$ lxc config set c1 raw.lxc "lxc.apparmor.profile=unconfined"
the deny event doesn’t show up, so it is something related to the apparmor profile. I’d expect that security.nesting should set up the apparmor profile so that these kinds of deny do not happen, do you have any advice on troubleshooting apparmor issues, in the context of LXD?
Jun 01 21:23:13 u1 networkd-dispatcher[121]: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: Failed to query AppArmor policy: Permission denied
So this looks like it’s the dbus-daemon integration with apparmor which isn’t working as it should. I tried even putting a blanket rule to allow all dbus access but it’s not working.
I suspect the best option here is to file a bug against apparmor upstream to have someone familiar with their dbus integration take a look at what’s going on here.
As an ugly workaround, I’ve confirmed that editing /usr/share/dbus-1/system.conf and adding:
<apparmor mode="disabled"/>
To the busconfig section, followed with a container reboot does in fact fix the issue.