PVE docker 安装AppArmor问题

今天在pve跑特权lvc出现下面问题，记录一下解决思路：

Error response from daemon: AppArmor enabled on system but the docker-default profile could not be loaded: running `/usr/sbin/apparmor_parser apparmor_parser -Kr /var/lib/docker/tmp/docker-default435804786` failed with output: apparmor_parser: Unable to replace "docker-default".  Permission denied; attempted to load a profile while confined?

1. 进入pvc终端找到 lxc 配置文件 eg. /etc/pve/lxc/100.conf
2. 添加以下配置：

lxc.apparmor.profile: unconfined  
lxc.cgroup2.devices.allow: a  
lxc.cap.drop: