apparmor prevents DHCP from starting with IPoIB interface

# lsb_release -rd
Description: Ubuntu Focal Fossa (development branch)
Release: 20.04

# apt-cache policy isc-dhcp-server
isc-dhcp-server:
  Installed: 4.4.1-2ubuntu6
  Candidate: 4.4.1-2ubuntu6
  Version table:
 *** 4.4.1-2ubuntu6 500
        500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages
        100 /var/lib/dpkg/status

I expect isc-dhcp-server to start.
It does not because apparmor blocks something related to having an ib_ipoib interface present.

I have infiniband interfaces using IPoIB. This prevents DHCP from starting because apparmor DENIES something.

ip addr list:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp3s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 1c:c1:de:e6:b4:08 brd ff:ff:ff:ff:ff:ff
    inet 130.166.47.2/24 brd 130.166.47.255 scope global enp3s0f0
       valid_lft forever preferred_lft forever
    inet 130.166.47.1/24 brd 130.166.47.255 scope global secondary enp3s0f0
       valid_lft forever preferred_lft forever
    inet6 fe80::1ec1:deff:fee6:b408/64 scope link
       valid_lft forever preferred_lft forever
3: enp3s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 1c:c1:de:e6:b4:0a brd ff:ff:ff:ff:ff:ff
    inet 10.47.0.2/16 brd 10.47.255.255 scope global enp3s0f1
       valid_lft forever preferred_lft forever
    inet6 fe80::1ec1:deff:fee6:b40a/64 scope link
       valid_lft forever preferred_lft forever
4: enp4s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 1c:c1:de:e6:b4:00 brd ff:ff:ff:ff:ff:ff
    inet 10.0.47.2/24 brd 10.0.47.255 scope global enp4s0f0
       valid_lft forever preferred_lft forever
    inet6 fe80::1ec1:deff:fee6:b400/64 scope link
       valid_lft forever preferred_lft forever
5: enp4s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 1c:c1:de:e6:b4:02 brd ff:ff:ff:ff:ff:ff
    inet 130.166.240.19/29 brd 130.166.240.23 scope global enp4s0f1
       valid_lft forever preferred_lft forever
    inet 130.166.240.18/29 brd 130.166.240.23 scope global secondary enp4s0f1
       valid_lft forever preferred_lft forever
    inet6 fe80::1ec1:deff:fee6:b402/64 scope link
       valid_lft forever preferred_lft forever
8: ibs1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2044 qdisc fq_codel state UP group default qlen 256
    link/infiniband 80:00:02:0a:fe:80:00:00:00:00:00:00:00:02:c9:03:00:0f:45:ef brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff
    inet 192.168.47.2/24 brd 192.168.47.255 scope global ibs1
       valid_lft forever preferred_lft forever
    inet6 fe80::202:c903:f:45ef/64 scope link
       valid_lft forever preferred_lft forever
9: ibs1d1: <BROADCAST,MULTICAST> mtu 4092 qdisc noop state DOWN group default qlen 256
    link/infiniband 80:00:02:0b:fe:80:00:00:00:00:00:00:00:02:c9:03:00:0f:45:f0 brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff

# service isc-dhcp-server start
# tail /var/log/syslog
Feb 6 05:26:50 firewalla systemd[1]: Started ISC DHCP IPv4 server.
Feb 6 05:26:50 firewalla dhcpd[2513]: Internet Systems Consortium DHCP Server 4.4.1
Feb 6 05:26:50 firewalla sh[2513]: Internet Systems Consortium DHCP Server 4.4.1
Feb 6 05:26:50 firewalla sh[2513]: Copyright 2004-2018 Internet Systems Consortium.
Feb 6 05:26:50 firewalla sh[2513]: All rights reserved.
Feb 6 05:26:50 firewalla sh[2513]: For info, please visit https://www.isc.org/software/dhcp/
Feb 6 05:26:50 firewalla dhcpd[2513]: Copyright 2004-2018 Internet Systems Consortium.
Feb 6 05:26:50 firewalla dhcpd[2513]: All rights reserved.
Feb 6 05:26:50 firewalla dhcpd[2513]: For info, please visit https://www.isc.org/software/dhcp/
Feb 6 05:26:50 firewalla kernel: [ 1098.134784] audit: type=1400 audit(1580966810.775:62): apparmor="DENIED" operation="open" profile="/usr/sbin/dhcpd" name="/proc/sys/net/ipv4/ip_local_port_range" pid=2513 comm="dhcpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Feb 6 05:26:50 firewalla kernel: [ 1098.134926] audit: type=1400 audit(1580966810.775:63): apparmor="DENIED" operation="open" profile="/usr/sbin/dhcpd" name="/proc/sys/net/ipv4/ip_local_port_range" pid=2513 comm="dhcpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Feb 6 05:26:50 firewalla dhcpd[2513]: Config file: /etc/dhcp/dhcpd.conf
Feb 6 05:26:50 firewalla sh[2513]: Config file: /etc/dhcp/dhcpd.conf
Feb 6 05:26:50 firewalla sh[2513]: Database file: /var/lib/dhcp/dhcpd.leases
Feb 6 05:26:50 firewalla sh[2513]: PID file: /run/dhcp-server/dhcpd.pid
Feb 6 05:26:50 firewalla dhcpd[2513]: Database file: /var/lib/dhcp/dhcpd.leases
Feb 6 05:26:50 firewalla dhcpd[2513]: PID file: /run/dhcp-server/dhcpd.pid
Feb 6 05:26:50 firewalla dhcpd[2513]: Internet Systems Consortium DHCP Server 4.4.1
Feb 6 05:26:50 firewalla dhcpd[2513]: Copyright 2004-2018 Internet Systems Consortium.
Feb 6 05:26:50 firewalla dhcpd[2513]: All rights reserved.
Feb 6 05:26:50 firewalla sh[2513]: Wrote 0 deleted host decls to leases file.
Feb 6 05:26:50 firewalla sh[2513]: Wrote 0 new dynamic host decls to leases file.
Feb 6 05:26:50 firewalla dhcpd[2513]: For info, please visit https://www.isc.org/software/dhcp/
Feb 6 05:26:50 firewalla dhcpd[2513]: Wrote 0 deleted host decls to leases file.
Feb 6 05:26:50 firewalla sh[2513]: Wrote 13 leases to leases file.
Feb 6 05:26:50 firewalla dhcpd[2513]: Wrote 0 new dynamic host decls to leases file.
Feb 6 05:26:50 firewalla dhcpd[2513]: Wrote 13 leases to leases file.
Feb 6 05:26:50 firewalla dhcpd[2513]: Open a socket for LPF: Permission denied
Feb 6 05:26:50 firewalla sh[2513]: Open a socket for LPF: Permission denied
Feb 6 05:26:50 firewalla sh[2513]: If you think you have received this message due to a bug rather
Feb 6 05:26:50 firewalla sh[2513]: than a configuration issue please read the section on submitting
Feb 6 05:26:50 firewalla sh[2513]: bugs on either our web page at www.isc.org or in the README file
Feb 6 05:26:50 firewalla sh[2513]: before submitting a bug. These pages explain the proper
Feb 6 05:26:50 firewalla sh[2513]: process and the information we find helpful for debugging.
Feb 6 05:26:50 firewalla sh[2513]: exiting.
Feb 6 05:26:50 firewalla dhcpd[2513]:
Feb 6 05:26:50 firewalla dhcpd[2513]: If you think you have received this message due to a bug rather
Feb 6 05:26:50 firewalla dhcpd[2513]: than a configuration issue please read the section on submitting
Feb 6 05:26:50 firewalla dhcpd[2513]: bugs on either our web page at www.isc.org or in the README file
Feb 6 05:26:50 firewalla dhcpd[2513]: before submitting a bug. These pages explain the proper
Feb 6 05:26:50 firewalla dhcpd[2513]: process and the information we find helpful for debugging.
Feb 6 05:26:50 firewalla dhcpd[2513]:
Feb 6 05:26:50 firewalla dhcpd[2513]: exiting.
Feb 6 05:26:50 firewalla systemd[1]: isc-dhcp-server.service: Main process exited, code=exited, status=1/FAILURE
Feb 6 05:26:50 firewalla kernel: [ 1098.167716] audit: type=1400 audit(1580966810.807:64): apparmor="DENIED" operation="create" profile="/usr/sbin/dhcpd" pid=2513 comm="dhcpd" family="packet" sock_type="dgram" protocol=8 requested_mask="create" denied_mask="create"
Feb 6 05:26:50 firewalla systemd[1]: isc-dhcp-server.service: Failed with result 'exit-code'.

#dmseg
[ 1225.764932] audit: type=1400 audit(1580966938.403:67): apparmor="DENIED" operation="open" profile="/usr/sbin/dhcpd" name="/proc/sys/net/ipv4/ip_local_port_range" pid=2722 comm="dhcpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[ 1225.765050] audit: type=1400 audit(1580966938.403:68): apparmor="DENIED" operation="open" profile="/usr/sbin/dhcpd" name="/proc/sys/net/ipv4/ip_local_port_range" pid=2722 comm="dhcpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[ 1225.863847] audit: type=1400 audit(1580966938.503:69): apparmor="DENIED" operation="create" profile="/usr/sbin/dhcpd" pid=2722 comm="dhcpd" family="packet" sock_type="dgram" protocol=8 requested_mask="create" denied_mask="create"

If I remove the ib_ipoib kernel module it will start just fine.

What do I have to do to properly fix this short of getting rid of apparmor?