old kernel vs. new kernel vs. new kernel in a VM

[tobwen]

Background

I've rented a KVM-based VPS with 12 dedicated cores (AMD EPYC), which have nested virtualization activated. That means, I can run VMs with KVM and other hypervisors at a high performance. The annoying problem: The hoster uses Kernel 5.4 (LTS). With Kernel 5.8, bugs for EPYC and KVM got fixed. But this introduced an impatibility. Whenever I run a Kernel >= 5.8 on my VPS, all VMs freeze (even kata).

Possibilities over opportunities

So which possibilies do I have?

1. Stay on Kernel 5.4 (the Ubuntu Kernel 5.4 is in support for years)
2. Upgrade to a newer kernel and give up VMs
3. Stay on Kernel 5.4, run a VM with a newer kernel and run podman in here.

Questions

Is running containers using podman secure even on the old Kernel 5.4? I'm aware that containers on an unprivileged user have a problem here (overlayfs). But are there any security-related things that were introduced with new Kernels? That would be a "pro" for solutions/possibility 2 or 3.

[rhatdan]

Podman should be fine on the older kernel. There are newer features we take advantage of when they come along like rootless overlay, but you should be fine on the older kernel.
I would recommend you use cgroup V2 if you can though.

[tobwen]

Thanks for your response. cgroup v2 became official in Linux kernel 4.5, so it should work.