Comment 34 for bug 1721278

> ... apparmor="DENIED" operation="create" ... family="unix" sock_type="stream"

With the pinned-down feature set, you probably "lost" support for unix rules.

In theory, apparmor_parser will downgrade those rules to "network unix," - but in practise a bug in apparmor_parser prevented it.This bug was fixed in the point releases some days ago.

Can you please test with the latest apparmor_parser? "Latest" means 2.11.1, 2.10.3 or 2.9.5 - or, if you want to test only the bugfix, apply the patch from bzr trunk r3700 - http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3700