Comment 14 for bug 1641236

name="apparmor/.null" is used to remove access to an already open file that is being inherited and should no longer be available. Whether because policy doesn't allow it. AppArmor can't just close the file because the fd for the file might have meaning and closing the file would free up the fd slot and it could then be filled by a new open which could cause all kinds of weird issues.

lxd does auto generate profiles. So that is a good bet as to what is happening.