[SOLVED] LXC can't start when SELinux is enabled

Hello,
I’ve been trying to enable SELinux inside a privileged container on Ubuntu 18.04.
Given that Ubuntu is shipped with apparmor by default, I had to disable it, and enable SELinux afterwards. This was completed, apparmor_status shows that it is disabled, while sestatus says that SELinux is enabled and in permissive mode.
I have downloaded one of the default fedora containers images LXC provides, and that worked while apparmor was running. After the switch, lxc-start failed with the following messages:

lxc-start: fedora2: lxccontainer.c: wait_on_daemonized_start: 842 Received container state “ABORTING” instead of “RUNNING”
lxc-start: fedora2: tools/lxc_start.c: main: 330 The container failed to start
lxc-start: fedora2: tools/lxc_start.c: main: 333 To get more details, run the container in foreground mode
lxc-start: fedora2: tools/lxc_start.c: main: 336 Additional information can be obtained by setting the --logfile and --logpriority options

dmesg gives the following messages:

[ 9093.877716] audit: type=1400 audit(1605796990.712:511): avc: denied { read } for pid=2719 comm=“modprobe” name=“blacklist-oss.conf” dev=“sda2” ino=4458163 scontext=system_u:system_r:kmod_t:s0 tcontext=system_u:object_r:modules_conf_t:s0 tclass=lnk_file permissive=1
[ 9095.556238] audit: type=1400 audit(1605796992.392:512): avc: denied { read write } for pid=2723 comm=“dmesg” path="/dev/pts/0" dev=“devpts” ino=3 scontext=system_u:system_r:dmesg_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file permissive=1
[ 9095.557365] audit: type=1400 audit(1605796992.392:513): avc: denied { ioctl } for pid=2723 comm=“dmesg” path="/dev/pts/0" dev=“devpts” ino=3 ioctlcmd=0x5401 scontext=system_u:system_r:dmesg_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file permissive=1
[ 9095.557597] audit: type=1400 audit(1605796992.392:514): avc: denied { getattr } for pid=2723 comm=“dmesg” path="/dev/pts/0" dev=“devpts” ino=3 scontext=system_u:system_r:dmesg_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file permissive=1

I would appreciate any help you could provide.

I have fixed the problem by re-compiling LXC after I installed and enabled SELinux. That fixed the problem