[SOLVED] Unprivileged nix inside a traditional Dockerfile based linux container

1

SOLVED

I was able to solve the nix permission issue in Docker + single user no-daemon install with 2 steps.

  1. Unset LC_ALL
  2. Recursive chown $USER /nix

Problem

I am trying to overcome the dreaded could not set permissions on per-user to 755 error:

error: could not set permissions on '/nix/var/nix/profiles/per-user' to 755: Operation not permitted

Scenario

Iā€™m building a devcontainer, which provides dependencies for most activities needed in my devops/gitops focused platform engineering devcontainer. I want to support working on git projects which have nix flakes as requirements to working with the code.

Currently, sorting through all of this nix inside a docker container nonsense is getting to be extremely tedius and worse, everything i read in terminal, via google/github/discourse search, all seems contradictory or down right non-functional. Take the cli snippet below as an example. instructions from the cli, used immediately on the cli, are not valid???

Anyway, iā€™m running in circles and really dont want to give up on nix. I am not going to re-write this whole container on nix right now but if I can dip my toes in the water and find success by solving this method, maybe it leads to slowly converting the whole Konductor traditional Dockerfile container build over to a Nix based build instead.

How can i solve this nix install inside my Dockerfile, so that we can use flakes when they are part of a project we are developing inside this devcontainer?

Steps to reproduce

Open the devcontainer yourself directly in Github Codespaces. Then try nix-shell --packages cowsay lolcat which produces the permissions error shown.

Reference

šŸ‹ āÆ nix build
error: could not set permissions on '/nix/var/nix/profiles/per-user' to 755: Operation not permitted

šŸ‹ āÆ nix build --debug --verbose 9
error: could not set permissions on '/nix/var/nix/profiles/per-user' to 755: Operation not permitted

šŸ‹ āÆ nix build --debug -vvvvv
error: could not set permissions on '/nix/var/nix/profiles/per-user' to 755: Operation not permitted

šŸ‹ āÆ nix-installer --no-start-daemon --init none
error: unexpected argument '--no-start-daemon' found

Usage: nix-installer [OPTIONS] <COMMAND>

For more information, try '--help'.

šŸ‹ āÆ nix-installer install --init none --no-start-daemon
error: unexpected argument '--init' found

  tip: to pass '--init' as a value, use '-- --init'

Usage: nix-installer install [OPTIONS] [PLAN]
       nix-installer install <COMMAND>

For more information, try '--help'.

šŸ‹ āÆ nix-installer install -- --init none --no-start-daemon
error: unexpected argument 'none' found

Usage: nix-installer install [OPTIONS] [PLAN]
       nix-installer install <COMMAND>

For more information, try '--help'.

šŸ‹ āÆ nix-installer install -- --init none --no-start-daemon

šŸ‹ āÆ nix-shell --packages cowsay lolkat
error: could not set permissions on '/nix/var/nix/profiles/per-user' to 755: Operation not permitted

šŸ‹ āÆ sudo -E fish -c "nix-shell --packages cowsay lolcat"
warning: $HOME ('/home/vscode') is not owned by you, falling back to the one defined in the 'passwd' file ('/root')
bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
1 Like
2

I guess I can compare my Dockerfile with this one to see if I can find a fix in it.

3

Reading through more forum posts it looks like this comment(1) written by @tomberek indicates there is a healthy group of people running nix in docker?

[1] Docker Debug and Nix - #2 by tomberek

4

Troubleshooting log:

  • Added a chown -R vscode /nix to dockerfile
  • Unset LC_ALL