Looking at the apparmor namespace, I'd say this is triggered by processes executing already inside the container. AFAIU the image (say ubuntu:22.04) contains a seed which installs lxd inside and so there may be hooks and services of lxd being run inside the container.
Also on Arch, for the record I see some of the denials even without installing anything under LXD, simply launching a container is enough:
sty 26 09:03:27 galeon kernel: audit: type=1400 audit(170625620 7.310:1706) : apparmor="DENIED" operation= "file_inherit" class="net" namespace= "root// lxd-snapcraft_ classic- meerkat_ <var-snap- lxd-common- lxd>" profile= "/snap/ snapd/20671/ usr/lib/ snapd/snap- confine" pid=3225810 comm="snap-confine" family="netlink" sock_type= mask="send receive" denied_mask="send receive" 7.320:1707) : apparmor="DENIED" operation= "file_inherit" class="file" namespace= "root// lxd-snapcraft_ classic- meerkat_ <var-snap- lxd-common- lxd>" profile= "snap-update- ns.lxd" name="/ apparmor/ .null" pid=3225828 comm="6" requested_mask="wr" denied_mask="wr" fsu 7.457:1708) : apparmor="DENIED" operation= "file_inherit" class="file" namespace= "root// lxd-snapcraft_ classic- meerkat_ <var-snap- lxd-common- lxd>" profile= "snap.lxd. hook.install" name="/ apparmor/ .null" pid=3225810 comm="snap-exec" requested_mask="wr" denied_ma 7.820:1709) : apparmor="DENIED" operation= "file_inherit" class="net" namespace= "root// lxd-snapcraft_ classic- meerkat_ <var-snap- lxd-common- lxd>" profile= "/snap/ snapd/20671/ usr/lib/ snapd/snap- confine" pid=3225872 comm="snap-confine" family="unix" sock_type="st mask="send receive" denied_mask="send receive" 7.820:1710) : apparmor="DENIED" operation= "file_inherit" class="net" namespace= "root// lxd-snapcraft_ classic- meerkat_ <var-snap- lxd-common- lxd>" profile= "/snap/ snapd/20671/ usr/lib/ snapd/snap- confine" pid=3225872 comm="snap-confine" family="unix" sock_type="st mask="send receive" denied_mask="send receive" 7.820:1711) : apparmor="DENIED" operation= "file_inherit" class="file" namespace= "root// lxd-snapcraft_ classic- meerkat_ <var-snap- lxd-common- lxd>" profile= "snap.lxd. activate" name="/ apparmor/ .null" pid=3225872 comm="snap-exec" requested_mask="wr" denied_mask=" 7.820:1712) : apparmor="DENIED" operation= "file_inherit" class="file" namespace= "root// lxd-snapcraft_ classic- meerkat_ <var-snap- lxd-common- lxd>" profile= "snap.lxd. activate" name="/ apparmor/ .null" pid=3225872 comm="snap-exec" requested_mask="wr" denied_mask=" 7.830:1713) : apparmor="DENIED" operation= "file_inherit" class="file" namespace= "root// lxd-snapcraft_ classic- meerkat_ <var-snap- lxd-common- lxd>" profile= "/snap/ snapd/20671/ usr/lib/ snapd/snap- confine" name="/ apparmor/ .null" pid=3225872 comm="aa-exec" requeste 7.830:1714) : apparmor="DENIED" operation= "file_inherit" class="file" namespace= "root// lxd-snapcraft_ classic- meerkat_ <var-snap- lxd-common- lxd>" profile= "/snap/ snapd/20671/ usr/lib/ snapd/snap- confine" name="/ apparmor/ .null" pid=3225872 comm="aa-exec" requeste 8.027:1715) : apparmor="STATUS" operation= "profile_ replace" info="same as current profile, skipping" label=" lxd-snapcraft_ classic- meerkat_ </var/snap/ lxd/common/ lxd>//& :lxd-snapcraft_ classic- meerkat_ <var-snap- lxd-common- lxd>:unconfined " name="/ snap/snapd/ 206 lib/snapd/ snap-confine" pid=3225947 comm="apparmor_ parser"
"raw" protocol=15 requested_
sty 26 09:03:27 galeon kernel: audit: type=1400 audit(170625620
id=1000000 ouid=0
sty 26 09:03:27 galeon kernel: audit: type=1400 audit(170625620
sk="wr" fsuid=1000000 ouid=0
sty 26 09:03:27 galeon kernel: audit: type=1400 audit(170625620
ream" protocol=0 requested_
sty 26 09:03:27 galeon kernel: audit: type=1400 audit(170625620
ream" protocol=0 requested_
sty 26 09:03:27 galeon kernel: audit: type=1400 audit(170625620
wr" fsuid=1000000 ouid=0
sty 26 09:03:27 galeon kernel: audit: type=1400 audit(170625620
wr" fsuid=1000000 ouid=0
sty 26 09:03:27 galeon kernel: audit: type=1400 audit(170625620
d_mask="wr" denied_mask="wr" fsuid=1000000 ouid=0
sty 26 09:03:27 galeon kernel: audit: type=1400 audit(170625620
d_mask="wr" denied_mask="wr" fsuid=1000000 ouid=0
sty 26 09:03:28 galeon kernel: audit: type=1400 audit(170625620
71/usr/
Looking at the apparmor namespace, I'd say this is triggered by processes executing already inside the container. AFAIU the image (say ubuntu:22.04) contains a seed which installs lxd inside and so there may be hooks and services of lxd being run inside the container.