Comment 8 for bug 1789627

On Container restart I found a bunch of unrelated apparmor denies that look like:
[1220983.698955] audit: type=1400 audit(1535545118.043:8745): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-cpaelzer-cosmic-systemd_</var/lib/lxd>" name="/run/" pid=21102 comm="mount" flags="rw, nosuid, nodev, remount"

That is LXD on the Host being denied to do things

Further when restarting systemd-resolved I saw these:
[1221051.971026] audit: type=1400 audit(1535545186.315:8854): apparmor="DENIED" operation="file_lock" profile="lxd-cpaelzer-cosmic-systemd_</var/lib/lxd>" pid=22329 comm="(resolved)" family="unix" sock_type="dgram" protocol=0 addr=none

Knowing that I also realized that the broken systems all had no reboot for quite some time, but the repro KVMs are obviously new.
With that in mind I found bug 1780227 sounds close enough I think.

Rebooted the host to a newer kernel and e voila that is it.

That said I'll make this a dup, but this is a rather "hard" impact.
We should make known that Cosmic since today fails to work in containers prior to Kernels:
- 4.4.0-134.160
- 4.15.0-33.36

Unfortunately the Guest-Container can enforce no dependencies onto the host kernel.
I'll discuss potential extra communication in standup today.