Massive bindings that requires more than 9000 args

[freerig]

Hey there, it's about the 9000 args limit! https://github.com/containers/bubblewrap/blob/d6180f25b164c708b8b0a0d86d6a9642f30cd9a9/bubblewrap.c#L1768C1-L1779

Short issue: How to bind a massive amount of files, without copying them to a tempfs (I don't want duplicated data)?

The code says I should link them, but in order to symlink them, I would have to bind the src file (which makes me go into the same problem). I could also hardlink it but I use different devices for the files I wanna bind so I get Invalid cross-device link

Context (not essential): I'm doing a program that sandboxes a Minecraft client with Nix (no need to know Nix at all, this is just to give context). Nix stores all the resources, files, etc... in the Nix store (/nix/store), and so I have this massive amount of assets files in /nix/store. Every asset is in /nix/store, but not everything in /nix/store is an asset. And so I have the list of assets paths to give to bubblewrap (assets are still located in /nix/store), and it's too big.

[GalaxySnail]

If I understand this post correctly, the 9000-argument limitation is a mitigation of a certain glibc exploit that allows suid executables to be used to escalate root privileges. So I think this limitation may be unnecessary for a non-suid bwrap.