pelican-dev · NaysKutzu · Nov 21, 2025 · Nov 21, 2025 · Nov 21, 2025 · Nov 21, 2025
@@ -555,6 +555,17 @@ func FromFile(path string) error {
 		return err
 	}
 
+	// Check if enable_native_kvm was explicitly set in the YAML
+	var rawConfig map[string]interface{}
+	explicitlySet := false
+	if err := yaml.Unmarshal(b, &rawConfig); err == nil {
+		if dockerConfig, ok := rawConfig["docker"].(map[interface{}]interface{}); ok {
+			if _, exists := dockerConfig["enable_native_kvm"]; exists {
+				explicitlySet = true
+			}
+		}
+	}
+
 	if err := yaml.Unmarshal(b, c); err != nil {
 		return err
 	}
@@ -579,6 +590,12 @@ func FromFile(path string) error {
 		return err
 	}
 
+	// Set default for EnableNativeKVM based on KVM availability if not explicitly set.
+	// Default is true if KVM is available on the host, otherwise false.
+	if !explicitlySet {
+		c.Docker.EnableNativeKVM = IsKVMAvailable()
+	}
+
 	// Store this configuration in the global state.
 	Set(c)
 	return nil
@@ -788,6 +805,21 @@ func UseOpenat2() bool {
 	}
 }
 
+// IsKVMAvailable checks if KVM is available on the host system by checking
+// if /dev/kvm exists and is accessible.
+func IsKVMAvailable() bool {
+	if _, err := os.Stat("/dev/kvm"); err != nil {
+		return false
+	}
+	// Try to open the device to verify it's actually accessible
+	file, err := os.Open("/dev/kvm")
+	if err != nil {
+		return false
+	}
+	file.Close()
+	return true
+}
+
 // Expand expands an input string by calling [os.ExpandEnv] to expand all
 // environment variables, then checks if the value is prefixed with `file://`
 // to support reading the value from a file.

@@ -96,6 +96,11 @@ type DockerConfiguration struct {
 		Type   string            `default:"local" json:"type" yaml:"type"`
 		Config map[string]string `default:"{\"max-size\":\"5m\",\"max-file\":\"1\",\"compress\":\"false\",\"mode\":\"non-blocking\"}" json:"config" yaml:"config"`
 	} `json:"log_config" yaml:"log_config"`
+
+	// EnableNativeKVM enables native KVM support for containers. This allows containers
+	// to access /dev/kvm for hardware-accelerated virtualization. The default value is
+	// automatically set to true if KVM is available on the host system, otherwise false.
+	EnableNativeKVM bool `json:"enable_native_kvm" yaml:"enable_native_kvm"`
 }
 
 func (c DockerConfiguration) ContainerLogConfig() container.LogConfig {

@@ -133,6 +133,17 @@ func (l Limits) AsContainerResources() container.Resources {
 		resources.CpusetCpus = l.Threads
 	}
 
+	// Add KVM device mapping if native KVM support is enabled
+	if config.Get().Docker.EnableNativeKVM {
+		resources.Devices = []container.DeviceMapping{
+			{
+				PathOnHost:        "/dev/kvm",
+				PathInContainer:   "/dev/kvm",
+				CgroupPermissions: "rwm",
+			},
+		}
+	}
+
 	return resources
 }