Right, the reason why we don’t build or try to enable VirGL is that from my understanding it only really works with SPICE when run on the same system that runs the VM. There’s never any such guarantee with LXD as everything, even local requests always go over our REST API.
Another issue with VirGL is the need for a full stack of DRI/DRM drivers be present and loadable by qemu. Not only does this potentially expand the attack surface of qemu quite significantly (because we’d need to allow for a lot of extra libs and files to be loaded and accessed) but it also is a massive pain to do from a snap or flatpak package where the application (LXD) is purposefully isolated from the host system.
So we’d either need to jump through a lot of hoops to get to load those libraries from the host system, at risk of massive crashes depending on versions and distributions used, or we’d need to bundle them all along with LXD which would be pretty painful for Intel/AMD and downright not possible for NVIDIA (due to licensing and libs having to line up with the driver).