diff --git a/620d9dd5-qemu-no-dac-override-nonroot.patch b/620d9dd5-qemu-no-dac-override-nonroot.patch
new file mode 100644
index 0000000..4f10d11
--- /dev/null
+++ b/620d9dd5-qemu-no-dac-override-nonroot.patch
@@ -0,0 +1,25 @@
+commit 620d9dd598fde388f56ac37bcd3b31168c2f9fc6
+Author: Peter Krempa <pkrempa@redhat.com>
+Date:   Mon Feb 4 16:24:15 2019 +0100
+
+    qemu: caps: Don't try to ask for CAP_DAC_OVERRIDE if non-root
+    
+    It will not work. This breaks qemu capabilities probing as a user.
+    
+    Signed-off-by: Peter Krempa <pkrempa@redhat.com>
+    Reviewed-by: Erik Skultety <eskultet@redhat.com>
+
+Index: libvirt-5.0.0/src/qemu/qemu_capabilities.c
+===================================================================
+--- libvirt-5.0.0.orig/src/qemu/qemu_capabilities.c
++++ libvirt-5.0.0/src/qemu/qemu_capabilities.c
+@@ -4529,7 +4529,8 @@ virQEMUCapsInitQMPCommandRun(virQEMUCaps
+ #if WITH_CAPNG
+     /* QEMU might run into permission issues, e.g. /dev/sev (0600), override
+      * them just for the purpose of probing */
+-    virCommandAllowCap(cmd->cmd, CAP_DAC_OVERRIDE);
++    if (geteuid() == 0)
++        virCommandAllowCap(cmd->cmd, CAP_DAC_OVERRIDE);
+ #endif
+ 
+     virCommandSetGID(cmd->cmd, cmd->runGid);
diff --git a/libvirt.changes b/libvirt.changes
index b2f66a3..9972b1c 100644
--- a/libvirt.changes
+++ b/libvirt.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Feb 19 23:36:28 UTC 2019 - James Fehlig <jfehlig@suse.com>
+
+- qemu: don't use CAP_DAC_OVERRIDE capability if non-root
+  620d9dd5-qemu-no-dac-override-nonroot.patch
+  boo#1125665
+
 -------------------------------------------------------------------
 Fri Feb  8 21:32:29 UTC 2019 - James Fehlig <jfehlig@suse.com>
 
diff --git a/libvirt.spec b/libvirt.spec
index 18675c2..35e798d 100644
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -340,6 +340,7 @@ Patch4:         a404ac34-qemu-cgroup-sev.patch
 Patch5:         6fd4c8f8-qemu-domain-sev.patch
 Patch6:         17f6a257-security-dac-sev.patch
 Patch7:         a2d3dea9-qemu-caps-dac-override-sev.patch
+Patch8:         620d9dd5-qemu-no-dac-override-nonroot.patch
 # Patches pending upstream review
 Patch100:       libxl-dom-reset.patch
 Patch101:       network-don-t-use-dhcp-authoritative-on-static-netwo.patch
@@ -881,6 +882,7 @@ libvirt plugin for NSS for translating domain names into IP addresses.
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
+%patch8 -p1
 %patch100 -p1
 %patch101 -p1
 %patch150 -p1