This is discussed extensively in /usr/share/doc/libvirt-bin/changelog.Debian.gz, but the bottom line is that in Ubuntu libvirt-managed qemu/kvm VMs are confined by a very restrictive AppArmor profile by default. This offers significantly greater protection than running these VMs as an unconfined non-root user. For users who desire the non-root functionality, libvirt in Ubuntu is compiled with the necessary options and users need only adjust the 'user' and 'group' options in /etc/libvirt/qemu.conf.
Of course, AppArmor confinement and running as non-root are not mutually exclusive, however it was deemed that the risk of regression with transitioning to the non-root setup for our upcoming LTS release was too great when compared to the small improvement in security when considering the default AppArmor confinement. This will likely be revisited in a future release of Ubuntu.
This is discussed extensively in /usr/share/ doc/libvirt- bin/changelog. Debian. gz, but the bottom line is that in Ubuntu libvirt-managed qemu/kvm VMs are confined by a very restrictive AppArmor profile by default. This offers significantly greater protection than running these VMs as an unconfined non-root user. For users who desire the non-root functionality, libvirt in Ubuntu is compiled with the necessary options and users need only adjust the 'user' and 'group' options in /etc/libvirt/ qemu.conf.
Of course, AppArmor confinement and running as non-root are not mutually exclusive, however it was deemed that the risk of regression with transitioning to the non-root setup for our upcoming LTS release was too great when compared to the small improvement in security when considering the default AppArmor confinement. This will likely be revisited in a future release of Ubuntu.