Okay, that looks like the kernel is working for you and you are now past the original
[103975.623545] audit: type=1400 audit(1481284511.494:2807): apparmor="DENIED" operation="change_onexec" info="no new privs" error=-1 namespace="root//lxd-tor_<var-lib-lxd>" profile="unconfined" name="system_tor" pid=18593 comm="(tor)" target="system_tor"
The new unlink denials will need the rule /var/lib/openntpd/run/ntpd.sock w,
added to the ntpd profile in /etc/apparmor.d/usr.sbin.ntpd
Okay, that looks like the kernel is working for you and you are now past the original
[103975.623545] audit: type=1400 audit(148128451 1.494:2807) : apparmor="DENIED" operation= "change_ onexec" info="no new privs" error=-1 namespace= "root// lxd-tor_ <var-lib- lxd>" profile= "unconfined" name="system_tor" pid=18593 comm="(tor)" target="system_tor"
The new unlink denials will need the rule lib/openntpd/ run/ntpd. sock w,
/var/
added to the ntpd profile in /etc/apparmor. d/usr.sbin. ntpd