I happened to encounter a very weird problem. I'm running Ubuntu 17.10 in development mode since around April, and ever since I have been trying to stay on the latest kernel RC to avoid nasty problems with suspend and GPU that I've had on my Dell Precision.
Since I have installed 4.14-rc2, I suddenly lost WiFi connectivity. After running bisect I narrowed the problem down to a changeset in the kernel that has updated Apparmor.
Looking at journalctl -xe output I noticed that a lot of errors like that appeared:
Oct 27 14:45:48 precision audit[6088]: AVC apparmor="DENIED" operation="create" profile="/sbin/dhclient" pid=6088 comm="dhclient" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create"
Errors like this happened also for procceses mysqld, avahi-daemon and cups-browsed. I have disabled the profiles for these processes with the following command:
$ sudo ln -s /etc/apparmor.d/sbin.dhclient /etc/apparmor.d/disable
$ sudo apparmor_parser -R /etc/apparmor.d/sbin.dhclient
And boom, I have WiFi back. But is this the right way to handle this situation? Should I modify the profiles instead, or submit a bug to Launchpad about it?
Yes, major changes to kernel security (i.e. apparmor) missed kernel 4.14-rc1 due to some issues but were included in kernel 4.14-rc2. And yes, there is a non-backwards compatible change.
Myself, I either compile the kernel with apparmor disabled, or more simply just boot with it disabled. i.e. in `/etc/default/grub":
The related launchpad bug report (even though the description is a little wrong) is here. It does have some work arounds.
Note that this question and answer might end up being put on hold, because the release candidate kernels are actually not supported here.
EDIT: late breaking entry from the bug report: