Comment 10 for bug 1244157

So yes this is because of the unshare of the file system namespace. Currently the only work around is the use of the attach_disconnected flag. Alternate solutions are coming as part of the work to support lxc

Martin:
The only way to temporarily add the attach_disconnected flag is to manually replace the profile with a version that has the flag added. The manually loaded profile can be from anywhere
  apparmor_parser -Kr <profile file>