diff --git a/Dockerfile b/Dockerfile
index 6bcb1dd..50bc31c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -76,4 +76,10 @@ COPY augconf /augconf
 RUN augtool -f /augconf
 RUN cd /var && rm -rf run && ln -s ../run .
 
+# Setup permissions and capabilities for non-root VMIs. KubeVirt sets
+# XDG_* directories to /var/run.
+RUN setcap 'cap_net_bind_service,cap_sys_ptrace=+ep' /usr/bin/virt-launcher && \
+    chmod 0755 /etc/libvirt && \
+    chown qemu:qemu /var/run
+
 ENTRYPOINT [ "/usr/bin/virt-launcher" ]
diff --git a/virt-launcher-container.changes b/virt-launcher-container.changes
index a25a4c2..614e13b 100644
--- a/virt-launcher-container.changes
+++ b/virt-launcher-container.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed Apr 27 16:30:17 UTC 2022 - Vasily Ulyanov <vasily.ulyanov@suse.com>
+
+- Setup permissions and capabilities for non-root VMIs
+
 -------------------------------------------------------------------
 Fri Apr 15 10:50:30 UTC 2022 - Vasily Ulyanov <vasily.ulyanov@suse.com>