diff --git a/apparmor.d/abstractions/app/sudo b/apparmor.d/abstractions/app/sudo
index 53bb50f31..b83c2d166 100644
--- a/apparmor.d/abstractions/app/sudo
+++ b/apparmor.d/abstractions/app/sudo
@@ -12,6 +12,7 @@
   include <abstractions/consoles>
   include <abstractions/nameservice-strict>
   include <abstractions/wutmp>
+  include <abstractions/devices-usb>
 
   capability audit_write,
   capability dac_override,
@@ -51,6 +52,10 @@
 
   owner @{HOME}/.sudo_as_admin_successful rw,
 
+  # yubikey support
+  owner @{HOME}/.yubico/challenge-* rw,
+        @{HOME}/.yubico/ r,
+
         @{run}/faillock/ rw,
         @{run}/faillock/@{user} rwk,
   owner @{run}/sudo/ rw,