pub fn find_bwrap() -> Option<PathBuf>Expand description
Locate the bwrap binary.
Checks a fixed list of trusted system paths first, because they’re
owned by root on every mainstream Linux distro and therefore can’t
be planted by a non-privileged attacker. Only if none of those
exist does the search fall back to walking $PATH — at which
point a tracing::warn! fires (once per process) so operators can
notice that isolation is trusting an attacker-plantable lookup.
Returns None if bwrap is not installed anywhere we know to look.