Any simple idea is welcomed. I decide to use AppArmor to do such task at the host, by generating a profile of VirtualBox that every mount points are allowed to be read only. Except the VM folders, so after such settings all the data on the host modified by VM can be recorded? What things should be ignored by AppArmor?