I’m highly interested in spawning containers as part of a nix build.
I had a look at https://rootlesscontaine.rs/ to see if I could make it work, but it seems pretty much every container technology at least needs /etc/subuid and /etc/subgid configured. On a regular multi user nix installation the nixbuild users don’t have entries in these files. It seems to me however that within a nix-build this file wouldn’t be mapped into the build environment so that might not matter.
I’m wondering if anyone was already successful in this feat or if it requires patching nix to create these files as part of derivation-goal.cc.
My main motivation here is to benefit from nix’s reproducibility features when building software for other distros and using “off-the-shelf” containers.
I know that for that use case there also exists an infrastructure for spawning VMs, but that requires both KVM enabled and also it is harder for me to pass through some impure locations from the host (which I use to run CUDA code on an Nvidia GPU as part of the nix-build for some projects’ unit tests: /dev/nvidiactl)