Unprivileged users can’t create apparmor namespaces, so that appears to be the issue.
So lxc.apparmor.profile = generated won’t work.
lxc.apparmor.profile = lxc-container-default should work as should unconfined or unchanged.
1 Like