diff --git a/tmpfiles-rework.patch b/tmpfiles-rework.patch
new file mode 100644
index 0000000..98e0c24
--- /dev/null
+++ b/tmpfiles-rework.patch
@@ -0,0 +1,19 @@
+diff --git a/Makefile.am b/Makefile.am
+index 74a08cb..8271412 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -119,6 +119,7 @@ install-daemon-conf: $(top_builddir)/usbguard-daemon.conf
+ 	$(MKDIR_P) $(DESTDIR)/$(usbguard_confdir)
+ 	$(MKDIR_P) $(DESTDIR)/$(usbguard_confdir)/IPCAccessControl.d
+ 	$(MKDIR_P) $(DESTDIR)/${localstatedir}/log/usbguard
++	chmod 0700 $(DESTDIR)/${localstatedir}/log/usbguard
+ 	$(INSTALL) -m 600 $(top_builddir)/usbguard-daemon.conf \
+ 	  $(DESTDIR)/$(usbguard_confdir)/usbguard-daemon.conf
+ 	if ! test -f "$(DESTDIR)/$(usbguard_confdir)/rules.conf"; then \
+diff --git a/usbguard-tmpfiles.conf b/usbguard-tmpfiles.conf
+index aff00c5..e90908f 100644
+--- a/usbguard-tmpfiles.conf
++++ b/usbguard-tmpfiles.conf
+@@ -1 +1 @@
+-d /var/log/usbguard 0755 root root - -
++d /var/log/usbguard 0700 root root - -
diff --git a/usbguard.spec b/usbguard.spec
index 90f9754..327db87 100644
--- a/usbguard.spec
+++ b/usbguard.spec
@@ -6,7 +6,7 @@
 
 Name:           usbguard
 Version:        1.1.4
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        A tool for implementing USB device usage policy
 License:        GPL-2.0-or-later
 ## Not installed
@@ -47,6 +47,7 @@ BuildRequires: systemd
 Patch1: catch1-devel.patch
 Patch2: disable-console-logging.patch
 Patch3: selinux-sbin.patch
+Patch4: tmpfiles-rework.patch
 
 %description
 The USBGuard software framework helps to protect your computer against rogue USB
@@ -129,6 +130,7 @@ popd
 
 %patch -P 1 -p1
 %patch -P 2 -p1
+%patch -P 4 -p1
 
 # Remove bundled library sources before build
 rm -rf src/ThirdParty/{Catch,PEGTL}
@@ -218,7 +220,7 @@ find %{buildroot} \( -name '*.la' -o -name '*.a' \) -exec rm -f {} ';'
 %{_libdir}/*.so.*
 %{_sbindir}/usbguard-daemon
 %{_bindir}/usbguard
-%dir %{_localstatedir}/log/usbguard
+%dir %attr(700,root,root) %{_localstatedir}/log/usbguard
 %dir %{_sysconfdir}/usbguard
 %dir %{_sysconfdir}/usbguard/rules.d/
 %dir %{_sysconfdir}/usbguard/IPCAccessControl.d
@@ -293,6 +295,10 @@ fi
 
 
 %changelog
+* Fri Nov 21 2025 Attila Lakatos <alakatos@redhat.com> - 1.1.4-2
+- Restore permission of the log directory
+  Resolves: RHEL-92260
+
 * Tue Nov 04 2025 Attila Lakatos <alakatos@redhat.com> - 1.1.4-1
 - Rebase to 1.1.4
 - selinux: comply with with the "Unify bin and sbin" change