--- - name: Set apparmor profile unconfined ansible.builtin.lineinfile: dest: "/etc/pve/lxc/{{ item }}.conf" regexp: ^lxc.apparmor.profile line: "lxc.apparmor.profile: unconfined" loop: "{{ kube_ids }}" notify: reboot containers - name: Allow cgroup devices ansible.builtin.lineinfile: dest: "/etc/pve/lxc/{{ item }}.conf" regexp: ^lxc.cgroup.devices.allow line: "lxc.cgroup.devices.allow: a" loop: "{{ kube_ids }}" notify: reboot containers - name: Blank out lxc.cap.drop ansible.builtin.lineinfile: dest: "/etc/pve/lxc/{{ item }}.conf" regexp: ^lxc.cap.drop line: "lxc.cap.drop: " loop: "{{ kube_ids }}" notify: reboot containers - name: LXC auto mount proc and sys ansible.builtin.lineinfile: dest: "/etc/pve/lxc/{{ item }}.conf" regexp: ^lxc.mount.auto line: 'lxc.mount.auto: "proc:rw sys:rw"' loop: "{{ kube_ids }}" notify: reboot containers