Comment # 4 on bug 1225608 from Christian Boltz

(In reply to Felix Niederwanger from comment #2)
> It looks to me like we're missing the Apparmor profile for crun

Right, that's intentionally - for now.

The additional profiles require changes in containers-related profiles which
didn't reach Tumbleweed yet. Basically the difference is that in the past we
needed peer=unconfined (because crun didn't have a profile), and when crun has
a profile, we need peer=crun.

Since the "unconfined" profiles are not too useful on openSUSE (yet?) besides
adding a profile name, the decision was to exclude profiles that cause trouble
with peer profiles (crun, runc, and with SR 1177757 also podman) from the
package for now.