[apparmor] AVC apparmor="ALLOWED" operation="exec" info="no new privs" error=-1

Sat Oct 7 15:34:45 UTC 2017

After updating the kernel from 4.12 -> 4.13, some of my programs stopped
working, even though they have profiles in the "complain mode". Here's an
example of a message that appears in the system log:

AVC apparmor="ALLOWED" operation="exec" info="no new privs" error=-1
profile="/bin/app_1" name="/bin/app_2" pid=60616 comm="app_1" requested_mask="x"
denied_mask="x" fsuid=104 ouid=0 target="/bin/app_2"

According to this log, app_1 has its profile and it wanted to execute app_2. The
app_1 profile has the following rule:

/bin/app_2 rPUx,

Before upgrading the kernel, everything was fine, but now (even in the complain
mode), the app doesn't work well -- it simply stopped working at all, and only
removing the profiles can make it work again.

So what is wrong in this case? It has the permission to execute the app_2, but
it looks like that it doesn't work anymore.