Skip to content

Add inception support: KVM-enabled kernel and /dev/kvm creation#20

Merged
ejc3 merged 1 commit intomainfrom
inception-kernel-test
Dec 28, 2025
Merged

Add inception support: KVM-enabled kernel and /dev/kvm creation#20
ejc3 merged 1 commit intomainfrom
inception-kernel-test

Conversation

@ejc3
Copy link
Copy Markdown
Owner

@ejc3 ejc3 commented Dec 26, 2025

Summary

Adds inception support for running fcvm inside fcvm (nested virtualization).

  • kernel/build.sh: Build script for custom kernel with CONFIG_KVM=y + CONFIG_FUSE_FS=y
  • kernel/inception.conf: Kernel config fragment for inception
  • fc-agent: Create /dev/kvm device at boot via mknod (10:232)
  • --kernel flag: Specify custom kernel path (e.g., for inception)
  • local_path in config: Alternative to URL for kernel in rootfs-config.toml
  • test_kvm.rs: Verify /dev/kvm works in VM and privileged container

Key Design

Content-addressed caching: The inception kernel name includes the SHA of build.sh + inception.conf, so changes automatically trigger rebuilds.

fc-agent creates /dev/kvm at boot. This is a no-op if the kernel doesn't have CONFIG_KVM (the mknod succeeds but device won't work). With inception kernel, mknod creates a functional device.

Test Plan

  • make test-root FILTER=kvm - passed
  • fc-agent created /dev/kvm (10:232)
  • /dev/kvm accessible from VM (test -r && test -w)
  • /dev/kvm accessible from privileged container

Usage

# Build inception kernel (first time only, ~5 min)
./kernel/build.sh

# Run VM with inception kernel
sudo fcvm podman run --name my-vm --network bridged \
    --kernel /mnt/fcvm-btrfs/kernels/vmlinux-6.12.10-*.bin \
    --privileged nginx:alpine

@ejc3 ejc3 force-pushed the inception-kernel-test branch 2 times, most recently from 87bf341 to 1898722 Compare December 26, 2025 11:41
@ejc3
Add btrfs fuse-pipe integration test
f487d13 
Tests that btrfs filesystems can be mounted into containers via
fuse-pipe and function correctly:

- Mount btrfs loopback into container via --volume
- Create/read files through fuse-pipe
- Verify copy_file_range creates btrfs reflinks (CoW)
- Test file permissions preserved through FUSE
- Test nested directory operations

The reflink verification uses filefrag on host to confirm files
share physical extents after copy, proving copy_file_range works
through fuse-pipe and creates true CoW clones on btrfs.

Tested: make test-root FILTER=btrfs (passed)
@ejc3 ejc3 force-pushed the inception-kernel-test branch from 1898722 to f487d13 Compare December 26, 2025 11:50
@ejc3 ejc3 merged commit b62868d into main Dec 28, 2025
0 of 4 checks passed
@ejc3 ejc3 deleted the inception-kernel-test branch December 28, 2025 03:46
@ejc3 ejc3 mentioned this pull request Feb 7, 2026
Merged
ejc3 added a commit that referenced this pull request Mar 2, 2026
@ejc3
Merge pull request #20 from ejc3/inception-kernel-test
9660bc0 
Add inception support: KVM-enabled kernel and /dev/kvm creation
ejc3 added a commit that referenced this pull request Mar 2, 2026
@ejc3
Merge pull request #20 from ejc3/inception-kernel-test
9d8a0d8 
Add inception support: KVM-enabled kernel and /dev/kvm creation
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ejc3