Comment 4 for bug 2006528

/proc is not usually shared between the host and the container, but I can see how that can happen if you run the mount with hidepid=2 on the host.

When it comes to processes, aa-status works by going through /proc and reading attr/apparmor/current. So if you remount /proc with hidepid=2, then the processes are hidden.
https://docs.kernel.org/filesystems/proc.html#mount-options

The main issue is that the processes shouldn't be hidden from root, and you are running aa-status with root. So I need to investigate a bit further.