Quoting Jamie Strandboge (<email address hidden>):
> Another idea would be to make sure that at least Ubuntu systems don't
> load apparmor policy in the container when using libvirt-lxc like we've
> done with lxc.
That actually is not happening with lxc. If you run a container
unconfined (lxc.aa_profile = unconfined) then dhclient does end up
running as /sbin/dhclient (enforce)
Quoting Jamie Strandboge (<email address hidden>):
> Another idea would be to make sure that at least Ubuntu systems don't
> load apparmor policy in the container when using libvirt-lxc like we've
> done with lxc.
That actually is not happening with lxc. If you run a container
unconfined (lxc.aa_profile = unconfined) then dhclient does end up
running as /sbin/dhclient (enforce)