Allow creating untrusted VMs
Occasionally, I use virtual machines to try running software that I suspect to be potentially malicious. I do not expect any targetted attacks so VM should be isolation enough for my use case. Unfortunately, 3.33.3 removed the option to disable clipboard sharing, and while I agree that it makes sense in general, in untrusted scenarios, it can lead to information leaks.
I do not argue for that particular option to return since it is just a one of many things that can break the isolation. Instead, I would prefer a separate, hardened VM profile for running things with lower level of trust (file system sharing, clibpoard, etc. disabled). Allowing to configure each hardening option individually would just lead to partially insecure boxes.
We should still allow transferring data between host and untrusted guest, it would just have to be on demand and secured like this air-lock for passing material to moon rock cabinets.
Actually, air-gapped VMs were proposed in the MR that removed the clipboard option, so I am mainly opening this as a tracking issue.