# 停止容器
incus stop <container-name>

# 设置安全嵌套参数
incus config set <container-name> security.nesting true
incus config set <container-name> security.privileged true

# 允许 mount proc
incus config set <container-name> raw.lxc "lxc.mount.auto = proc:rw sys:rw"

# 设置 apparmor 配置
incus config set <container-name> raw.lxc "lxc.apparmor.profile=unconfined"

# 启动容器
incus start <container-name>