AIUI people should be using --devmode to work around confinement problems while
proper interfaces are in place, so I think at this most basic level, people
should be unblocked (at least in terms of security policy).

To set the context for this discussion: the good news is that proper gsettings
mediation work is underway with both upstream, the security and the desktop
teams being involved. Unfortunately, for the security team this work is behind
phase 1 of apparmor stacking work in support of LXD. Most of that work has
landed and is in 16.04, but a number of bugs need to be addressed by 16.04.1
and the developer tasked with gsettings mediation is still focused on this LXD
stacking work and unless the stacking work is deprioritized, the gsettings
mediation will not be picked up for a while.

If --devmode is deemed insufficient while we wait for the gsettings work to
recommence, we can:
1. add a new reserved 'gsettings-global' (actual name TBD) interface that does
not auto-connect. This would allow unrestricted read/write access to the global
gsettings dbus in the user's session
2. when gsettings mediation lands, add app-specific gsettings access to the
unity7 interface
3. adjust the 'gsettings-global' interface for the gsettings mediation (eg, add
the bare 'gsettings,' rule)

My feeling is '1' will be useful/required for certain applications and it can
remained a privileged interface once we have gsettings mediation so this
wouldn't be wasted effort if people feel it would help.