I have flake. Flake builds derivation. Derivation runs docker or podman. Docker or podman run local image. Podman and docker fail when attempted to run as part of nix build process. Docker tries to open and access unix socket. Podman tries to manipulate cgroups.
Is any success to configure Podman/Docker to do unix socket or cgroup isolated by some namespace (example, hash of derivation)?
Can nix flake create isolation for cgroups/unix socket like it does for file system?