sanebox: remove --sanebox-cache-symlink flag

modules/programs/make-sandbox-args.nix

@@ -3,7 +3,6 @@
 , allowedPaths ? []
 , allowedHomePaths ? []
 , allowedRunPaths ? []
-, symlinkCache ? {}
 , autodetectCliPaths ? false
 , capabilities ? []
 , dns ? null
@@ -18,13 +17,6 @@ let
   ];
   allowPaths = flavor: paths: lib.flatten (builtins.map (allowPath flavor) paths);
 
-  cacheLink = from: to: [
-    "--sanebox-cache-symlink"
-    from
-    to
-  ];
-  cacheLinks = links: lib.flatten (lib.mapAttrsToList cacheLink links);
-
   capabilityFlags = lib.flatten (builtins.map (c: [ "--sanebox-cap" c ]) capabilities);
 
   netItems = lib.optionals (netDev != null) [
@@ -48,5 +40,4 @@ in
   ++ capabilityFlags
   ++ lib.optionals (autodetectCliPaths != null) [ "--sanebox-autodetect" autodetectCliPaths ]
   ++ lib.optionals whitelistPwd [ "--sanebox-add-pwd" ]
-  ++ cacheLinks symlinkCache
   ++ extraConfig

pkgs/additional/sanebox/sanebox

@@ -123,9 +123,6 @@ usage() {
   echo '      allow access to the host <path>, relative to XDG_RUNTIME_DIR'
   echo '  --sanebox-add-pwd'
   echo '      shorthand for `--sanebox-path $PWD`'
-  echo '  --sanebox-cache-symlink <from> <to>'
-  echo '      assume that <from> is a symlink to <to>'
-  echo '      performance optimization to avoid spawning a readlink subshell'
   echo
   echo 'the following environment variables are also considered and propagated to children:'
   echo '  SANEBOX_DISABLE=1'
@@ -526,14 +523,6 @@ parseArgs() {
       (--sanebox-add-pwd)
         paths+=("$PWD")
         ;;
-      (--sanebox-cache-symlink)
-        local from="$1"
-        shift
-        local to="$1"
-        shift
-        relativeToPwd _absFrom "$from"
-        linkCache["$_absFrom"]="$to"
-        ;;
       (*)
         parseArgsExtra+=("$arg")
         ;;