Comment 7 for bug 1824812

In Cosmic /lib/systemd/system/apparmor.service pointed to "/etc/init.d/apparmor start"
This had some code, but it was not triggered:
                if [ -x /usr/bin/systemd-detect-virt ] && \
                   systemd-detect-virt --quiet --container && \
                   ! is_container_with_internal_policy; then
                        log_daemon_msg "Not starting AppArmor in container"
                        log_end_msg 0
                        exit 0

The interesting bit here is /lib/apparmor/functions with the function is_container_with_internal_policy

That essentially detected stacked namespaces in LXD and made it continue to work.

In Disco this now uses /lib/apparmor/apparmor.systemd instead.
I still calls is_container_with_internal_policy which now is only slightly different and stored in /lib/apparmor/rc.apparmor.functions

We need to track down why this now no more returns true ...