TestRunApparmor does not seem to ever run on the CI

[apostasie]

Description

Rootful:
https://github.com/containerd/nerdctl/actions/runs/13000786746/job/36258878338?pr=3853#step:8:430

Rootless:
https://github.com/containerd/nerdctl/actions/runs/13000786746/job/36258878879?pr=3853#step:9:613

In both cases:

=== SKIP: cmd/nerdctl/container TestRunApparmor (0.00s)
    container_run_security_linux_test.go:176: needs to be able to apply "nerdctl-default" profile

I don't know why, and this does not make much sense.

Maybe for rootless - although https://github.com/containerd/nerdctl/blob/main/Dockerfile.d/test-integration-rootless.sh#L21 needs a serious review then - as it seems bizarre that a script named "-rootless" would do certain things when uid = 0.

For rootful though, we should certainly be able to load the profile and apply it.

This is related to #3858 : our current testing rig is hard to reason about, and more importantly, is hiding issues and non-running tests.

Steps to reproduce the issue

Describe the results you received and expected

na

What version of nerdctl are you using?

main

Are you using a variant of nerdctl? (e.g., Rancher Desktop)

None

Host information

No response

[apostasie]

Note: I do get what test-integration-rootless is doing.
It is just really hard to read for most people (and also does not seem to work as expected, as far as apparmor is concerned).

[apostasie]

securityfs is not mounted.

[apostasie]

Given the entrypoint is out of repository, I'll patch here, but maybe that should be ported to AkihiroSuda/containerized-systemd/.