From the report of systemd-analyze security, some libvirt services(v9.9.0-2-ge7facdca25) are scored as unsafe:

➜  ~ systemd-analyze security|grep virt
libvirtd.service                          9.6 UNSAFE    😨
virtinterfaced.service                    9.6 UNSAFE    😨
virtlockd.service                         9.6 UNSAFE    😨
virtlogd.service                          2.2 OK        🙂
virtnetworkd.service                      9.6 UNSAFE    😨
virtnodedevd.service                      9.6 UNSAFE    😨
virtnwfilterd.service                     9.6 UNSAFE    😨
virtqemud.service                         9.6 UNSAFE    😨
virtstoraged.service                      9.6 UNSAFE    😨

By some systemd service setting, we can harden the libvirt services and reduce the attack surfaces. Daniel has done it for virtlogd at https://gitlab.com/libvirt/libvirt/-/commit/e7facdca25ddcc0fdabc8d86fdc1f1da39285fdf 

This bug is to track the improvement for other libvirt services.