fhs-userenv-bubblewrap: Preserve symlinks

Preserve top-level symlinks such as /lib -> /usr/lib.

This allows nested containers such as Steam's new runtime to remount
/usr if they need to and then run unmodified binaries that reference
e.g. /lib/ld-linux-x86-64.so.2

Before, we would mount the fully resolved host directory at /lib and
thus the dynamic loader would always be the one from the host filesystem.

pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix

@@ -68,13 +68,18 @@ let
   bwrapCmd = { initArgs ? "" }: ''
     blacklist=(/nix /dev /proc /etc)
     ro_mounts=()
+    symlinks=()
     for i in ${env}/*; do
       path="/''${i##*/}"
       if [[ $path == '/etc' ]]; then
-        continue
+        :
+      elif [[ -L $i ]]; then
+        symlinks+=(--symlink "$(readlink "$i")" "$path")
+        blacklist+=("$path")
+      else
+        ro_mounts+=(--ro-bind "$i" "$path")
+        blacklist+=("$path")
       fi
-      ro_mounts+=(--ro-bind "$i" "$path")
-      blacklist+=("$path")
     done
 
     if [[ -d ${env}/etc ]]; then
@@ -114,6 +119,7 @@ let
       --ro-bind /nix /nix
       ${etcBindFlags}
       "''${ro_mounts[@]}"
+      "''${symlinks[@]}"
       "''${auto_mounts[@]}"
       ${init runScript}/bin/${name}-init ${initArgs}
     )