I saw the same with ntp on Xenial, but can also confirm that >=Zesty things seem to be fixed.
Before I had:
audit: type=1400 audit(1497945497.701:6958): apparmor="DENIED" operation="file_inherit" namespace="root//lxd-xenial-ntp_<var-lib-lxd>" profile="/usr/sbin/ntpd" name="/run/systemd/journal/stdout" pid=27776 comm="ntpd" requested_mask="wr" denied_mask="wr" fsuid=165536 ouid=165536
So it seems fixed, maybe an SRU needed of something in apparmor / abstractions?
I saw the same with ntp on Xenial, but can also confirm that >=Zesty things seem to be fixed. 7.701:6958) : apparmor="DENIED" operation= "file_inherit" namespace= "root// lxd-xenial- ntp_<var- lib-lxd> " profile= "/usr/sbin/ ntpd" name="/ run/systemd/ journal/ stdout" pid=27776 comm="ntpd" requested_mask="wr" denied_mask="wr" fsuid=165536 ouid=165536
Before I had:
audit: type=1400 audit(149794549
So it seems fixed, maybe an SRU needed of something in apparmor / abstractions?