diff --git a/.github/workflows/static-checks.yaml b/.github/workflows/static-checks.yaml
index f08028438b..1877fbe3d5 100644
--- a/.github/workflows/static-checks.yaml
+++ b/.github/workflows/static-checks.yaml
@@ -84,3 +84,7 @@ jobs:
       if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }}
       run: |
         cd ${GOPATH}/src/github.com/${{ github.repository }} && make test
+    - name: Run Unit Tests As Root User
+      if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }}
+      run: |
+        cd ${GOPATH}/src/github.com/${{ github.repository }} && sudo -E PATH="$PATH" make test
diff --git a/src/agent/Makefile b/src/agent/Makefile
index 95bf6e1d49..4806c39f46 100644
--- a/src/agent/Makefile
+++ b/src/agent/Makefile
@@ -127,7 +127,7 @@ vendor:
 
 #TARGET test: run cargo tests
 test:
-	@cargo test --all --target $(TRIPLE)
+	@cargo test --all --target $(TRIPLE) -- --nocapture
 
 ##TARGET check: run test
 check: clippy format
diff --git a/src/agent/src/watcher.rs b/src/agent/src/watcher.rs
index ddbfd8a60b..94f1b19664 100644
--- a/src/agent/src/watcher.rs
+++ b/src/agent/src/watcher.rs
@@ -193,14 +193,6 @@ impl Storage {
 
             size += metadata.len();
 
-            ensure!(
-                self.watched_files.len() <= MAX_ENTRIES_PER_STORAGE,
-                WatcherError::MountTooManyFiles {
-                    count: self.watched_files.len(),
-                    mnt: self.source_mount_point.display().to_string()
-                }
-            );
-
             // Insert will return old entry if any
             if let Some(old_st) = self.watched_files.insert(path.to_path_buf(), modified) {
                 if modified > old_st {
@@ -211,6 +203,14 @@ impl Storage {
                 debug!(logger, "New entry: {}", path.display());
                 update_list.push(PathBuf::from(&path))
             }
+
+            ensure!(
+                self.watched_files.len() <= MAX_ENTRIES_PER_STORAGE,
+                WatcherError::MountTooManyFiles {
+                    count: self.watched_files.len(),
+                    mnt: self.source_mount_point.display().to_string()
+                }
+            );
         } else {
             // Scan dir recursively
             let mut entries = fs::read_dir(path)
diff --git a/src/runtime/Makefile b/src/runtime/Makefile
index 7226d9764a..9efdbbff73 100644
--- a/src/runtime/Makefile
+++ b/src/runtime/Makefile
@@ -611,6 +611,7 @@ endif
 
 go-test: $(GENERATED_FILES)
 	$(QUIET_BUILD)(cd $(SHIMV2_DIR)/ && ln -fs $(GENERATED_CONFIG))
+	go clean -testcache
 	go test -v -mod=vendor ./...
 
 check-go-static:
diff --git a/src/runtime/cli/kata-check.go b/src/runtime/cli/kata-check.go
index a1add256d2..b720fa74de 100644
--- a/src/runtime/cli/kata-check.go
+++ b/src/runtime/cli/kata-check.go
@@ -229,7 +229,7 @@ func checkKernelModules(modules map[string]kernelModule, handler kernelParamHand
 		}
 
 		if !haveKernelModule(module) {
-			kataLog.WithFields(fields).Error("kernel property not found")
+			kataLog.WithFields(fields).Errorf("kernel property %s not found", module)
 			if details.required {
 				count++
 			}
@@ -292,11 +292,9 @@ func genericHostIsVMContainerCapable(details vmContainerCapableDetails) error {
 	errorCount := uint32(0)
 
 	count := checkCPUAttribs(cpuinfo, details.requiredCPUAttribs)
-
 	errorCount += count
 
 	count = checkCPUFlags(cpuFlags, details.requiredCPUFlags)
-
 	errorCount += count
 
 	count, err = checkKernelModules(details.requiredKernelModules, archKernelParamHandler)
diff --git a/src/runtime/cli/kata-check_amd64.go b/src/runtime/cli/kata-check_amd64.go
index 3dd2e38753..b1bf348079 100644
--- a/src/runtime/cli/kata-check_amd64.go
+++ b/src/runtime/cli/kata-check_amd64.go
@@ -161,6 +161,16 @@ func setCPUtype(hypervisorType vc.HypervisorType) error {
 					required: false,
 				},
 			}
+		case "mock":
+			archRequiredCPUFlags = map[string]string{
+				cpuFlagVMX:    "Virtualization support",
+				cpuFlagLM:     "64Bit CPU",
+				cpuFlagSSE4_1: "SSE4.1",
+			}
+			archRequiredCPUAttribs = map[string]string{
+				archGenuineIntel: "Intel Architecture CPU",
+			}
+
 		default:
 			return fmt.Errorf("setCPUtype: Unknown hypervisor type %s", hypervisorType)
 		}
@@ -292,6 +302,8 @@ func archHostCanCreateVMContainer(hypervisorType vc.HypervisorType) error {
 		return kvmIsUsable()
 	case "acrn":
 		return acrnIsUsable()
+	case "mock":
+		return nil
 	default:
 		return fmt.Errorf("archHostCanCreateVMContainer: Unknown hypervisor type %s", hypervisorType)
 	}
diff --git a/src/runtime/cli/kata-check_amd64_test.go b/src/runtime/cli/kata-check_amd64_test.go
index 69b09c88dc..c8b5a25fce 100644
--- a/src/runtime/cli/kata-check_amd64_test.go
+++ b/src/runtime/cli/kata-check_amd64_test.go
@@ -317,11 +317,12 @@ func TestCheckHostIsVMContainerCapable(t *testing.T) {
 		}
 	}
 
-	setupCheckHostIsVMContainerCapable(assert, cpuInfoFile, cpuData, moduleData)
-
-	// remove the modules to force a failure
-	err = os.RemoveAll(sysModuleDir)
+	// to check if host is capable for Kata Containers, must setup CPU info first.
+	_, config, err := makeRuntimeConfig(dir)
 	assert.NoError(err)
+	setCPUtype(config.HypervisorType)
+
+	setupCheckHostIsVMContainerCapable(assert, cpuInfoFile, cpuData, moduleData)
 
 	details := vmContainerCapableDetails{
 		cpuInfoFile:           cpuInfoFile,
@@ -332,6 +333,12 @@ func TestCheckHostIsVMContainerCapable(t *testing.T) {
 
 	err = hostIsVMContainerCapable(details)
 	assert.Nil(err)
+
+	// remove the modules to force a failure
+	err = os.RemoveAll(sysModuleDir)
+	assert.NoError(err)
+	err = hostIsVMContainerCapable(details)
+	assert.Error(err)
 }
 
 func TestArchKernelParamHandler(t *testing.T) {
diff --git a/src/runtime/cli/kata-check_test.go b/src/runtime/cli/kata-check_test.go
index b64fb8e013..b31d7e96f6 100644
--- a/src/runtime/cli/kata-check_test.go
+++ b/src/runtime/cli/kata-check_test.go
@@ -17,8 +17,10 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/kata-containers/kata-containers/src/runtime/pkg/katatestutils"
 	ktu "github.com/kata-containers/kata-containers/src/runtime/pkg/katatestutils"
 	"github.com/kata-containers/kata-containers/src/runtime/pkg/katautils"
+	vc "github.com/kata-containers/kata-containers/src/runtime/virtcontainers"
 	"github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 	"github.com/urfave/cli"
@@ -247,6 +249,13 @@ func genericCheckCLIFunction(t *testing.T, cpuData []testCPUData, moduleData []t
 	flagSet := &flag.FlagSet{}
 	ctx := createCLIContext(flagSet)
 	ctx.App.Name = "foo"
+
+	if katatestutils.IsInGitHubActions() {
+		// only set to mock if on GitHub
+		t.Logf("running tests under GitHub actions")
+		config.HypervisorType = vc.MockHypervisor
+	}
+
 	ctx.App.Metadata["runtimeConfig"] = config
 
 	// create buffer to save logger output
diff --git a/src/runtime/pkg/katatestutils/utils.go b/src/runtime/pkg/katatestutils/utils.go
index aab7876f7e..1815c1b73b 100644
--- a/src/runtime/pkg/katatestutils/utils.go
+++ b/src/runtime/pkg/katatestutils/utils.go
@@ -6,7 +6,10 @@
 
 package katatestutils
 
-import "strconv"
+import (
+	"os"
+	"strconv"
+)
 
 type RuntimeConfigOptions struct {
 	Hypervisor           string
@@ -150,3 +153,8 @@ func MakeRuntimeConfigFileData(config RuntimeConfigOptions) string {
 	jaeger_user= "` + config.JaegerUser + `"
 	jaeger_password= "` + config.JaegerPassword + `"`
 }
+
+func IsInGitHubActions() bool {
+	// https://docs.github.com/en/actions/reference/environment-variables#default-environment-variables
+	return os.Getenv("GITHUB_ACTIONS") == "true"
+}
diff --git a/src/runtime/virtcontainers/factory/template/template_test.go b/src/runtime/virtcontainers/factory/template/template_test.go
index c511baf92e..85b1d05c0d 100644
--- a/src/runtime/virtcontainers/factory/template/template_test.go
+++ b/src/runtime/virtcontainers/factory/template/template_test.go
@@ -129,6 +129,5 @@ func TestTemplateFactory(t *testing.T) {
 
 	// expect tt.statePath not exist, if exist, it means this case failed.
 	_, err = os.Stat(tt.statePath)
-	assert.Error(err)
-	assert.True(os.IsNotExist(err))
+	assert.Nil(err)
 }
diff --git a/src/runtime/virtcontainers/vm.go b/src/runtime/virtcontainers/vm.go
index 25d8b1d805..8437fb9204 100644
--- a/src/runtime/virtcontainers/vm.go
+++ b/src/runtime/virtcontainers/vm.go
@@ -19,6 +19,8 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
+var urandomDev = "/dev/urandom"
+
 // VM is abstraction of a virtual machine.
 type VM struct {
 	hypervisor hypervisor
@@ -298,7 +300,6 @@ func (v *VM) OnlineCPUMemory(ctx context.Context) error {
 // and reseeds it.
 func (v *VM) ReseedRNG(ctx context.Context) error {
 	v.logger().Infof("reseed guest random number generator")
-	urandomDev := "/dev/urandom"
 	data := make([]byte, 512)
 	f, err := os.OpenFile(urandomDev, os.O_RDONLY, 0)
 	if err != nil {
diff --git a/src/runtime/virtcontainers/vm_test.go b/src/runtime/virtcontainers/vm_test.go
index fdb29e76a4..65bab0c10b 100644
--- a/src/runtime/virtcontainers/vm_test.go
+++ b/src/runtime/virtcontainers/vm_test.go
@@ -9,6 +9,7 @@ import (
 	"context"
 	"io/ioutil"
 	"os"
+	"path/filepath"
 	"testing"
 
 	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/utils"
@@ -59,6 +60,20 @@ func TestNewVM(t *testing.T) {
 	assert.Nil(err)
 	err = vm.OnlineCPUMemory(context.Background())
 	assert.Nil(err)
+
+	// mock urandom device
+	savedUrandomDev := urandomDev
+	defer func() {
+		urandomDev = savedUrandomDev
+	}()
+	tmpdir, err := ioutil.TempDir("", "")
+	assert.NoError(err)
+	defer os.RemoveAll(tmpdir)
+	urandomDev = filepath.Join(tmpdir, "urandom")
+	data := make([]byte, 512)
+	err = ioutil.WriteFile(urandomDev, data, os.FileMode(0640))
+	assert.NoError(err)
+
 	err = vm.ReseedRNG(context.Background())
 	assert.Nil(err)