diff --git a/isos/appliance/permissions-setup b/isos/appliance/permissions-setup index 1c529c8644..b29456580f 100755 --- a/isos/appliance/permissions-setup +++ b/isos/appliance/permissions-setup @@ -2,4 +2,7 @@ # Allow access to VM uuid for self-reflection chmod 444 /sys/devices/virtual/dmi/id/product_serial -chmod 444 /sys/class/dmi/id/product_serial \ No newline at end of file +chmod 444 /sys/class/dmi/id/product_serial + +# Give port-layer capabilities to mount image disks and bind 53 port +setcap cap_net_bind_service,cap_sys_admin=+ep /sbin/port-layer-server diff --git a/lib/install/management/appliance.go b/lib/install/management/appliance.go index bec409b888..833d1766b9 100644 --- a/lib/install/management/appliance.go +++ b/lib/install/management/appliance.go @@ -673,6 +673,8 @@ func (d *Dispatcher) createAppliance(conf *config.VirtualContainerHostConfigSpec ) cfg := &executor.SessionConfig{ + User: "vicadmin", + Group: "vicadmin", Cmd: executor.Cmd{ Path: "/sbin/port-layer-server", Args: []string{