lxc apparmor 'error' or php issue

[karlos]

Hi all!

Every lxc container shows about 20 lines like this on startup:

pve kernel:  apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-115_</var/lib/lxc>" name="/" pid=28950 comm="(networkd)" flags="rw, rslave"
pve kernel:  IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
pve kernel:  vmbr0: port 4(veth115i0) entered blocking state
pve kernel:  vmbr0: port 4(veth115i0) entered forwarding state
pve kernel: apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-115_</var/lib/lxc>" name="/" pid=28985 comm="(resolved)" flags="rw, rslave"
pve kernel: audit: type=1400 apparmor="STATUS" operation="profile_replace" info="not policy admin" error=-13 label="lxc-115_</var/lib/lxc>//&:lxc-115_<-var-lib-lxc>:unconfined" pid=29035 comm="apparmor_parser"
pve kernel:  audit: type=1400 apparmor="STATUS" operation="profile_replace" info="not policy admin" error=-13 label="lxc-115_</var/lib/lxc>//&:lxc-115_<-var-lib-lxc>:unconfined" pid=29036 comm="apparmor_parser"
pve kernel:  audit: type=1400 : apparmor="STATUS" operation="profile_replace" info="not policy admin" error=-13 label="lxc-115_</var/lib/lxc>//&:lxc-115_<-var-lib-lxc>:unconfined" pid=29038 comm="apparmor_parser"

Is this normal or an error?

If I add this to the lxc conf file:
lxc.apparmor.profile: unconfined
it stops the messages... not sure if it helps anything though...

anyway the issue I'm debugging is a crazy high Apache cpu load using Wordpress on a ubuntu lxc

My guess is there are conflicts with apache/php among containers

But does the apparmor message have anything to do with it?

Can I "isolate" containers to stop this happening?