Comment 3 for bug 1465724

I was wrong about net/http. This is the simplest reproducer:

$ cat /tmp/profile
profile "foo" {
   network,
   ptrace,
   signal,
   file,
}

$ cat /tmp/main.go
package main
func main() {
}

$ sudo apparmor_parser -r /tmp/profile && sudo aa-exec -p foo go run /tmp/main.go

then see this denial:
audit: type=1400 audit(1434479051.291:326): apparmor="DENIED" operation="capable" profile="foo" pid=30185 comm="go" capability=12 capname="net_admin"

Running it as non-root does not show the denial. Eg,
$ sudo apparmor_parser -r /tmp/profile && aa-exec -p foo go run /tmp/main.go