Nested Virtualization

Some CI workloads need nested virtualization in the runner guest to use hardware acceleration via /dev/kvm. The most common example is reactivecircus/android-emulator-runner for Android instrumentation tests, but some QEMU and libvirt workflows also need it.

Support matrix

If your workload needs KVM on a standard Linux x86-64 runner, reach out to [email protected] and we'll enable nested virtualization for your organization. Runners with snapshot enabled cannot have nested virtualization enabled today.

Android emulator workflows require a permissions step

Once /dev/kvm is available on the runner, the default device permissions (crw-rw---- root:kvm) still prevent the runner user from opening it so the following step is required before running reactivecircus/android-emulator-runner:

- name: Enable KVM group perms
  run: |
    echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' \
      | sudo tee /etc/udev/rules.d/99-kvm4all.rules
    sudo udevadm control --reload-rules
    sudo udevadm trigger --name-match=kvm

The step is not a WarpBuild-specific workaround and is required in all GitHub and GitHub-compatible runners.

See Android emulator action's README and GitHub's blog about hardware-accelerated Android virtualization.

Without this step, the Android emulator action's ProbeKVM check fails and it silently launches the emulator with -accel off, falling back to pure software emulation, which is substantially slower than hardware-accelerated execution. Symptoms in your workflow logs:

1. ProbeKVM: This user doesn't have permissions to use KVM (/dev/kvm).
2. Disabling Linux hardware acceleration.
3. The emulator command line includes -accel off.

After adding the step, those messages disappear and tests run with hardware acceleration.