Unable to use raw socket

I’m currently making a snap for this project: https://github.com/imsnif/bandwhich

It visualizes the amount of traffic used by applications by cross-referencing process names in /proc and the observing traffic passing through network interfaces.

I thought using the following plugs would be enough, but after changing the confinement to strict, AppArmor prevents it from opening a raw socket:

apps:
  bandwhich:
    command: bandwhich
    plugs:
      - network
      - network-bind
      - system-observe

= AppArmor =
Time: Jan 14 13:58:02
Log: apparmor="DENIED" operation="create" profile="snap.bandwhich-carroarmato0.bandwhich" pid=30386 comm="bandwhich" family="packet" sock_type="raw" protocol=768 requested_mask="create" denied_mask="create"

Any suggestions on how to deal with that?

The network-control interface allows using raw packet sockets, did you try declaring that interface in your snap and connecting it after installing the snap?