I am using following in a script of a brand store snap which has kernel-module-control
snap-declaration. Error is seen only with strict mode confinement.
mknod /dev/fpd c $major 0
mknod /dev/flow c $major 1
mknod /dev/bridge c $major 2
mknod /dev/user c $major 3
mknod /dev/rcache c $major 4
mknod /dev/ipfrag c $major 5
mknod /dev/spd c $major 6
Error seen is (snap log):
2020-05-11T11:52:51Z dp.launch[5122]: mknod: /dev/fpd: Operation not permitted
= Seccomp =
Time: May 11 15:20:38
Log: auid=4294967295 uid=0 gid=0 ses=4294967295 pid=2464 comm="mknod" exe="/bin/mknod" sig=0 arch=c000003e 133(mknod) compat=0 ip=0x7f558e29b86d code=0x50000
Syscall: mknod