Comment 2 for bug 1475050

Ok, so that allows bypassing apparmor for both privileged containers and unprivileged containers so long as you get someone to run lxc-attach for you.

For privileged containers, that's not really an issue since there are ways of doing that and in fact more, without requiring any user intervention. That's why we don't consider privileged containers as root-safe.

For unprivileged containers, it's slightly more annoying since we do consider those to be root-safe and even with that bug, they still are, but loosing apparmor confinement is certainly not something we intended and so we should fix that bug.