So, I had been chasing a red herring for a while (looking at permission checks in the cache load/save code that could be affected by AppArmor), and missed the most obvious issue: cache versioning.
Up until Bionic, we were shipping 2.11.94, which used cache version 6. From 2.11.95 on, fontconfig has used cache version 7. If nothing outside the sandbox rebuilds version 6 caches, then there are no caches for the confined app to take advantage of, despite having read only access to the host system caches. I imagine the same will happen in reverse when we have core18 based apps running on older hosts.
As for solving the problem, I don’t think we should give write access to the fontconfig cache in the real home directory. Fontconfig memory maps the cache files with MAP_SHARED, so I’d be worried about the possibilities of a confined app causing other apps to misbehave. It is fine for a user level process to trust caches produced by root, and confined apps to trust caches produced by unconfined apps, but going in the other direction is troubling.
Arranging for cache files of a non-default version to be generated outside of confinement is probably the best option, but I’m not sure what should be responsible for handling this.