I've been finding that physics simulations that tax a GPU are very taxing on a virtual system in KVM when you don't have a GPU passthrough.

NVidia created their own Docker image that allows this seamlessly. I worry though that the Docker infrastructure is to be cavalier about the signing process for what gets to be part of an official image. For example Nvidia does not sign their docker images.

https://gitlab.com/nvidia/container-images/cuda/-/issues/108#note_502102151

Based on continuing to find security issues like this in the Docker images I've been looking at, I'm creating a "Docker Security Checking" program that automates many of the checks I do by hand now before trusting a docker image.