libvirt should not run VMs as root
The current configuration of libvirt causes the qemu vm process to run as root. For more security, this should be changed. This is a compile time setting for libvirt, so the
APKBUILD file needs to have configure options added:
--with-qemu-group=kvm \ --with-qemu-user=nobody
For reference, libvirt configures this in a macro. Not sure if it's worth submitting a PR to add Alpine to this case statement.
Note that this does mean that non-root users running VMs in
qemu:///system) will need to have any VM images owned by
qemu but I think that's an edge case for most Alpine use cases.