$ cat /tmp/apparmor.profile 
#include <tunables/global>

profile test (attach_disconnected) {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  /proc/sys/net/core/somaxconn r,

  /snap/lxd/** ixr,
  /var/snap/lxd/** r,

  # Description: Can access commands and socket from the 'lxd' snap.
  /var/snap/lxd/common/lxd/unix.socket rw,
  # Certificate
  /var/snap/lxd/common/lxd/client.crt rwk,
}


$ sudo apparmor_parser -r /tmp/apparmor.profile && SNAP=/snap/lxd/current SNAP_DATA=/var/snap/lxd/current SNAP_COMMON=/var/snap/lxd/common aa-exec -p test -- /snap/lxd/current/command-lxc.wrapper info

apiextensions:
- storage_zfs_remove_snapshots
- container_host_shutdown_timeout
- container_syscall_filtering
- auth_pki
- container_last_used_at
- etag
- patch
- usb_devices
- https_allowed_credentials
- image_compression_algorithm
- directory_manipulation
- container_cpu_time
- storage_zfs_use_refquota
- storage_lvm_mount_options
- network
- profile_usedby
- container_push
- container_exec_recording
- certificate_update
- container_exec_signal_handling
- gpu_devices
apistatus: stable
apiversion: "1.0"
auth: trusted
environment:
  addresses: []
  architectures:
  - x86_64
  - i686
  certificate: |
    -----BEGIN CERTIFICATE-----
    MIIF...
    -----END CERTIFICATE-----
  certificatefingerprint: 88db507bde22e64e02c822399c27fd715fb07ca4e7e9964bf1336be10066a55c
  driver: lxc
  driverversion: 2.0.5
  kernel: Linux
  kernelarchitecture: x86_64
  kernelversion: 4.8.0-27-generic
  server: lxd
  serverpid: 8521
  serverversion: "2.5"
  storage: dir
  storageversion: ""
config: {}
public: false