Are those privileged or unprivileged containers?
This mount failure usually hits when a privileged container is attempting to run a systemd unit inside an isolated mount namespace. The operations performed by systemd in such a case currently cannot be safely allowed due to a long standing apparmor parser bug.
This isn’t the case for unprivileged containers as we don’t rely on apparmor quite as much there and so have relaxed the rules enough to have this normally work.