AppArmor is used and aa-status on the LXC host gives the following output: apparmor module is loaded.
23 profiles are loaded. 21 profiles are in enforce mode. /usr/bin/evince /usr/bin/evince-previewer /usr/bin/evince-previewer//sanitized_helper /usr/bin/evince-thumbnailer /usr/bin/evince//sanitized_helper /usr/bin/lxc-start /usr/bin/man /usr/sbin/haveged /usr/sbin/ntpd /usr/sbin/tcpdump libreoffice-senddoc libreoffice-soffice//gpg libreoffice-xpdfimport lxc-container-default lxc-container-default-cgns lxc-container-default-with-mounting lxc-container-default-with-nesting man_filter man_groff nvidia_modprobe nvidia_modprobe//kmod 2 profiles are in complain mode. libreoffice-oopslash libreoffice-soffice 72 processes have profiles defined. 72 processes are in enforce mode. /usr/sbin/haveged (667) /usr/sbin/ntpd (1237) /usr/lib/postfix/sbin/pickup (737) lxc-container-default-cgns /lib/systemd/systemd (1328) lxc-container-default-cgns /lib/systemd/systemd-journald (1506) lxc-container-default-cgns /usr/sbin/rsyslogd (1520) lxc-container-default-cgns /usr/sbin/cron (1524) lxc-container-default-cgns /sbin/agetty (1530) lxc-container-default-cgns /sbin/agetty (1531) lxc-container-default-cgns /sbin/agetty (1532) lxc-container-default-cgns /sbin/agetty (1533) lxc-container-default-cgns /sbin/agetty (1534) lxc-container-default-cgns /usr/sbin/sshd (1589) lxc-container-default-cgns /usr/sbin/zabbix_agentd (1591) lxc-container-default-cgns /usr/sbin/zabbix_agentd (1592) lxc-container-default-cgns /usr/sbin/zabbix_agentd (1593) lxc-container-default-cgns /usr/sbin/zabbix_agentd (1594) lxc-container-default-cgns /usr/sbin/zabbix_agentd (1597) lxc-container-default-cgns /usr/lib/postfix/sbin/master (1699) lxc-container-default-cgns /usr/lib/postfix/sbin/qmgr (1701) lxc-container-default-cgns /usr/lib/postfix/sbin/pickup (2011) lxc-container-default-cgns /usr/lib/postfix/sbin/pickup (3197) lxc-container-default-cgns /usr/sbin/sshd (4031) lxc-container-default-cgns /usr/lib/postfix/sbin/showq (4335) lxc-container-default-cgns /usr/lib/systemd/systemd (12086) lxc-container-default-cgns /usr/lib/systemd/systemd-journald (12147) lxc-container-default-cgns /usr/lib/systemd/systemd-logind (12164) lxc-container-default-cgns /usr/bin/dbus-daemon (12165) lxc-container-default-cgns /usr/sbin/cron (12167) lxc-container-default-cgns /usr/bin/python3.7 (12217) lxc-container-default-cgns /usr/sbin/sshd (12221) lxc-container-default-cgns /usr/sbin/agetty (12222) lxc-container-default-cgns /usr/sbin/zabbix_agentd (12224) lxc-container-default-cgns /usr/sbin/zabbix_agentd (12225) lxc-container-default-cgns /usr/sbin/zabbix_agentd (12226) lxc-container-default-cgns /usr/sbin/zabbix_agentd (12227) lxc-container-default-cgns /usr/sbin/zabbix_agentd (12228) lxc-container-default-cgns /usr/sbin/nginx (12301) lxc-container-default-cgns /usr/sbin/nginx (12302) lxc-container-default-cgns /usr/sbin/nginx (12303) lxc-container-default-cgns /usr/sbin/nginx (12304) lxc-container-default-cgns /usr/sbin/nginx (12305) lxc-container-default-cgns /usr/sbin/nginx (12306) lxc-container-default-cgns /usr/sbin/nginx (12307) lxc-container-default-cgns /usr/lib/postfix/sbin/master (12394) lxc-container-default-cgns /usr/lib/postfix/sbin/qmgr (12396) lxc-container-default-cgns /usr/lib/systemd/systemd (19129) lxc-container-default-cgns /usr/lib/systemd/systemd-journald (19183) lxc-container-default-cgns /usr/sbin/cron (19200) lxc-container-default-cgns /usr/sbin/rsyslogd (19201) lxc-container-default-cgns /usr/lib/systemd/systemd-logind (19202) lxc-container-default-cgns /usr/bin/dbus-daemon (19203) lxc-container-default-cgns /usr/bin/python3.7 (19248) lxc-container-default-cgns /usr/sbin/agetty (19253) lxc-container-default-cgns /usr/lib/postfix/sbin/master (19419) lxc-container-default-cgns /usr/lib/postfix/sbin/qmgr (19421) lxc-container-default-cgns /usr/sbin/sshd (22042) lxc-container-default-cgns /usr/sbin/sshd (22058) lxc-container-default-cgns /usr/bin/bash (22059) lxc-container-default-cgns /usr/bin/sudo (22064) lxc-container-default-cgns /usr/bin/bash (22080) lxc-container-default-cgns /usr/sbin/rsyslogd (24175) lxc-container-default-cgns /usr/sbin/sshd (30360) lxc-container-default-cgns /usr/sbin/sshd (30392) lxc-container-default-cgns /bin/dash (30410) lxc-container-default-cgns /bin/dash (30411) lxc-container-default-cgns /bin/cat (30417) lxc-container-default-cgns /usr/sbin/zabbix_agentd (32498) lxc-container-default-cgns /usr/sbin/zabbix_agentd (32499) lxc-container-default-cgns /usr/sbin/zabbix_agentd (32500) lxc-container-default-cgns /usr/sbin/zabbix_agentd (32501) lxc-container-default-cgns /usr/sbin/zabbix_agentd (32502) lxc-container-default-cgns 0 processes are in complain mode. 0 processes are unconfined but have a profile defined. LXC guests use the default AppArmor configuration as defined in /usr/share/lxc/config/debian.common.conf. > Are you using apparmor, respectively is apparmor active (aa-status)? > > As I am not using lxc, can you please provide steps to reproduce the problem.
