adding patch to fix apparmor issues with 4.14.x series kernel

apparmor-fix-4.14.patch

@@ -0,0 +1,60 @@
+diff --git a/apparmor.d/abstractions/nameservice b/apparmor.d/abstractions/nameservice
+index 12ea151..a26c10d 100644
+--- a/apparmor.d/abstractions/nameservice
++++ b/apparmor.d/abstractions/nameservice
+@@ -94,6 +94,12 @@
+   network inet  dgram,
+   network inet6 dgram,
+ 
++  # TODO: replace with more specific "unix" rules once support for them
++  # arrives in the Linux kernel (probably in 4.15) and gives us detailed
++  # log messages
++  network unix dgram,
++  network unix stream,
++
+   # TODO: adjust when support finer-grained netlink rules
+   # Netlink raw needed for nscd
+   network netlink raw,
+diff --git a/apparmor.d/sbin.dhclient b/apparmor.d/sbin.dhclient
+index 1064e25..f432bf3 100644
+--- a/apparmor.d/sbin.dhclient
++++ b/apparmor.d/sbin.dhclient
+@@ -17,6 +17,9 @@
+   network packet,
+   network raw,
+ 
++  network unix dgram,
++  network unix stream,
++
+   @{PROC}/[0-9]*/net/ r,
+   @{PROC}/[0-9]*/net/** r,
+ 
+@@ -90,12 +93,15 @@
+ 
+   /run/NetworkManager/private-dhcp rw,
+   signal (send) peer=/sbin/dhclient,
++  signal (send) peer=dhcient,
+ 
+   /var/lib/NetworkManager/*lease r,
+   signal (receive) peer=/usr/sbin/NetworkManager,
+   ptrace (readby) peer=/usr/sbin/NetworkManager,
+   network inet dgram,
+   network inet6 dgram,
++
++  network unix stream,
+ }
+ 
+ /usr/lib/connman/scripts/dhclient-script {
+diff --git a/apparmor.d/usr.sbin.cupsd b/apparmor.d/usr.sbin.cupsd
+index e0c7e40..469e24f 100644
+--- a/apparmor.d/usr.sbin.cupsd
++++ b/apparmor.d/usr.sbin.cupsd
+@@ -42,6 +42,8 @@
+   network econet dgram,
+   network ash dgram,
+ 
++  network unix stream,
++
+   /bin/bash ixr,
+   /bin/dash ixr,
+   /bin/hostname ixr,