Share /gnu/store in the BubbleWrap container and remove FHS mounts.

This is a Guix-specific patch not meant to be upstreamed.
diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
index f0a5e4b05dff..88b11f806968 100644
--- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
+++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
@@ -854,27 +854,12 @@ GRefPtr<GSubprocess> bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces
         "--ro-bind", "/sys/dev", "/sys/dev",
         "--ro-bind", "/sys/devices", "/sys/devices",
 
-        "--ro-bind-try", "/usr/share", "/usr/share",
-        "--ro-bind-try", "/usr/local/share", "/usr/local/share",
         "--ro-bind-try", DATADIR, DATADIR,
-
-        // We only grant access to the libdirs webkit is built with and
-        // guess system libdirs. This will always have some edge cases.
-        "--ro-bind-try", "/lib", "/lib",
-        "--ro-bind-try", "/usr/lib", "/usr/lib",
-        "--ro-bind-try", "/usr/local/lib", "/usr/local/lib",
         "--ro-bind-try", LIBDIR, LIBDIR,
-#if CPU(ADDRESS64)
-        "--ro-bind-try", "/lib64", "/lib64",
-        "--ro-bind-try", "/usr/lib64", "/usr/lib64",
-        "--ro-bind-try", "/usr/local/lib64", "/usr/local/lib64",
-#else
-        "--ro-bind-try", "/lib32", "/lib32",
-        "--ro-bind-try", "/usr/lib32", "/usr/lib32",
-        "--ro-bind-try", "/usr/local/lib32", "/usr/local/lib32",
-#endif
-
         "--ro-bind-try", PKGLIBEXECDIR, PKGLIBEXECDIR,
+
+        // Bind mount the store inside the WebKitGTK sandbox.
+        "--ro-bind", "@storedir@", "@storedir@",
     };
 
     if (launchOptions.processType == ProcessLauncher::ProcessType::DBusProxy) {
ommitter</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=71e1d0a4373f6cc5cd99e1400fb87d64d97c370f'>root</a>/<a href='/guix/log/gnu?id=71e1d0a4373f6cc5cd99e1400fb87d64d97c370f'>gnu</a>/<a href='/guix/log/gnu/packages?id=71e1d0a4373f6cc5cd99e1400fb87d64d97c370f'>packages</a>/<a href='/guix/log/gnu/packages/elm.scm?id=71e1d0a4373f6cc5cd99e1400fb87d64d97c370f'>elm.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/packages/elm.scm?id=71e1d0a4373f6cc5cd99e1400fb87d64d97c370f&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
12-18</span></td><td><a href='/guix/commit/nix?id=2d4d26769d6a3be1b21302b0bb2bd099fd55ccf8'>daemon: Make "opening file" error messages distinguishable.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span ti<tr><td><span title='2023-05-06 17:12:45 +0200'>2023-05-06</span></td><td><a href='/guix/commit/gnu/tests/mail.scm?i<tr><td><span title='2023-07-06 15:38:58 +0200'>2023-07-06</span></td><td><a href='/guix/commit/gnu/installer/services.scm?id=961ffca1c75141cbb351d143b22b673638e9659d'>installer: Restore LatGrkCyr-8x16 console font depending on language.</a><span class='msg-avail'>...</span></td><td>Denys Nykula</td></tr>
<tr><td><span title='2022-11-20 23:20:31 +0100'>2022-11-20</span></td><td><a href='/guix/commit/gnu/installer/services.scm?id=8c7ea71344b91c2c36dfbf6f2bc6daf559b1c696'>installer: Add comment above the 'packages' field.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
ove unused function findOutput.</a><span class='msg-avail'>...</span></td><td>Maxime Devos</td></tr>
<tr><td><span title='2022-09-11 16:43:30 +0200'>2022-09-11</span></td><td><a href='/guix/commit/nix?id=93032586df6b925e1ed9102dc3a77aa626aa60d3'>daemon: Remove unused function exportPaths.</a><span class='msg-avail'>...</span></td><td>Maxime Devos</td></tr>
<tr><td><span title='2022-09-11 16:43:30 +0200'>2022-09-11</span></td><td><a href='/guix/commit/nix?id=1c5f5d6d8cb3bd42ed436e31366a328598165734'>daemon: Remove unused function openStore.</a><span class='msg-avail'>...</span></td><td>Maxime Devos</td></tr>
<tr><td><span title='2022-06-05 02:00:00 +0200'>2022-06-05</span></td><td><a href='/guix/commit/nix?id=0ace58b99c7292dd962bcd244f274f8033a7fce4'>daemon: Quote consistently within a string.</a><span class='msg-avail'>...</span></td><td>Tobias Geerinckx-Rice</td></tr>
<tr><td><span title='2022-05-29 02:00:00 +0200'>2022-05-29</span></td><td><a href='/guix/commit/nix?id=82b06436b4b563a85e70f3fcc610959482f08e91'>daemon: Clarify ‘--check’ error when outputs are missing.</a><span class='msg-avail'>...</span></td><td>Tobias Geerinckx-Rice</td></tr>
<tr><td><span title='2022-05-18 22:29:55 +0200'>2022-05-18</span></td><td><a href='/guix/commit/nix?id=32916e04f7e1729b7ea5ab768607eb08183c015d'>daemon: runChild() is forbidden to talk during environment set up</a><span class='msg-avail'>...</span></td><td>yarl-baudig@mailoo.org</td></tr>
<tr><td><span title='2022-04-14 14:48:20 +0200'>2022-04-14</span></td><td><a href='/guix/commit/nix?id=5f74169e8e03e64a15499866c6a6de9f38d36f2d'>daemon: Support systemd-style socket activation.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2022-01-18 18:46:51 +0100'>2022-01-18</span></td><td><a href='/guix/commit/nix?id=575e52ac2b090fd194086e9c1c53bbf8055acbc2'>daemon: Always default to gzip for log compression.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2021-11-27 00:49:53 +0100'>2021-11-27</span></td><td><a href='/guix/commit/nix?id=1b1f557d888fa84b1bc818f1b221776355a7a2dd'>daemon: Print the line whence we expect an integer.</a><span class='msg-avail'>...</span></td><td>Tobias Geerinckx-Rice</td></tr>
<tr><td><span title='2021-11-25 00:17:21 +0100'>2021-11-25</span></td><td><a href='/guix/commit/nix?id=f9b1bb916c284bea00dd5549a43e0894b219d650'>daemon: Read substitute nar size as 'unsigned long long'.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2021-11-25 00:17:21 +0100'>2021-11-25</span></td><td><a href='/guix/commit/nix?id=1eb40a6dc4917f5a2e915f8b31b750dba3d378c6'>daemon: Read unsigned nar size and download size from substituter.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2021-11-19 23:04:19 +0100'>2021-11-19</span></td><td><a href='/guix/commit/nix?id=24224530d1f4a70808d003ba8dce849b77625b79'>daemon: Micro-optimize 'deletePath'.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2021-11-16 14:34:28 +0100'>2021-11-16</span></td><td><a href='/guix/commit/nix?id=472a0e82a52a3d5d841e1dfad6b13e26082a5750'>daemon: Do not deduplicate files smaller than 8 KiB.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2021-10-01 08:58:06 +0000'>2021-10-01</span></td><td><a href='/guix/commit/nix?id=8579304e8f4deaca33b816b2d56af1d814a03bde'>build: Don’t delete ‘guix-gc.timer’ file.</a><span class='msg-avail'>...</span></td><td>Xinglu Chen</td></tr>
<tr><td><span title='2021-09-20 14:18:21 +0000'>2021-09-20</span></td><td><a href='/guix/commit/nix?id=5c4fd77097e2cecfd4780e099af7954f86779fe1'>etc: Add systemd files for running ‘guix gc’ periodically</a><span class='msg-avail'>...</span></td><td>Thiago Jung Bauermann</td></tr>