LXD rsyslog and aa-logprof

Hi all!
My LXD setup is as follows:
Debian 11 (bullseye) on the host and the containers are all (3) debian bullseye as well.
Everything works fine except apparmor.
Generally it seems to work fine but I can not get aa-logprof to work.
If I run aa-logprof it does not complain but it never finds anything that needs updating.
I installed rsyslog on the containers as aa-logprof reads from syslog.
The problem is that I get errors in rsyslog:

imklog: cannot open kernel log (/proc/kmsg): Permission denied.
activation of module imklog failed [v8.2102.0 try https://www.rsyslog.com/e/2145 ]

How do I solve this?
I assume that rsyslog need this access so aa-logprof can update from rsyslog.

Many thanks in advance!
Marcus

This is most likely because your container doesn’t have access to the kernel log.
Try running dmesg in the container, if that fails, then it’s because your host system has dmesg_restrict set, preventing unprivileged users and containers from accessing the log.

You could set that sysctl on your host to 0 which would then allow everyone access to the kernel log and allow that particular tool to function again.

I changed dmesg_restrict = 0 on the host and I got dmesg running.
I still have the problem with rsyslog that it can not open the kernel log (Permission denied).
Maybe I got it all wrong …
Isn’t the idea to run apparmor in the container and just run it on the host?
My containers are unprivileged and then they should not be able to access the kernel log, right?
And in that case you break the idea of unprivileged containers?

Hi,
I have been trying different things on and off but I do not seem to get aa-logprof
working inside a container.
Apparmor itself seems to work the way it should but I can not get aa-logprof to work.
I can see the audit messages inside the containers with dmesg,
but nothing shows up in /var/log/syslog,
and I get the error imklog: cannot open kernel log (/proc/kmsg): Permission denied
in rsyslog.
As said I am using debian bullseye both on host and in conatiners.

Any suggestions?