Comment 42 for bug 1628289

The problem in your case is that you're trying to get this to work with LXC rather than LXD.

LXD images ship with a /lib/modules directory, ship with fuse pre-installed, LXD sets up /dev/fuse by default for you and comes with apparmor namespacing support so the container can load apparmor profiles properly.

I'd very strongly recommend against anyone using the configuration above with LXC as the lxc.aa_profile=unconfined part, combined with retaining mac_admin and mac_override will cause snapd to overwrite apparmor profiles of the host.