Comment 1 for bug 1628285

slight revision

/sys/kernel/security/apparmor/features/domain/ns_stacked contains yes/no if stacked across policy namespace

/sys/kernel/security/apparmor/features/domain/ns_name contains the name of the namespace

as long as lxc sets up a detectable namespace ns_name can be used to detect if it should load or not, as stacking, and stacking across namespaces will start to be used in other ways. So testing for just stack or ns_stack might not be enough