on my machine (specs at the end) running Jammy as the host, and launching a Jammy container:
1. lxc launch ubuntu:jammy test-jammy-on-jammy
from journal
Oct 06 07:36:47 j5awry-sys76 kernel: audit: type=1400 audit(1696595807.223:51559): apparmor="DENIED" operation="mount" class="mount" info="failed flags match" error=-13 profile="lxd-test-jammy-on-jammy_</var/snap/lxd/common/lxd>" name="/run/systemd/unit-root/proc/" pid=723735 comm="(d-logind)" fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec" Oct 06 07:36:47 j5awry-sys76 kernel: audit: type=1400 audit(1696595807.227:51560): apparmor="DENIED" operation="mount" class="mount" info="failed flags match" error=-13 profile="lxd-test-jammy-on-jammy_</var/snap/lxd/common/lxd>" name="/run/systemd/unit-root/tmp/" pid=723724 comm="(crub_all)" flags="rw, nosuid, remount, bind" Oct 06 07:36:47 j5awry-sys76 kernel: audit: type=1400 audit(1696595807.239:51561): apparmor="DENIED" operation="mount" class="mount" info="failed flags match" error=-13 profile="lxd-test-jammy-on-jammy_</var/snap/lxd/common/lxd>" name="/run/systemd/unit-root/proc/" pid=723750 comm="(ostnamed)" fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec"
so i get the same `mount - failed flags match` that i see above, but not the `file-inherit` denies.
on my machine (specs at the end) running Jammy as the host, and launching a Jammy container:
1. lxc launch ubuntu:jammy test-jammy-on-jammy
from journal
Oct 06 07:36:47 j5awry-sys76 kernel: audit: type=1400 audit(169659580 7.223:51559) : apparmor="DENIED" operation="mount" class="mount" info="failed flags match" error=-13 profile= "lxd-test- jammy-on- jammy_< /var/snap/ lxd/common/ lxd>" name="/ run/systemd/ unit-root/ proc/" pid=723735 comm="(d-logind)" fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec" 7.227:51560) : apparmor="DENIED" operation="mount" class="mount" info="failed flags match" error=-13 profile= "lxd-test- jammy-on- jammy_< /var/snap/ lxd/common/ lxd>" name="/ run/systemd/ unit-root/ tmp/" pid=723724 comm="(crub_all)" flags="rw, nosuid, remount, bind" 7.239:51561) : apparmor="DENIED" operation="mount" class="mount" info="failed flags match" error=-13 profile= "lxd-test- jammy-on- jammy_< /var/snap/ lxd/common/ lxd>" name="/ run/systemd/ unit-root/ proc/" pid=723750 comm="(ostnamed)" fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec"
Oct 06 07:36:47 j5awry-sys76 kernel: audit: type=1400 audit(169659580
Oct 06 07:36:47 j5awry-sys76 kernel: audit: type=1400 audit(169659580
so i get the same `mount - failed flags match` that i see above, but not the `file-inherit` denies.