When the portal looks up the peer app id it needs to know whether it
can trust that the cgroup path would be set, so that it can tell
whether the app is sandboxed or trusted. We used to check if the
cgroup was session-$uid.slice, and if so it was trusted, but this
failed in the case of per-user dbus (not per-session) where
e.g. gnome-terminal would be outside the session.
Now we just fail if we can't set up a cgroup, thus whenever the cgroup
path is not right we know that the app is trusted.