Error using 'mknod: /dev/fpd: ' in strict mode

I am using following in a script of a brand store snap which has kernel-module-control snap-declaration. Error is seen only with strict mode confinement.

mknod /dev/fpd c $major 0
mknod /dev/flow c $major 1
mknod /dev/bridge c $major 2
mknod /dev/user c $major 3
mknod /dev/rcache c $major 4
mknod /dev/ipfrag c $major 5
mknod /dev/spd c $major 6

Error seen is (snap log):
2020-05-11T11:52:51Z dp.launch[5122]: mknod: /dev/fpd: Operation not permitted

= Seccomp =
Time: May 11 15:20:38
Log: auid=4294967295 uid=0 gid=0 ses=4294967295 pid=2464 comm="mknod" exe="/bin/mknod" sig=0 arch=c000003e 133(mknod) compat=0 ip=0x7f558e29b86d code=0x50000
Syscall: mknod

mknod of character devices is not currently available to non-container manager snaps. Typically device creation is handled by a combination of kernel and udev, can you provide more details why you are creating these manually?

1 Like