Hi @isaac.clack!
Would you mind sharing the denials you see while trying to make blue-print-evaluate work under strict confinement? There are some supported interfaces that should help to enumerate disks etc.
In case you are not familiar with, you can run snappy-debug which will recommend interfaces based on the behavior it observes in your snap.