libkrunfw icon indicating copy to clipboard operation
libkrunfw copied to clipboard
verified publisher icon containers

Enable nested KVM

Open emanueleaina opened this issue 2 years ago • 4 comments

We're interested into using podman/crun/krun to better isolate gitlab-runner jobs without having to spin a full cloud VM every time, but a good chunk of our jobs depends on nested virtualization to be available for debos/fakemachine.

Would it be possible to turn on CONFIG_KVM and the likes?

emanueleaina avatar Jun 04 '23 14:06 emanueleaina

TBH I have never tried nested virt on libkrun myself. Does it work just by enabling CONFIG_KVM on libkrunfw?

slp avatar Jun 05 '23 16:06 slp

I did a very quick test and by enabling CONFIG_KVM (and the intel/amd drivers) I was able to get a /dev/kvm in the container and things seemed to work to some extent. I was trying to use debos to build an image, which succeeded in launching deboostrap but then it got stuck and I have not investigated it any further.

emanueleaina avatar Jun 06 '23 08:06 emanueleaina

@em- that error with Debootstrap sounds like networking or something vaguely similar. In debos we assume a Debian kernel config so maybe there is something missing from krun config?

if you run debos --show-boot there may be something in the output which can help diagnose things.

obbardc avatar Jun 06 '23 12:06 obbardc

sidenote: it probably makes sense to have some kind of extended test suite in Debos which tests all of this functionality internally.

obbardc avatar Jun 06 '23 12:06 obbardc

ATM, libkrun (the VMM) doesn't support nested virt. Let's close this one for the time being.

slp avatar May 15 '24 07:05 slp