Comment 4 for bug 2063099

I'll copy the workaround I mentioned in #2039294 here:

As a temporary workaround, put the file I have attached to /etc/apparmor.d/docker-default and load it with "apparmor_parser -Kr /etc/apparmor.d/docker-default". It will make dockerd skip loading its builtin profile as docker-default. It will also stick across reboots. The only difference between the builtin profile and the attached one are the following rules:

  # runc may send signals to container processes
  signal (receive) peer=runc,

Add similar line for crun if you're using crun.