I started this topic three years ago, and we’re still in the same boat that if people want to or need to use strict confinement, or provide strict confinement of snaps within their distros, then the distro or the user needs to have a non-upstream kernel or have manually patched it themselves.
It is really disappointing to me to see that we still need to use a modified kernel to support the snap ecosystem properly.