This bug is missing log files that will aid in diagnosing the problem.
>From a terminal window please run:
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable
to run this command, please add a comment stating that fact and change
the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the
Ubuntu Kernel Team.
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
KVM guest execution start apparmor blocks on /dev/ptmx now
Status in apparmor package in Ubuntu:
Status in linux package in Ubuntu:
Status in lxd package in Ubuntu:
- Xenial host
- lxd guests with Trusty, Xenial, ...
- add a LXD profile to allow kvm  (inspired by stgraber)
- spawn KVM guests in the LXD guests using the different distro release
- guests are based on the uvtool default template which has a serial console
- guest starting with serial device gets blocked by apparmor and killed on
- This affects at least ppc64el and x86 (s390x has no serial concept that
- This appeared in our usual checks on -proposed releases so maybe we
can/should stop something?
Last good was "Apr 5, 2017 10:40:50 AM" first bad one "Apr 8, 2017 5:11:22
We use this setup for a while and it was working without a change on our end.
Also the fact that it still works in the Trusty LXD makes it somewhat
Therefore I'd assume an SRUed change in LXD/Kernel/Apparmor might be the
reason and open this bug to get your opinion on it.
You can look into  and search for uvt-kvm create in it.
Deny in dmesg:
[652759.606218] audit: type=1400 audit(1492671353.134:4520):
pid=27162 comm="qemu-system-ppc" requested_mask="wr" denied_mask="wr" fsuid=0
2017-04-20T06:55:53.139450Z qemu-system-ppc64: -chardev pty,id=charserial0:
Failed to create PTY: No such file or directory
There was a similar issue on qmeu namespacing (which we don't use on any of
these releases) .
While we surely don't have the "same" issue the debugging on the namespacing
might be worth as it could be related.
Workaround for now:
- drop serial section from guest xml
To manage notifications about this bug go to:
Mailing list: https://launchpad.net/~kernel-packages
Post to : email@example.com
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp