I’m using Nix with nix-daemon enabled on a chromebook using Crostini, which essentially puts me in a Debian Buster LXD container. This worked great in ChromeOS 81, but version 83 appears to break sandboxing:
$ nix-build these derivations will be built: /nix/store/0i9mr5fyjpivpgp05d3v0d3zwqwp8sy1-elm-app-0.1.0.drv error: while setting up the build environment: mounting /proc: Operation not permitted
If I run
nix-build as root with
--option sandbox false it works, but that’s far from ideal. I’m not intimately familiar with the crostini/crosvm security features, nor with Nix’s current sandboxing setup, so I’m hoping someone else knows what the story is here. Any clues?