Comment 4 for bug 1901373

Admitting I know very little about apparmor, here is the profile that worked for me:
# cat /etc/apparmor.d/usr.sbin.dhcpd

# vim:syntax=apparmor

#include <tunables/global>

/usr/sbin/dhcpd {
  #include <abstractions/base>
  #include <abstractions/nameservice>

  capability chown,
  capability dac_override,
  capability net_bind_service,
  capability net_raw,
  capability setgid,
  capability setuid,
  capability sys_chroot,

  network inet raw,
  network packet raw,

  /etc/dhcp/dhcpd.conf r,
  /etc/dhcp/dhcpd6.conf r,
  /etc/bind/* r,
  /etc/hosts.allow r,
  /etc/hosts.deny r,
  @{PROC}/net/dev r,
  /usr/sbin/dhcpd rmix,
  /var/lib/dhcp/dhcpd.leases* rwl,
  /var/lib/dhcp/dhcpd6.leases* rwl,
  /{,var/}run/dhcp-server/dhcpd.pid wl,
}