Comment 5 for bug 1576308

AIUI people should be using --devmode to work around confinement problems while proper interfaces are in place, so I think at this most basic level, people should be unblocked (at least in terms of security policy).

To set the context for this discussion: the good news is that proper gsettings mediation work is underway with both upstream, the security and the desktop teams being involved. Unfortunately, for the security team this work is behind phase 1 of apparmor stacking work in support of LXD. Most of that work has landed and is in 16.04, but a number of bugs need to be addressed by 16.04.1 and the developer tasked with gsettings mediation is still focused on this LXD stacking work and unless the stacking work is deprioritized, the gsettings mediation will not be picked up for a while.

If --devmode is deemed insufficient while we wait for the gsettings work to recommence, we can:
1. add a new reserved 'gsettings-global' (actual name TBD) interface that does not auto-connect. This would allow unrestricted read/write access to the global gsettings database in the user's session
2. when gsettings mediation lands, add app-specific gsettings access to the unity7 interface
3. adjust the 'gsettings-global' interface for the gsettings mediation (eg, add the bare 'gsettings,' rule)

My feeling is '1' will be useful/required for certain applications and it can remained a privileged interface once we have gsettings mediation so this wouldn't be wasted effort if people feel it would help.