Comment 2 for bug 1735459

So yes and no. This is working exactly as the kernel presents this to apparmor, and there is nothing we can do about it at the moment.

specifically all nsfs paths are magic symlinks that resolve to a special kernel mount that does not exist in userspace and all of them resolve to '/'. There is currently nothing that can be done about this.

We have been working on some potential solutions but this is active investigation/dev work and not ready for use.