Comment 22 for bug 1878225

AppArmor mount rules have had a lot of issues in the past (and still do) depending on the version of kernel, the parser and the exact rule. If you want an easy way out of this, setting `raw.apparmor=mount,` on your container will almost certainly get such issues to disappear.

LXD 4.0 has a number of tweaks in the rules to workaround a bunch of those issues.
It's a trick we can do on unprivileged containers as we don't rely on apparmor for security there, for privileged containers, we don't get to do the same and so our policy is quite a bit more strict.