Comment 4 for bug 2049099

So this is a tough one. The denied messages are due to a difference in running the application in the container vs. running it on a host.

Certain files are being passed into the container from a separate namespace and the profile is not setup to deal with this. Unfortunately this is not currently handled well, there is work to improve both mapping and delegation around this but atm the only solution at this point is for the snap profile to be given the permissions necessary to work under both environments. Despite LXD setting up an apparmor policy namespace the container environment is not entirely transparent to the apparmor policy within the container.

So without having looked at 24.04 my guess is that either LXD changed something in the environment setup or that snap's profile has been updated.