pub const NOBODY_UID: u32 = 65534;
Conventional “nobody” UID/GID on Linux. bwrap maps the invoking user to this identity inside the sandbox so the stage cannot observe the real UID of the caller.