I have an interesting application which I am trying to snap strictly confined. The current sticking point is that it breaks when trying to mknod, but not in /dev, in the home directory of the snap. This seems to be part of normal operation, and when run outside of confinement it creates a file in a dot folder under home, thus:-
prw------- 1 alan alan 0 Aug 10 18:29 foo.pipe
However, when strictly confined, the application crashes, strace reveals:-
No need for classic-support (not to mention, its use would likely be rejected since this isn’t what the interface is meant to be used for). The upcoming snapd 2.27 has rules in the default seccomp policy that allow the use of mknod for regular files, pipes and sockets: