Is it secure to enable KVM nested virtualization on our (physical) host in order to enable users to run own VMs inside their VPS? Or does it introduce some security issues to our primary host and nested virtualization should be used only for trusted VMs?
Security – Is nested virtualization secure
kvm-virtualizationSecurityvirtual-machinesvirtualizationvps
Best Answer
Virtualization always adds to security risk without something like shielded VMs. One of the immutable laws of security is " If a bad guy has unrestricted physical access to your computer, it's not your computer anymore" With respect to the VM layer if you have access to the host- you get access to the VM. Note that this applies to any cloud based service as well. If you have access to the management console- you effectively have access to the VM's running there and do as you please.