I have diagnosed the condition to be caused by the apparmor_parser command in combination with the snapd update.
It is easily reproducible as:
lxc launch ubuntu: c1 -p default -p docker
lxc exec c1 bash # the following are inside the container
snap refresh # required until the image comes with the new snap version
apparmor_parser --add /var/lib/snapd/apparmor/profiles/snap*
I am not sure yet if that apparmor workaround itself is needed anymore. It was originally related to some further nesting problems and adapted from this source:
Thanks for posting this as it helped me out. FYI, the snapstore no longer publishes snapd 2.58.3. That means new containers that you want to do nested lxd within will not work until you can install 2.58.3. (The revert command wont work because its a fresh install and there is nothing to revert to.). If you have a machine that does have 2.58.3, you can grab the snap and install it manually.
Turns out these issues were ultimately caused by workaround for previous issues. Removing all workarounds and just using security.nesting=true works.
In other words, using old docker LXD profiles is not helpful, and we also had some apparmor workarounds in place, at least a echo 'tmpfs /sys/kernel/security/ tmpfs defaults 0 0' >> /etc/fstab in the build script that also had to go.