Comment 11 for bug 1802906

To hit this with virsh you'd see in an unprivileged contianer after install that it failed to start

$ apt install uvtool-libvirt
$ virsh net-list --all
 Name State Autostart Persistent
----------------------------------------------------------
 default inactive yes yes

If you try to do so you'll see your error:
$ virsh net-start default
error: Failed to start network default
error: Unable to set bridge virbr0 forward_delay: Permission denied

Right after the upgrade to the new version (or if you would have installed the new version to begin with) the fix works:

$ virsh net-list --all
 Name State Autostart Persistent
----------------------------------------------------------
 default active yes yes

If one wants he can now stop/start networks in unprivileged guest
root@b:~# virsh net-destroy default
Network default destroyed
root@b:~# virsh net-start default
Network default started

Of course without some privileges you will not be able to run full-virt KVM.
But qemu emulation based VMs work fine.

# Get an ISO
$ wget http://releases.ubuntu.com/18.04.1/ubuntu-18.04.1-live-server-amd64.iso
# Use virt manager to start a guest with that ISO
# It will auto-select Qemu-TCG mode as it can't run KVM without some privileges on the container

=> Works fine with the PPA.

I still think while nice this isn't an SRU case IMHO.
People that really need to run KVM in containers back in existing releases can just tweak the container privileges a bit - and they most likely want to to get full virtualization instead of "just" TCG-emulation.

But for upcoming releases this surely is a nice little feature to grow.