So there is indeed no technical reason why apparmor wouldn't work in trusty containers as long as the host supports it (trusty with hwe kernel or xenial).
The reason why this wasn't enabled is due to concerns about apparmor profiles in trusty possibly needing updates to work inside containers. We've seen a fair amount of issues with AppArmor inside of LXD containers on Xenial behaving slightly differently from running on the host and didn't want to possibly cause regressions for longtime users (trusty) while we were ready to take that risk for xenial. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1686612 Title: Stacked profiles fail to reload in Trusty LXD containters To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1686612/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs