sVirt:
We don’t know if sVirt was ever functional even without any changes, with qemu:///system. [Help Welcome] KVM Development - staying the course - #593 by Patrick has never been addressed. Could you check please?
Related upstream documentation:
This strongly implies sVirt with qemu:///session is non-functional.
No upstream feature request could be found.
As for inter-VM security and host protection:
As per What is sVirt? | Richard WM Jones, it seems that,
- rootless libvirt KVM without sVirt (since unavailable) is less secure than,
- root libvirt KVM with sVirt.
As for host protection:
As per HowTo: Use the unprivileged "user session" in virt-manager for rootless virtualization with Qemu and KVM - #5 by boredsquirrel - Fedora Discussion
libvirt access equals root access.
Command sudo adduser user libvirt (add account user to group libvirt) breaks Kicksecure user-sysmaint-split security model.
storage pool:
<source pool="default" volume="Kicksecure.qcow2"/>
That’s a really good solution you’ve found there.