SRIOV VMs fail to start with "failed to set iommu for container: Operation not permitted"

Issue

• Having a problem staring VMs that use SR-IOV on a system after rebooting the hypervisor.

• The following error message is returned by nova boot:

| fault                               | {u'message': u'Exceeded maximum number of retries. Exceeded max scheduling attempts 3 for instance 6d16d843-185f-4a6a-969b-85cef0449d5d. Last exception: internal error: process exited while connecting to monitor: 2019-07-03T14:12:17.037386Z qemu-kvm: -device vfio-pci,ho', u'code': 500, u'details': u'  File "/usr/lib/python2.7/site-packages/nova/conductor/manager.py", line 587, in build_instances\n    filter_properties, instances[0].uuid)\n  File "/usr/lib/python2.7/site-packages/nova/scheduler/utils.py", line 551, in populate_retry\n    raise exception.MaxRetriesExceeded(reason=msg)\n', u'created': u'2019-07-03T14:12:53Z'} |
| flavor                              | m2.medium (2477555a-635e-4b71-8275-7a18153db232)               

• The following errors are shown in /var/log/messages:

Jul 03 14:10:17 overcloud-compute-0 kernel: vfio_iommu_type1_attach_group: No interrupt remapping support.  Use the module param "allow_unsafe_interrupts" to enable VFIO IOMMU support on this platform
Jul 03 14:10:17 overcloud-compute-0 dockerd-current[22603]: 2019-07-03 14:10:17.516+0000: 35385: error : qemuProcessReportLogError:1922 : internal error: qemu unexpectedly closed the monitor: 2019-07-03T14:10:17.504270Z qemu-kvm: -device vfio-pci,host=0b:11.2,id=hostdev0,bus=pci.0,addr=0x5: vfio error: 0000:0b:11.2: failed to setup container for group 42: failed to set iommu for container: Operation not permitted