Comment 20 for bug 2064096

Yes, I found that systemd switched from using MS_MOVE to MS_BIND | MS_REC when moving /run (and other filesystems) during the switch root. Although this is ultimately a shortcoming in AppArmor, this change in systemd is why we are seeing the issue now.

Discussing with upstream in https://github.com/systemd/systemd/pull/32645.