Desired outcome: VMs created within WMCS should be able to run the KVM hypervisor.
For some use cases we need the features of containers (rapid creation/destruction and isolation) but without the restrictions that are normally applied to containers (e.g., certain system calls are disabled, etc). For example, in T250808, there is a need to run dockerd and docker commands within a container, but dockerd requires privileges beyond those normally allowed in containers.
Likewise for T266081. The usual workarounds are to either run the container in privileged mode, or to expose the docker socket to the container. Both of those choices effectively give root access to the container which is unacceptable. For T259586 we need to be able to run qemu-system with KVM acceleration for acceptable performance.