pub fn bind_mount_rootfs(root: &Path, rootfs_path: &Path) -> Result<()>Expand description
Bind mount a pre-built rootfs (e.g. a Nix store closure) into the container.
Instead of exposing the full host /bin, /usr, /lib, /lib64, /nix, this mounts a minimal, purpose-built root filesystem. Suitable for production services.