Right, this is indeed about apparmor. The apparmor profile for tcpdump grants rw access to *.pcap. You're using a capture file named "ax0.cap", which doesn't match. I couldn't reproduce because I was testing the same scenario with the correct extension. I guess the simple fix would be to also grant access to *.cap in addition to *.pcap.
And in this case, "-Z root" doesn't restore the expected behavior because the apparmor sandbox applies to the process even when it's running as root, so it can only open files it owns or that otherwise match the policy.
