alt Hacker NewsIs your criticism here that there's no point in invoking bwrap directly when you could instead implement the same things that bwrap implements?
I'd much rather a system call bwrap than re-implement bwrap, because bwrap has already been extensively tested.
That was my thinking, too. The only other option would be reimplement it in Rust (never researched what exists though).