Last time I checked, nothing was actually confined by AppArmor out of the box (IIRC I was looking at the output of ps -eZ and found that AppArmor wasn't actaully protecting anything...)

Specifically in RHEL/CentOS/Fedora I like that everything in the base system is reasonably well confined out of the box - including random container images that users insist on downloading/running. I don't know if AppArmor is even capable of doing this:

https://access.redhat.com/documentation/en-us/red_hat_enterp...

i.e., if I 'docker run --rm -it debian:unstable sleep 300' twice, then:

$ pgrep sleep | xargs ps -Z LABEL PID TTY STAT TIME COMMAND system_u:system_r:svirt_lxc_net_t:s0:c563,c603 1595289 pts/0 S+ 0:00 sleep 123 system_u:system_r:svirt_lxc_net_t:s0:c25,c163 1595325 pts/0 S+ 0:00 sleep 345

Both containers are confined by the svirt_lxc_net_t domain, but since they have different labels, they aren't able to interfere with each other, or the host system, even if the process inside the container is running as uid 0.