Since I started seeing this in libvirt There might be reasons that is done that way but this affects me and probably other use cases e.g. if I install libvirt:
$ apt install libvirt-daemon-system
$ aa-status | grep libvirt
On my test systems the containers do not get any profile loaded:
$ aa-status
apparmor module is loaded.
0 profiles are loaded.
0 profiles are in enforce mode.
0 profiles are in complain mode.
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
When testing a new disco container on my laptop they at least have only less profiles, but some profiles work. Odd at least.
Since I started seeing this in libvirt There might be reasons that is done that way but this affects me and probably other use cases e.g. if I install libvirt: daemon- system
$ apt install libvirt-
$ aa-status | grep libvirt
On my test systems the containers do not get any profile loaded:
$ aa-status
apparmor module is loaded.
0 profiles are loaded.
0 profiles are in enforce mode.
0 profiles are in complain mode.
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
When testing a new disco container on my laptop they at least have only less profiles, but some profiles work. Odd at least.