--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -15,16 +15,20 @@
 #include "nsThreadUtils.h"
 #include "nsXULAppAPI.h"
 #include "SpecialSystemDirectory.h"
 
 #ifdef ANDROID
 #include "cutils/properties.h"
 #endif
 
+#ifdef MOZ_WIDGET_GTK
+#include <glib.h>
+#endif
+
 namespace mozilla {
 
 /* static */ bool
 SandboxBrokerPolicyFactory::IsSystemSupported() {
 #ifdef ANDROID
   char hardware[PROPERTY_VALUE_MAX];
   int length = property_get("ro.hardware", hardware, nullptr);
   // "goldfish" -> emulator.  Other devices can be added when we're
@@ -144,16 +148,25 @@ SandboxBrokerPolicyFactory::SandboxBroke
   // Bug 1312678: radeonsi/Intel with DRI when using WebGL
   policy->AddDir(rdwr, "/dev/dri");
 
 #ifdef MOZ_ALSA
   // Bug 1309098: ALSA support
   policy->AddDir(rdwr, "/dev/snd");
 #endif
 
+#ifdef MOZ_WIDGET_GTK
+  // Bug 1321134: DConf's single bit of shared memory
+  if (const auto userDir = g_get_user_runtime_dir()) {
+    // The leaf filename is "user" by default, but is configurable.
+    nsPrintfCString shmPath("%s/dconf/", userDir);
+    policy->AddPrefix(rdwrcr, shmPath.get());
+  }
+#endif
+
   mCommonContentPolicy.reset(policy);
 #endif
 }
 
 #ifdef MOZ_CONTENT_SANDBOX
 UniquePtr<SandboxBroker::Policy>
 SandboxBrokerPolicyFactory::GetContentPolicy(int aPid)
 {

--- a/security/sandbox/linux/broker/moz.build
+++ b/security/sandbox/linux/broker/moz.build
@@ -27,10 +27,12 @@ LOCAL_INCLUDES += [
 include('/ipc/chromium/chromium-config.mozbuild')
 
 # Need this for safe_sprintf.h used by SandboxLogging.h,
 # but it has to be after ipc/chromium/src.
 LOCAL_INCLUDES += [
     '/security/sandbox/chromium',
 ]
 
+if 'gtk' in CONFIG['MOZ_WIDGET_TOOLKIT']:
+    CXXFLAGS += CONFIG['GLIB_CFLAGS']
 
 FINAL_LIBRARY = 'xul'