** Also affects: lxd (Ubuntu)
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
KVM guest execution start apparmor blocks on /dev/ptmx now
Status in apparmor package in Ubuntu:
Status in linux package in Ubuntu:
Status in lxd package in Ubuntu:
- Xenial host
- lxd guests with Trusty, Xenial, ...
- add a LXD profile to allow kvm  (inspired by stgraber)
- spawn KVM guests in the LXD guests using the different distro release
- guests are based on the uvtool default template which has a serial console
- guest starting with serial device gets blocked by apparmor and killed on
- This affects at least ppc64el and x86 (s390x has no serial concept that
- This appeared in our usual checks on -proposed releases so maybe we
can/should stop something?
Last good was "Apr 5, 2017 10:40:50 AM" first bad one "Apr 8, 2017 5:11:22
We use this setup for a while and it was working without a change on our end.
Also the fact that it still works in the Trusty LXD makes it somewhat
Therefore I'd assume an SRUed change in LXD/Kernel/Apparmor might be the
reason and open this bug to get your opinion on it.
You can look into  and search for uvt-kvm create in it.
Deny in dmesg:
[652759.606218] audit: type=1400 audit(1492671353.134:4520):
pid=27162 comm="qemu-system-ppc" requested_mask="wr" denied_mask="wr" fsuid=0
2017-04-20T06:55:53.139450Z qemu-system-ppc64: -chardev pty,id=charserial0:
Failed to create PTY: No such file or directory
There was a similar issue on qmeu namespacing (which we don't use on any of
these releases) .
While we surely don't have the "same" issue the debugging on the namespacing
might be worth as it could be related.
Workaround for now:
- drop serial section from guest xml
To manage notifications about this bug go to:
Mailing list: https://launchpad.net/~kernel-packages
Post to : email@example.com
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp