Function build_bwrap_command 

pub fn build_bwrap_command(
    bwrap: &Path,
    policy: &IsolationPolicy,
    inner_cmd: &[String],
) -> Command

Build a bwrap invocation that runs cmd inside a sandbox.

Returns a Command ready to spawn — the caller keeps ownership of stdin/stdout/stderr piping and waits on the child. The work_host path must exist; bwrap will fail otherwise.

Flags used (see bubblewrap(1)):

• --unshare-all — fresh user, pid, uts, ipc, mount, cgroup namespaces. Network namespace is unshared too, unless the policy re-shares via --share-net (see below).
• --uid 65534 --gid 65534 — map the invoking user to nobody/nogroup inside the sandbox. Without this, the stage would observe the host user’s real UID (informational leak, and potentially exploitable when combined with filesystem bind-mount misconfiguration).
• --die-with-parent — if the parent dies, so does the sandbox.
• --proc /proc, --dev /dev — standard Linux mounts.
• --ro-bind <host> <sandbox> — read-only mounts from the policy’s ro_binds. Always includes /nix/store.
• --bind <work_host> /work — writable scratch.
• --chdir /work — subprocess starts in the scratch dir.
• --clearenv — wipe the environment; the executor re-adds the allowlisted variables via .env(...).
• --share-net — only when policy.network is true.
• --cap-drop ALL — drop every capability inside the sandbox.