Is there an existing issue for this?

• There is no existing issue for this bug

Is this happening on an up to date version of Incus?

• This is happening on a supported version of Incus

Incus system details

server_version: "6.15"

Instance details

No response

Instance log

No response

Current behavior

No response

Expected behavior

No response

Steps to reproduce

1. Upgrade to Debian Trixie
2. Create an Incus container with -c security.nesting=true -c security.idmap.size=165536
3. Go into the shell of the new incus container
4. Install docker and set "userns-remap": "default" in /etc/docker/daemon.json
5. Restart docker service and create a container, it will fail with "Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: can't get final child's PID from pipe: EOF" and dmesg on the host system will show "audit: type=1400 audit(1754850254.083:458): apparmor="DENIED" operation="userns_create" class="namespace" profile="incus-dns_</var/lib/incus>" pid=4337 comm="runc:[1:CHILD]" requested="userns_create" denied="userns_create"

Most likely the Incus apparmor profile needs to be adjusted.