The apparmorfs kernel query interface file has more restrictive file permissions in the upstream kernel versus what we've had in the Ubuntu sauce patches.
In Artful (Ubuntu 4.11.0-13.19-generic 4.11.12):
$ ls -al /sys/kernel/security/apparmor/.access
-rw-rw-rw- 1 root root 0 Aug 15 17:38 /sys/kernel/security/apparmor/.access
In linux-next (4.13.0-rc6-next-20170824):
$ ls -al /sys/kernel/security/apparmor/.access
-rw-r----- 1 root root 0 Aug 24 21:26 /sys/kernel/security/apparmor/.access
This means that the D-Bus session bus cannot perform AppArmor policy queries because it can't open the .access file.
The apparmorfs kernel query interface file has more restrictive file permissions in the upstream kernel versus what we've had in the Ubuntu sauce patches.
In Artful (Ubuntu 4.11.0- 13.19-generic 4.11.12): security/ apparmor/ .access security/ apparmor/ .access
$ ls -al /sys/kernel/
-rw-rw-rw- 1 root root 0 Aug 15 17:38 /sys/kernel/
In linux-next (4.13.0- rc6-next- 20170824) : security/ apparmor/ .access security/ apparmor/ .access
$ ls -al /sys/kernel/
-rw-r----- 1 root root 0 Aug 24 21:26 /sys/kernel/
This means that the D-Bus session bus cannot perform AppArmor policy queries because it can't open the .access file.