Don't use an abstract socket for a11y bus socket
Originally https://bugzilla.gnome.org/show_bug.cgi?id=787127, still seems to be valid with at-spi2-core 2.38.0-4 from Debian.
@alexl wrote:
at-spi currently uses a dbus address like:
unix:abstract=/tmp/dbus-QKYxCGaRa5
This is not a good idea in a sandboxed environment, because abstract socket paths are tied to the network namespace, and not to the filesystem namespace, and furthermore, they have no permission checks on them. This means any sandboxed app with network access can connect to the a11y bus, or even other users.
See this comment from the dbus maintainer on how to best avoid this: https://github.com/flatpak/flatpak/issues/79#issuecomment-326540713