How to enable nested virtualization in KVM
Nested virtualization allows you to run a virtual machine (VM) inside another VM while still using hardware acceleration from the host.
Nested virt support
Check if your system supports it:
- For Intel processors, look into
/sys/module/kvm_intel/parameters/nested, for AMD processors into
/sys/module/kvm_amd/parameters/nested. You should receive
Y, if nested virt is supported,
Notherwise. AMD processors should have it enabled by default, (certain) Intel processors might not. Example:
$ cat /sys/module/kvm_intel/parameters/nested Y
- If your host system does not have nested virt enabled (most probably just Intel case), try to enable it by booting with
kvm-intel.nested=1argument on the kernel command line and check it again.
If your system still doesn't advertise support for nested virt, your hardware might be too old, or your distribution version outdated. Try booting latest Fedora.
Configuration in virt-manager
Configure your VM to use nested virt:
- Make sure your VM is shut down
- Open virt-manager, go to the VM details page for that VM.
- Click on the Processor page.
- In the Configuration section, there are two options - either type
host-passthroughinto to Model field or enable Copy host CPU configuration checkbox (that fills
host-modelvalue into the Model field). Click Apply.
- The difference between those two values is complicated, some details are in bug 1055002. For nested virt, you'll probably want to use host-passthrough until issues with host-model are worked out. Be aware though, that host-passthrough is not recommended for general usage, just for nested virt purposes.
Test nested virt
- Start the VM
- Inside the VM, run
sudo dnf group install virtualization
- Verify that the guest has virt correctly setup with:
sudo virt-host-validate. The check for hardware virtualization should pass:
$ sudo virt-host-validate QEMU: Checking for hardware virtualization : PASS QEMU: Checking for device /dev/kvm : PASS QEMU: Checking for device /dev/vhost-net : PASS QEMU: Checking for device /dev/net/tun : PASS LXC: Checking for Linux >= 2.6.26 : PASS