LXD processes are not enforced in Ubuntu 20.04 HWE kernel

Hello,

I wasn't able to reproduce the error
https://pastebin.canonical.com/p/VDkkkCx2HF/

Does the issue persist if you restart the container? Also, can you please check if restarting the apparmor service fixes it?

I tried restart snapd.apparmor.service and apparmor.service but it does not help.
https://pastebin.ubuntu.com/p/YbgG6PTBdg/

I remembered when I created the container, the aa-status does show that lxd processes are in enforced mode. May be the issue only manifests after I rebooted the physical machine.

Actually, I noticed the process disappeared from aa-status when I was trying to debug the mount with hidepid=2 inside the container.

The steps I was performing at the time were

# lxc exec finer-burro -- mount -v | grep '^proc'
# lxc exec finer-burro -- mount -o remount,rw,hidepid=2 /proc

/proc is not usually shared between the host and the container, but I can see how that can happen if you run the mount with hidepid=2 on the host.

When it comes to processes, aa-status works by going through /proc and reading attr/apparmor/current. So if you remount /proc with hidepid=2, then the processes are hidden.
https://docs.kernel.org/filesystems/proc.html#mount-options

The main issue is that the processes shouldn't be hidden from root, and you are running aa-status with root. So I need to investigate a bit further.