How sensitive is access to the dconf config file and dbus interface?

[odomingao]

I want to play (less trusted) windows games relatively securely using Bottles (sandboxed with bubblejail), however it requires access to the dconf dbus to save settings. Will this allow for any easy escapes outside of GNOME?

[rusty-snake]

Well, it oblivious depends on the other programs you have installed that make use of this shared settings system. Nevermind, you should generally treat talk access to ca.desrt.dconf as command execution on the host.

As a workaround you can set GSETTINGS_BACKEND=keyfile which will cause gsettings to read and write from/to $XDG_CONFIG_HOME/glib-2.0/settings/keyfile. Of course you have to ensure that $XDG_CONFIG_HOME/glib-2.0/settings/keyfile on the host is not the same file as inside of the sandbox.

Note that

The following environment variables are only useful for debugging GIO itself or modules that it loads. They should not be set in a production environment.

https://docs.gtk.org/gio/overview.html#running-gio-applications

[odomingao]

Thank you, this works

[igo95862]

I wonder how flatpak handles this.

Also it is probably best to have a separated D-Conf in each instance. This can probably be possible by running a separated D-Bus inside instance and using a bridge.

[rusty-snake]

gio/gsettings detects that is runs under flatpak (/.flatpak-info) and automatically selects the keyfile backend (unless overwritten by static permissions in the manifest).

• GTK Settings like theme are exposed via portal
• --metadata=X-DConf=migrate-path= in the manifest can be used to migrate a flatpak from host-dconf to per-flatpak keyfile

https://docs.flatpak.org/en/latest/sandbox-permissions.html#dconf-access