First recreating the issue, setup as instructed in the SRU template leads me to
root@n:/tmp# virsh start sev error: Failed to start domain 'sev' error: internal error: process exited while connecting to monitor: 2025-12-03T10:20:21.043530Z qemu-system-x86_64: -accel kvm: sev_kvm_init: Failed to open /dev/sev 'Permission denied' 2025-12-03T10:20:21.059737Z qemu-system-x86_64: -accel kvm: failed to initialize kvm: Operation not permitted root@p:/tmp# virsh start sev error: Failed to start domain 'sev' error: internal error: process exited while connecting to monitor: 2025-12-03T10:20:25.887588Z qemu-system-x86_64: -accel kvm: sev_common_kvm_init: Failed to open /dev/sev 'Permission denied' 2025-12-03T10:20:25.904735Z qemu-system-x86_64: -accel kvm: failed to initialize kvm: Operation not permitted root@q:/tmp# virsh start sev error: Failed to start domain 'sev' error: internal error: process exited while connecting to monitor: 2025-12-03T10:20:28.184841Z qemu-system-x86_64: -accel kvm: sev_common_kvm_init: Failed to open /dev/sev 'Permission denied' 2025-12-03T10:20:28.195720Z qemu-system-x86_64: -accel kvm: failed to initialize kvm: Operation not permitted Along that I got denials like: [ 2818.003462] audit: type=1400 audit(1764757225.885:695): apparmor="DENIED" operation="open" class="file" namespace="root//lxd- p_<var-snap-lxd-common-lxd>" profile="libvirt-36a6c748-a66f-4496-b92c-0c951f20d5be" name="/dev/sev" pid=38113 comm="qemu-system-x86" requested_mask="wr" denied_mask="wr" fsuid=64055 ouid=64055 --- Upgrade to proposed worked without issues. Now at versions: 10.0.0-2ubuntu8.10 11.0.0-2ubuntu6.4 11.6.0-1ubuntu3.1 --- Runnign the same start of guests ... root@n:/tmp# virsh start sev Domain 'sev' started root@p:/tmp# virsh start sev Domain 'sev' started root@q:/tmp# virsh start sev Domain 'sev' started No related apparmor rejects anymore. ** Tags removed: verification-needed verification-needed-noble verification-needed-plucky verification-needed-questing ** Tags added: verification-done verification-done-noble verification-done-plucky verification-done-questing -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2127492 Title: permission denied for /dev/sev when run AMD-SEV ES VM To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/2127492/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
