This bug is missing log files that will aid in diagnosing the problem.
>From a terminal window please run:

apport-collect 1684481

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable
to run this command, please add a comment stating that fact and change
the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the
Ubuntu Kernel Team.

You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.

  KVM guest execution start apparmor blocks on /dev/ptmx now

Status in apparmor package in Ubuntu:
Status in linux package in Ubuntu:
Status in lxd package in Ubuntu:

Bug description:
  - Xenial host
  - lxd guests with Trusty, Xenial, ...
  - add a LXD profile to allow kvm [3] (inspired by stgraber)
  - spawn KVM guests in the LXD guests using the different distro release 
  - guests are based on the uvtool default template which has a serial console 

  - guest starting with serial device gets blocked by apparmor and killed on 
  - This affects at least ppc64el and x86 (s390x has no serial concept that 
would match)
  - This appeared in our usual checks on -proposed releases so maybe we 
can/should stop something?
    Last good was "Apr 5, 2017 10:40:50 AM" first bad one "Apr 8, 2017 5:11:22 

  We use this setup for a while and it was working without a change on our end.
  Also the fact that it still works in the Trusty LXD makes it somewhat 
  Therefore I'd assume an SRUed change in LXD/Kernel/Apparmor might be the 
reason and open this bug to get your opinion on it.

  You can look into [1] and search for uvt-kvm create in it.

  Deny in dmesg:
  [652759.606218] audit: type=1400 audit(1492671353.134:4520): 
apparmor="DENIED" operation="open" 
profile="libvirt-668e21f1-fa55-4a30-b325-0ed5cfd55e5b" name="/dev/pts/ptmx" 
pid=27162 comm="qemu-system-ppc" requested_mask="wr" denied_mask="wr" fsuid=0 

  2017-04-20T06:55:53.139450Z qemu-system-ppc64: -chardev pty,id=charserial0: 
Failed to create PTY: No such file or directory

  There was a similar issue on qmeu namespacing (which we don't use on any of 
these releases) [2].
  While we surely don't have the "same" issue the debugging on the namespacing 
might be worth as it could be related.

  Workaround for now:
  - drop serial section from guest xml


To manage notifications about this bug go to:

Mailing list:
Post to     :
Unsubscribe :
More help   :

Reply via email to