Sigh. Please disregard OP. Apparmor screws me again.
Apparmor wants read access to /etc/gai.conf
I can't make any sense of
The functions getaddrinfo() and getnameinfo() convert domain names, hostnames, and IP addresses between human-readable text representations and structured binary formats for the operating system's networking API. Both functions are contained in the POSIX standard application programming interface (API).
No idea if it's safe to let through.