/proc is not usually shared between the host and the container, but I can see how that can happen if you run the mount with hidepid=2 on the host.
When it comes to processes, aa-status works by going through /proc and reading attr/apparmor/current. So if you remount /proc with hidepid=2, then the processes are hidden. https://docs.kernel.org/filesystems/proc.html#mount-options The main issue is that the processes shouldn't be hidden from root, and you are running aa-status with root. So I need to investigate a bit further. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2006528 Title: LXD processes are not enforced in Ubuntu 20.04 HWE kernel Status in apparmor package in Ubuntu: New Bug description: In Ubuntu 20.04 server with HWE kernel (5.15.0-58-generic) and LXD 5.0.2, container processes are not in enforced mode as identified by aa-status Below are the output of aa-status in this environment. https://pastebin.ubuntu.com/p/kT3bHSS6w7/ The problem does not occur in Ubuntu 18.04 (https://pastebin.ubuntu.com/p/j4WcqWZRjH/) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2006528/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
