root@xxxxxxxxx:~# apparmor_parser -vd /etc/apparmor.d/lxc-containers
----- Debugging built structures -----
Name:		lxc-container-default
Profile Mode:	Enforce
Capabilities: chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_overridesyslog
Quiet Caps: chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_overridesyslog
Network: <all>
--- Entries ---
Mode:	rwalkmx:rwalkmx	Name:	(/{**,})
	link:	(/**)
Mode:	rwalkx:rwalkx	Name:	(/proc//kmem)
	link:	(/**)
Mode:	rwalkx:rwalkx	Name:	(/proc//mem)
	link:	(/**)
Mode:	walkx:walkx	Name:	(/proc//sys/fs/**)
	link:	(/**)
Mode:	walkx:walkx	Name:	(/proc//sys/kernel/*/**)
	link:	(/**)
Mode:	walkx:walkx	Name:	(/proc//sys/kernel/[^s][^h][^m]*)
	link:	(/**)
Mode:	rwalkx:rwalkx	Name:	(/proc//sysrq-trigger)
	link:	(/**)
Mode:	walkx:walkx	Name:	(/sys/[^f]*/**)
	link:	(/**)
Mode:	walkx:walkx	Name:	(/sys/f[^s]*/**)
	link:	(/**)
Mode:	rwalkx:rwalkx	Name:	(/sys/firmware/efi/efivars/**)
	link:	(/**)
Mode:	walkx:walkx	Name:	(/sys/fs/[^c]*/**)
	link:	(/**)
Mode:	walkx:walkx	Name:	(/sys/fs/c[^g]*/**)
	link:	(/**)
Mode:	walkx:walkx	Name:	(/sys/fs/cg[^r]*/**)
	link:	(/**)
Mode:	rwalkx:rwalkx	Name:	(/sys/kernel/security/**)
	link:	(/**)

Name:		lxc-container-default-with-mounting
Profile Mode:	Enforce
Capabilities: chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_overridesyslog
Quiet Caps: chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_overridesyslog
Network: <all>
--- Entries ---
Mode:	rwalkmx:rwalkmx	Name:	(/{**,})
	link:	(/**)
Mode:	rwalkx:rwalkx	Name:	(/proc//kmem)
	link:	(/**)
Mode:	rwalkx:rwalkx	Name:	(/proc//mem)
	link:	(/**)
Mode:	walkx:walkx	Name:	(/proc//sys/fs/**)
	link:	(/**)
Mode:	walkx:walkx	Name:	(/proc//sys/kernel/*/**)
	link:	(/**)
Mode:	walkx:walkx	Name:	(/proc//sys/kernel/[^s][^h][^m]*)
	link:	(/**)
Mode:	rwalkx:rwalkx	Name:	(/proc//sysrq-trigger)
	link:	(/**)
Mode:	walkx:walkx	Name:	(/sys/[^f]*/**)
	link:	(/**)
Mode:	walkx:walkx	Name:	(/sys/f[^s]*/**)
	link:	(/**)
Mode:	rwalkx:rwalkx	Name:	(/sys/firmware/efi/efivars/**)
	link:	(/**)
Mode:	walkx:walkx	Name:	(/sys/fs/[^c]*/**)
	link:	(/**)
Mode:	walkx:walkx	Name:	(/sys/fs/c[^g]*/**)
	link:	(/**)
Mode:	walkx:walkx	Name:	(/sys/fs/cg[^r]*/**)
	link:	(/**)
Mode:	rwalkx:rwalkx	Name:	(/sys/kernel/security/**)
	link:	(/**)

Name:		lxc-container-default-with-nesting
Profile Mode:	Enforce
Capabilities: chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_overridesyslog
Quiet Caps: chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_overridesyslog
Network: <all>
--- Entries ---
Mode:	w:	Name:	(/proc/*/attr/{current,exec})
Mode:	rwalkmx:rwalkmx	Name:	(/{**,})
	link:	(/**)
Mode:	 change_profile:	Name:	(lxc-*)
Mode:	 change_profile:	Name:	(unconfined)
Mode:	rwalkx:rwalkx	Name:	(/proc//kmem)
	link:	(/**)
Mode:	rwalkx:rwalkx	Name:	(/proc//mem)
	link:	(/**)
Mode:	walkx:walkx	Name:	(/proc//sys/fs/**)
	link:	(/**)
Mode:	walkx:walkx	Name:	(/proc//sys/kernel/*/**)
	link:	(/**)
Mode:	walkx:walkx	Name:	(/proc//sys/kernel/[^s][^h][^m]*)
	link:	(/**)
Mode:	rwalkx:rwalkx	Name:	(/proc//sysrq-trigger)
	link:	(/**)
Mode:	walkx:walkx	Name:	(/sys/[^f]*/**)
	link:	(/**)
Mode:	walkx:walkx	Name:	(/sys/f[^s]*/**)
	link:	(/**)
Mode:	rwalkx:rwalkx	Name:	(/sys/firmware/efi/efivars/**)
	link:	(/**)
Mode:	walkx:walkx	Name:	(/sys/fs/[^c]*/**)
	link:	(/**)
Mode:	walkx:walkx	Name:	(/sys/fs/c[^g]*/**)
	link:	(/**)
Mode:	walkx:walkx	Name:	(/sys/fs/cg[^r]*/**)
	link:	(/**)
Mode:	rwalkx:rwalkx	Name:	(/sys/kernel/security/**)
	link:	(/**)


root@xxxxxxxxxx:~# apparmor_parser -v /etc/apparmor.d/lxc-containers
Enocoding of mount rule failed
ERROR processing policydb rules for profile lxc-container-default, failed to load