Apparmor profile audit warnings, what does it mean?
See FAQ’s and Apparmor profile syslog
In some cases apparmor=“DENIED” syslog warnings are “complaining” about failing Apparmor profile audits. These warnings are nothing to worry about since the snap is doing exactly what it should and confining the snap! The warning means, that automated Apparmor audits are failing because the request is being denied due to snap confinement. Not being able to audit those profiles should have no effect on the Nextcloud snap.
audit: type=1400 audit(1732273383.121:15114): apparmor="DENIED" operation="example" namespace="root//lxd-NEXTCLOUD_<var-snap-lxd-common-lxd>" profile="snap.nextcloud.nextcloud-cron" pid=2057758 comm="ps" requested_mask="read" denied_mask="read" peer="unconfined"
kernel
Apparmor comes with a predefined profiles, but there are also additional upstream Apparmor profiles which may reduce log warnings;
sudo apt install apparmor-profiles-extra