diff --git a/libvirt.spec.in b/libvirt.spec.in
index 3bfd932..81ac2d9 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -135,7 +135,7 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
 rm -f $RPM_BUILD_ROOT%{_libdir}/*.a
 rm -f $RPM_BUILD_ROOT%{_libdir}/python*/site-packages/*.la
 rm -f $RPM_BUILD_ROOT%{_libdir}/python*/site-packages/*.a
-install -d -m 0755 $RPM_BUILD_ROOT%{_localstatedir}/run/libvirt/
+install -d -m 0750 $RPM_BUILD_ROOT%{_localstatedir}/run/libvirt/
 
 # We don't want to install /etc/libvirt/qemu/networks in the main %files list
 # because if the admin wants to delete the default network completely, we don't
diff --git a/qemud/qemud.c b/qemud/qemud.c
index 23af042..a7b27ee 100644
--- a/qemud/qemud.c
+++ b/qemud/qemud.c
@@ -2156,6 +2156,18 @@ int main(int argc, char **argv) {
     if (remoteReadConfigFile (server, remote_config_file) < 0)
         goto error1;
 
+    /* Change the group ownership of /var/run/libvirt to unix_sock_gid */
+    if (getuid() != 0) {
+        qemudLog (QEMUD_WARN,
+                  "%s", _("Cannot set group ownership when not running as root"));
+    } else {
+        const char *sockdirname = LOCAL_STATE_DIR "/run/libvirt";
+
+        if (chown(sockdirname, -1, unix_sock_gid) < 0)
+            qemudLog(QEMUD_ERR, "%s %s",
+                    _("Failed to change group ownership of "), sockdirname);
+    }
+
     if (godaemon) {
         openlog("libvirtd", 0, 0);
         if (qemudGoDaemon() < 0) {