diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index 6a34baba2404f67cf2eca8974fbc2251487a2175..9f2454557d1ae3c4aebe461de39e0df75abee746 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -52,34 +52,28 @@ static const char *const defaultDeviceACL[] = {
 #define DEVICE_PTY_MAJOR 136
 #define DEVICE_SND_MAJOR 116
 
+
 static int
-qemuSetupImageCgroupInternal(virDomainObjPtr vm,
-                             virStorageSourcePtr src,
-                             bool forceReadonly)
+qemuSetupImagePathCgroup(virDomainObjPtr vm,
+                         const char *path,
+                         bool readonly)
 {
     qemuDomainObjPrivatePtr priv = vm->privateData;
     int perms = VIR_CGROUP_DEVICE_READ;
     int ret;
 
-    if (!virCgroupHasController(priv->cgroup,
-                                VIR_CGROUP_CONTROLLER_DEVICES))
-        return 0;
-
-    if (!src->path || !virStorageSourceIsLocalStorage(src)) {
-        VIR_DEBUG("Not updating cgroups for disk path '%s', type: %s",
-                  NULLSTR(src->path), virStorageTypeToString(src->type));
+    if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES))
         return 0;
-    }
 
-    if (!src->readonly && !forceReadonly)
+    if (readonly)
         perms |= VIR_CGROUP_DEVICE_WRITE;
 
     VIR_DEBUG("Allow path %s, perms: %s",
-              src->path, virCgroupGetDevicePermsString(perms));
+              path, virCgroupGetDevicePermsString(perms));
 
-    ret = virCgroupAllowDevicePath(priv->cgroup, src->path, perms, true);
+    ret = virCgroupAllowDevicePath(priv->cgroup, path, perms, true);
 
-    virDomainAuditCgroupPath(vm, priv->cgroup, "allow", src->path,
+    virDomainAuditCgroupPath(vm, priv->cgroup, "allow", path,
                              virCgroupGetDevicePermsString(perms),
                              ret == 0);
 
@@ -87,6 +81,21 @@ qemuSetupImageCgroupInternal(virDomainObjPtr vm,
 }
 
 
+static int
+qemuSetupImageCgroupInternal(virDomainObjPtr vm,
+                             virStorageSourcePtr src,
+                             bool forceReadonly)
+{
+    if (!src->path || !virStorageSourceIsLocalStorage(src)) {
+        VIR_DEBUG("Not updating cgroups for disk path '%s', type: %s",
+                  NULLSTR(src->path), virStorageTypeToString(src->type));
+        return 0;
+    }
+
+    return qemuSetupImagePathCgroup(vm, src->path, src->readonly || forceReadonly);
+}
+
+
 int
 qemuSetupImageCgroup(virDomainObjPtr vm,
                      virStorageSourcePtr src)