lost and found ( for me ? )

Ubuntu 16.04: run KVM(qemu-kvm) in LXD container

LXD host
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.2 LTS
Release:        16.04
Codename:       xenial

$ lxd --version
2.0.9

enable nested on LXD host.
$ cat /sys/module/kvm_intel/parameters/nested
Y

launch a container
$ lxc launch xenial xenial01

set “security.netsting true”, “security privileged” to the container.
add two unix-char devices to run KVM.
$ lxc config set xenial01 security.nesting true
$ lxc config set xenial01 security.privileged true

$ lxc config device add xenial01 kvm unix-char path=/dev/kvm
Device kvm added to xenial01

$ lxc config device add xenial01 tun unix-char path=/dev/net/tun
Device tun added to xenial01

access to the container and install uvtool to confirm I can run qemu-kvm in LXD container.
$ lxc exec xenial01 bash

root@xenial01:~# apt update
root@xenial01:~# apt install uvtool -y

root@xenial01:~# kvm-ok
INFO: /dev/kvm exists
KVM acceleration can be used

root@xenial01:~# uvt-simplestreams-libvirt sync release=xenial arch=amd64

Run a VM and access to the VM.
root@xenial01:~# uvt-kvm create test01 release=xenial
Warning: u'/root/.ssh/id_rsa.pub' not found; instance will be started with no ssh access by default.

root@xenial01:~# uvt-kvm list
test01
root@xenial01:~# uvt-kvm destroy test01
root@xenial01:~#

root@xenial01:~# ssh-keygen

root@xenial01:~# uvt-kvm create test01 release=xenial

root@xenial01:~# uvt-kvm list
test01

root@xenial01:~# uvt-kvm ip test01
192.168.122.227

root@xenial01:~# uvt-kvm ssh test01
uvt-kvm: error: ssh access with host key verification is not implemented. Use --insecure iff you trust your network path to the guest.

root@xenial01:~# uvt-kvm ssh test01 --insecure
ubuntu@test01:~$ exit

ubuntu@test01:~$ logout
Connection to 192.168.122.227 closed.
root@xenial01:~# virsh list
Id    Name                           State
----------------------------------------------------
2     test01                         running

You can define a profile to run KVM in LXD container as below.
$ lxc profile show default-kvm
config:
 security.nesting: "true"
 security.privileged: "true"
description: ""
devices:
 eth0:
   name: eth0
   nictype: bridged
   parent: lxdbr0
   type: nic
 kvm:
   path: /dev/kvm
   type: unix-char
 tun:
   path: /dev/net/tun
   type: unix-char
name: default-kvm

Run a container with that profile
$ lxc launch xenial -p default-kvm xenial01