I've discovered that the registry interceptions are not working in the warn only sandbox that I hope to land soon for bug 1018966. This is to fix them, as it doesn't appear to be trivially easy and I don't want to block that bug on this.
If I try to add any sort of registry policy rule then the plugin-container process seems to die immediately. Strangely, if I have the process in debug before it is initially un-suspended it blows up in ntdll.dll before it even hits main. (Tim - this sounds a bit like the issues you were getting.) If I just ignore the error and continue, it appears to run OK, although things don't seem to work fully. I can't see anything obviously different in the current Chromium code for this and it doesn't appear to use any registry policy rules. I'm going to try building Chromium and see if I can add registry rules for that.
This was done as part of bug 1018966 in the end.