ee2ec9..c6159c78 100644
--- a/templates/usr.bin.neutron-metadata-agent
+++ b/templates/usr.bin.neutron-metadata-agent
@@ -15,11 +15,14 @@
   /{,usr/}bin/** rix,
 
   /etc/neutron/** r,
+  /etc/magic r,
   /etc/mime.types r,
   /var/lib/neutron/** rwk,
   /var/log/neutron/** rwk,
   /{,var/}run/neutron/** rwk,
   /{,var/}run/lock/neutron/** rwk,
+  /usr/share/file/magic.mgc r,
+  /usr/share/file/magic/ r,
 
   # Allow unconfined sudo to support oslo.rootwrap
   # profile makes no attempt to restrict this as this
diff --git a/templates/usr.bin.neutron-metering-agent b/templates/usr.bin.neutron-metering-agent
index 9cc54911..ed0e921f 100644
--- a/templates/usr.bin.neutron-metering-agent
+++ b/templates/usr.bin.neutron-metering-agent
@@ -15,12 +15,16 @@
   /{,usr/}bin/** rix,
 
   /etc/neutron/** r,
+  /etc/magic r,
   /etc/mime.types r,
   /var/lib/neutron/** rwk,
   /var/log/neutron/** rwk,
   /{,var/}run/neutron/** rwk,
   /{,var/}run/lock/neutron/** rwk,
 
+  /usr/share/file/magic.mgc r,
+  /usr/share/file/magic/ r,
+
   # Allow unconfined sudo to support oslo.rootwrap
   # profile makes no attempt to restrict this as this
   # is limited by the appropriate rootwrap configuration.
diff --git a/templates/usr.bin.neutron-openvswitch-agent b/templates/usr.bin.neutron-openvswitch-agent
index e8f222f5..bc4bc614 100644
--- a/templates/usr.bin.neutron-openvswitch-agent
+++ b/templates/usr.bin.neutron-openvswitch-agent
@@ -15,6 +15,7 @@
   /{,usr/}bin/** rix,
 
   /etc/neutron/** r,
+  /etc/magic r,
   /etc/mime.types r,
   /etc/udev/udev.conf r,
   /var/lib/neutron/** rwk,
@@ -25,6 +26,9 @@
   /run/uuidd/request rw,
   /sys/kernel/uevent_seqnum r,
 
+  /usr/share/file/magic.mgc r,
+  /usr/share/file/magic/ r,
+
   # Allow unconfined sudo to support oslo.rootwrap
   # profile makes no attempt to restrict this as this
   # is limited by the appropriate rootwrap configuration.