Thankyou @mborzecki. I think this is narrowing it down alot.
I fixed the incorrect version issue, so now:
$ snap version
snap 2.37.2
snapd 2.37.2
series 16
gentoo -
kernel 4.20.6-gentoo
Also read a bit of the source code to find how it determines if it is confined. I must say, it is quite easy to read. I was able to enable debugging and get the following:
$ export SNAP_CONFINE_DEBUG=1
$ snap run chromium
DEBUG: security tag: snap.chromium.chromium
DEBUG: executable: /usr/lib/snapd/snap-exec
DEBUG: confinement: non-classic
DEBUG: base snap: core18
DEBUG: ruid: 1000, euid: 0, suid: 0
DEBUG: rgid: 1000, egid: 0, sgid: 0
DEBUG: apparmor label on snap-confine is: unconfined
DEBUG: apparmor mode is: (null)
snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks
A little searching on that debug info and I found this post.
That coupled with @mborzecki’s reply points me to the fact that there is no snap-confine profile in /etc/apparmor.d
I couldn’t find this file in the source, is it something that can be generated?
Many thanks