Comment # 2 on bug 1186711 from Michael Hamilton

(In reply to Christian Boltz from comment #1)
> The last big(ger) change was the update to AppArmor 3.0.1 - but that was
> already on Dec 02 2020. Since then, there were a few small patches added
> (all adding more permissions) and a few small packaging changes - nothing
> that could explain your dnsmasq problems.
> 
> What's the previous rule you had to allow running your script?
> (The shipped dnsmasq profile never allowed to run anything in /usr/local/,
> so if your answer is "no previous rule", then please check your logs if that
> "failed to execute" message is really new.)

Thanks for the prompt attention to this issue.

I previously had no rules and the script was working fine (it checks for any
unexpected MAC addresses requesting IP addresses and sends an email in case I
need to investigate).  After the dup, the script no longer worked and I then
found the errors in the journal (no similar errors prior to the dup).  As I
explained, it was at this point I started investigating permissions+apparmor
and found that adding a rule could restore the previous behavior. 

This Raspberry-Pi's sole task is to run dnsmasq (with DHCP) in my home network.
Aside from issuing a dup no other changes were made prior to the issue.

This is not particularly important to me. Feel free to close or park the case
if it is inexplicable. I'm happy to use a rule to achieve the past behavior.  
I mainly logged the issue in case it indicated potential for issues with other
daemons that might also run scripts.