I using following setup for profile on my Ubuntu machine and it works fine.
But, it failed loading profile on Ubuntu VM which I am guessing may have virtualization reasons for it. UFW is disabled/inactive for both machines.
*****************************************************
raw.lxc: |- lxc.apparmor.profile = unconfined
lxc.cgroup.devices.allow = a
lxc.mount.auto=proc:rw sys:rw cgroup:rw
lxc.cap.drop =
*****************************************************
After trial and error, I found that commenting “lxc.apparmor.profile = unconfined”, fixes the issue on Ubuntu VM.
But I am not sure what the future consequences might be of disabling that option. Thoughts?
Forgot to mention I am using LXC/LXD 2.21 … upgraded it using artful backports. Is there any other process I have to go through after upgrade. I recall apparmor worked earlier (v2.19).
If you use one of the official Ubuntu Linux kernels, then AppArmor should work fine for LXD and you would not need to set lxd.aa_profile. Do you compile your own kernel?