VM per Package per User (compartmentalization)

Instead of having software per user isolation (used in android), it will be each VM will run at the user level, and every VM will have its own dedicated user ID (and inside the VM where the app is installed). This isolation ensures that if a VM is compromised, it won’t lead to the compromise of all user packages or affect other VMs.

Sorta related:

https://computingforgeeks.com/use-virt-manager-as-non-root-user/