Selectively share nix store paths #4
Description
nix-bubblewrap selectively shares only the nix store paths required for the current executable. We could use the same approach in order to shrink the sandbox. https://git.sr.ht/~fgaz/nix-bubblewrap/tree/master/item/nix-bwrap.tcl#L44
❱ nix-store --query --requisites $(readlink -f $(which zsh))
/nix/store/16hvpw4b3r05girazh4rnwbw0jgjkb4l-xgcc-14.3.0-libgcc
/nix/store/7r0k7ywzmgkscjxgzmgwsng0545h8id6-libunistring-1.3
/nix/store/2q1vszdygbs1icp1cd18a4d11zcsc97y-libidn2-2.3.8
/nix/store/g8zyryr9cr6540xsyg4avqkwgxpnwj2a-glibc-2.40-66
/nix/store/37z7hy6ysj6dg60m9xvbx8dyaxslvaf2-pcre-8.45
/nix/store/yw7vb4hamv9mqgbgf7598zvis7k2spyx-ncurses-6.5
/nix/store/jcs2x94ps3im3miq10cw6jv998nydffw-zsh-5.9