Does anyone have any guidance on why I can’t get Umbrell to install on an “unconfined” (aka apparmor should be disabled) LXC container inside Proxmox?

======================================
============ CONFIGURING =============
========= UMBREL (mainnet) ===========
======================================

Generating auth credentials

Generating Tor password

Unable to find image 'getumbrel/tor:0.4.7.8@sha256:2ace83f22501f58857fa9b403009f595137fa2e7986c4fda79d82a8119072b6a' locally
docker.io/getumbrel/tor@sha256:2ace83f22501f58857fa9b403009f595137fa2e7986c4fda79d82a8119072b6a: Pulling from getumbrel/tor
461246efe0a7: Pulling fs layer
c8bc27c5e55c: Pulling fs layer
472ce9feeded: Pulling fs layer
472ce9feeded: Verifying Checksum
472ce9feeded: Download complete
461246efe0a7: Verifying Checksum
461246efe0a7: Download complete
461246efe0a7: Pull complete
c8bc27c5e55c: Verifying Checksum
c8bc27c5e55c: Download complete
c8bc27c5e55c: Pull complete
472ce9feeded: Pull complete
Digest: sha256:2ace83f22501f58857fa9b403009f595137fa2e7986c4fda79d82a8119072b6a
Status: Downloaded newer image for getumbrel/tor@sha256:2ace83f22501f58857fa9b403009f595137fa2e7986c4fda79d82a8119072b6a
docker: Error response from daemon: AppArmor enabled on system but the docker-default profile could not be loaded: running `/usr/sbin/apparmor_parser apparmor_parser -Kr /var/lib/docker/tmp/docker-default881224890` failed with output: apparmor_parser: Unable to replace "docker-default".  Permission denied; attempted to load a profile while confined?

Steps to reproduce:

1. Create new LXC container (priviledged) using Ubuntu 22.04
2. apt-get update; install curl
3. Run umbrell install all-in-one curl -L https://umbrel.sh | bash
4. It will fail.

aa-status

root@umbrel:~# aa-status
apparmor module is loaded.
44 profiles are loaded.
44 profiles are in enforce mode.
/usr/bin/lxc-start
/usr/bin/man
/usr/sbin/chronyd
:lxc-113_<-var-lib-lxc>:/usr/bin/man
:lxc-113_<-var-lib-lxc>:/usr/lib/NetworkManager/nm-dhcp-client.action
:lxc-113_<-var-lib-lxc>:/usr/lib/NetworkManager/nm-dhcp-helper
:lxc-113_<-var-lib-lxc>:/usr/lib/connman/scripts/dhclient-script
:lxc-113_<-var-lib-lxc>:/{,usr/}sbin/dhclient
:lxc-113_<-var-lib-lxc>:lsb_release
:lxc-113_<-var-lib-lxc>:man_filter
:lxc-113_<-var-lib-lxc>:man_groff
:lxc-113_<-var-lib-lxc>:nvidia_modprobe
:lxc-113_<-var-lib-lxc>:nvidia_modprobe//kmod
:lxc-113_<-var-lib-lxc>:tcpdump
:lxc-114_<-var-lib-lxc>:/usr/bin/man
:lxc-114_<-var-lib-lxc>:/usr/lib/NetworkManager/nm-dhcp-client.action
:lxc-114_<-var-lib-lxc>:/usr/lib/NetworkManager/nm-dhcp-helper
:lxc-114_<-var-lib-lxc>:/usr/lib/connman/scripts/dhclient-script
:lxc-114_<-var-lib-lxc>:/{,usr/}sbin/dhclient
:lxc-114_<-var-lib-lxc>:docker-default
:lxc-114_<-var-lib-lxc>:lsb_release
:lxc-114_<-var-lib-lxc>:man_filter
:lxc-114_<-var-lib-lxc>:man_groff
:lxc-114_<-var-lib-lxc>:nvidia_modprobe
:lxc-114_<-var-lib-lxc>:nvidia_modprobe//kmod
:lxc-114_<-var-lib-lxc>:tcpdump
lsb_release
lxc-101_</var/lib/lxc>
lxc-102_</var/lib/lxc>
lxc-103_</var/lib/lxc>
lxc-104_</var/lib/lxc>
lxc-105_</var/lib/lxc>
lxc-113_</var/lib/lxc>
lxc-114_</var/lib/lxc>
lxc-container-default
lxc-container-default-cgns
lxc-container-default-with-mounting
lxc-container-default-with-nesting
man_filter
man_groff
nvidia_modprobe
nvidia_modprobe//kmod
swtpm
tcpdump
0 profiles are in complain mode.
0 profiles are in kill mode.
0 profiles are in unconfined mode.
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
0 processes are in mixed mode.
0 processes are in kill mode.
root@umbrel:~#

LXC container settings from proxmox ct115.conf

pct config 115

arch: amd64
cores: 8
hostname: umbrel
memory: 4192
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=52:C8:D0:34:B9:3A,ip=dhcp,type=veth
ostype: ubuntu
rootfs: local-zfs:subvol-115-disk-0,size=60G
swap: 512
lxc.apparmor.profile: unconfined

Thanks in advance.