Comment 6 for bug 1953563

So I've confirmed that it's VFS idmapped related.
Testing with two containers on the same system, one on a dir storage pool (ext4 uses idmapped mounts) and one on a zfs storage pool (idmapped mounts unsupported). The former has the issue whereas the latter works just fine.

So it looks like something with VFS idmapped mounts is tickling apparmor the wrong way.

Adding a kernel task and pinging brauner to give his thoughts on what may be the issue here.