Hi Daniel,
Having had a closer look at this thread (Access nmcli command from network-manager via interface) I found out that you guys are suggesting packaging nmcli inside the snap. I am wondering how packaging some binary (which in a later version might become incompatible with the network-manager service so this feels hackish) is better than having the snap in classic confinement. How is that insufficient justification for classic confinement?
If you guys are worried about security I think a better approach for classic confinement snaps would have been to have some type of manifest file (similar to a chrome extension one) where you require access to certain system binaries (nmcli in this case) so upon installing the snap the user would be informed that the application has access to the binary at hand.