When I normally run a derivation builder script, it is executed by the nixbld user. When nix.settings.sandboxing = false; in configuration.nix or __noChroot = true; is added to the derivation. The script is run without a user. e.g. Running whoami yields “whoami: cannot find name for user ID 872415232” while otherwise it would yield “nixbld”. This causes errors with running any sandbox script with podman, as podman needs to be run by a user in a group. I also cannot switch to a new user in the derivation builder, as su requires a terminal and sudo has been disabled (“sudo: The “no new privileges” flag is set, which prevents sudo from running as root.”).
How can I work around this? I need sandboxing, but I also need to be able to interact with container build tools.