Hi. I'm a developer with the security and privacy project; WhonixOS and
recently we've ported our VMs to make use of the unprivileged
qemu:///session mode to be compatible with our host OS that runs in a
strict user only mode for daily activities.
To my surprise, sVirt is not applied to VMs running in this mode. Inter
VM isolation is important for our security model where traffic from an
untrusted VM is forcefully tunneled to a trusted gateway VM running Tor
to anonymize traffic.
We don't want to be in a situation where we have to choose between
running in the relatively riskier qemu:///system mode to gain the
benefits of sVirt vs sacrificing sVirt inter VM isolation in order to be
more compatible with our stricter unprivileged user implementation
(which is just safer overall).
Please consider extending sVirt to be compatible with qemu session for
AppArmor and SELinux
