The version is, as provided in the initial message,
apparmor version 2.8.95~2430-0ubuntu5.3
Dec 11 10:24:07 gw-dc01 kernel: [2214272.912766] type=1400 audit(1449822247.549:21251): apparmor="ALLOWED" operation="file_inherit" profile="/usr/sbin/sssd//null-45" name="/var/log/sssd/ldap_child.log" pid=7112 comm="nsupdate" requested_mask="" denied_mask="" fsuid=0 ouid=0
I was able to make this all work by creating profile for /usr/bin/nsupdate and adding rule /usr/bin/nsupdate rmpx
I'll try to see if testing latest AppArmor is doable.
The version is, as provided in the initial message,
apparmor version 2.8.95~ 2430-0ubuntu5. 3
Dec 11 10:24:07 gw-dc01 kernel: [2214272.912766] type=1400 audit(144982224 7.549:21251) : apparmor="ALLOWED" operation= "file_inherit" profile= "/usr/sbin/ sssd//null- 45" name="/ var/log/ sssd/ldap_ child.log" pid=7112 comm="nsupdate" requested_mask="" denied_mask="" fsuid=0 ouid=0
I was able to make this all work by creating profile for /usr/bin/nsupdate and adding rule /usr/bin/nsupdate rmpx
I'll try to see if testing latest AppArmor is doable.