When I normally run a derivation builder script, it is executed by the nixbld
user. When nix.settings.sandboxing = false;
in configuration.nix
or __noChroot = true;
is added to the derivation. The script is run without a user. e.g. Running whoami
yields “whoami: cannot find name for user ID 872415232” while otherwise it would yield “nixbld”. This causes errors with running any sandbox script with podman, as podman needs to be run by a user in a group. I also cannot switch to a new user in the derivation builder, as su
requires a terminal and sudo
has been disabled (“sudo: The “no new privileges” flag is set, which prevents sudo from running as root.”).
How can I work around this? I need sandboxing, but I also need to be able to interact with container build tools.