Security – Is nested virtualization secure


Is it secure to enable KVM nested virtualization on our (physical) host in order to enable users to run own VMs inside their VPS? Or does it introduce some security issues to our primary host and nested virtualization should be used only for trusted VMs?

Best Answer

Virtualization always adds to security risk without something like shielded VMs. One of the immutable laws of security is " If a bad guy has unrestricted physical access to your computer, it's not your computer anymore" With respect to the VM layer if you have access to the host- you get access to the VM. Note that this applies to any cloud based service as well. If you have access to the management console- you effectively have access to the VM's running there and do as you please.