LXC container not starting
It actually sounds like you stumbled across a bug. The referenced link directs to a patch which helps prevent these AppArmor failures. However, you'll need to know how to compile LXC from source to make use of it. I'm not sure if this patch made it into the binaries as of yet.
The workaround was to append lxc.aa_allow_incomplete = 1
into /var/lib/lxc/[container-name]/config
file.
This setting will lower the security offered by apparmor. This is an excerpt from the lxc.container.conf(5)
man page.
lxc.aa_allow_incomplete
Apparmor profiles are pathname based. Therefore many file
restrictions require mount restrictions to be effective
against a determined attacker. However, these mount
restrictions are not yet implemented in the upstream kernel.
Without the mount restrictions, the apparmor profiles still
protect against accidental damager.
If this flag is 0 (default), then the container will not be
started if the kernel lacks the apparmor mount features, so
that a regression after a kernel upgrade will be detected. To
start the container under partial apparmor protection, set
this flag to 1.