While this doesn’t allow chown-to-self, there is an open PR that changes KILL to EPERM: https://github.com/snapcore/snapd/pull/3998. I tested the snap in GLib plus GIO fails because of fchown. snapcraft-preload ineffective - #3 by lucyllewy against this PR and see this:
$ glib-test # first try, no denials
Writing '/home/jamie/snap/glib-test/x1/test-glib-file'
successfully opened '/home/jamie/snap/glib-test/x1/test-glib-file'
$ glib-test # second try, does chown and has EPERM denial
Writing '/home/jamie/snap/glib-test/x1/test-glib-file'
successfully opened '/home/jamie/snap/glib-test/x1/test-glib-file'
With the non-KILL denial here:
Mar 06 05:04:33 sec-xenial-amd64 audit[2233]: SECCOMP auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=2233 comm="glib-test" exe="/snap/glib-test/x1/bin/glib-test" sig=0 arch=c000003e syscall=93 compat=0 ip=0x7f4a289ad337 code=0x50000
Mar 06 05:04:33 sec-xenial-amd64 kernel: audit: type=1326 audit(1520334273.629:50): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=2233 comm="glib-test" exe="/snap/glib-test/x1/bin/glib-test" sig=0 arch=c000003e syscall=93 compat=0 ip=0x7f4a289ad337 code=0x50000
(notice code=0x50000. KILL use code=0x0). As such, the above PR will address issues with glib file creation.