diff --git a/hosts/common/programs/assorted.nix b/hosts/common/programs/assorted.nix
index 742ae8d9a..573a33831 100644
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@@ -444,6 +444,11 @@ in
     "gnome.gnome-disk-utility".sandbox.method = "bwrap";
     "gnome.gnome-disk-utility".sandbox.whitelistDbus = [ "system" ];
     "gnome.gnome-disk-utility".sandbox.whitelistWayland = true;
+    "gnome.gnome-disk-utility".sandbox.extraHomePaths = [
+      "tmp"
+      "use/iso"
+      # TODO: probably need /dev and such
+    ];
 
     # seahorse: dump gnome-keyring secrets.
     # N.B.: it can also manage ~/.ssh keys, but i explicitly don't add those to the sandbox for now.