Hi 
Not sure if bumping this 2 year old topic is a great idea, but this was the only reference I found on here for the problem I had just now with syslog being filled with “apparmor=“DENIED” operation=“mount” messages.
The problem started appearing after upgrading one of the containers from debian 10 to debian 11, which might explain how your problem appeared only in newer ubuntu versions @Andrew_Wilson
The fix seems to be setting
lxc config set yourcontaintername security.nesting true
This stopped the messages appearing in syslog.
According to this source LXC Container Upgrade to Bullseye - Slow Login and AppArmor Errors | Proxmox Support Forum systemd requires it for namespacing purposes. I have yet to fully understand all this, but for now my syslog is back to normal and the containers seem to run smoothly.
Our LXD / LXC Version is 4.21, the host OS is debian 10.11 and the container causing the “apparmor="DENIED” messages runs debian 11.2. I wonder if the message would disappear if the host OS was the same or newer than the said lxc container…?
A sample warning message to the above in syslog is:
Jan 2 14:20:37 ourmachine kernel: [356300.913411] audit: type=1400 audit(1641133237.822:68517): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ourcontainer_</var/ snap/lxd/common/lxd>" name="/run/systemd/unit-root/proc/" pid=29573 comm="(d-logind)" fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec"