pub fn wrap_command(
cmd: &[String],
cfg: &SandboxConfig,
) -> Result<(Vec<String>, Confinement)>Expand description
Wrap cmd in the platform sandbox launcher per cfg.
Returns the command to exec plus the achieved confinement. Degrades
gracefully (warn + unconfined) when the platform has no sandbox,
EXCEPT for strict, where silently running unconfined would be a
lie – there we refuse.