Other general thought: use sandbox = relaxed instead. This allows you to specify that specific builds need to escape the sandbox using __noChroot = true in the derivation, but other builds will still be in the sandbox.
5 Likes