in web001
you should be able to get things working with:
mount -t tmpfs tmpfs /sys/kernel/security/
systemctl restart snapd
snap install lxd
lxc profile set default security.privileged true
lxc profile set default raw.lxc lxc.apparmor.profile=unchanged
That last one is needed as LXC also cannot access the profiles after everything got masked under /sys/kernel/security, so telling it to not change anything will have it behave as wanted.