I saw the note in NixOS manual (https://nixos.org/nixos/manual/index.html#ch-containers):
Warning: Currently, NixOS containers are not perfectly isolated from the host system. This means that a user with root access to the container can do things that affect the host. So you should not give container root access to untrusted users.
Is there any detail why there’s that limitation and if currently someone is working on that.