nix 2.0?

[Mic92]

This could need an update.

[LnL7]

I ran into some kind of problem with nix-env, didn't look into it any further yet.

building '/nix/store/gn4yxdxzzw6qvmrwfbbd1ql6bv3prsmv-user-environment.drv'...
while setting up the build environment: executing '/nix/store/lg0s7z1bvj2chimz3a4qax3y8ssw45m3-nix-2.0/libexec/nix/buildenv': Permission denied
builder for '/nix/store/gn4yxdxzzw6qvmrwfbbd1ql6bv3prsmv-user-environment.drv' failed with exit code 1
error: build of '/nix/store/gn4yxdxzzw6qvmrwfbbd1ql6bv3prsmv-user-environment.drv' failed

[LnL7]

This looks pretty suspicious to me, but I'm not sure where to go from there.

[pid 13227] seccomp(SECCOMP_SET_MODE_STRICT, 1, NULL) = -1 EINVAL (Invalid argument)

https://gist.github.com/LnL7/e6b613f4016a60c3c478d4c078af8212#file-gistfile1-txt-L27

[Mic92]

@LnL7 do you have branch for, I could try this? I am pretty familiar with linux os sandboxing internals.

[LnL7]

nix-wip or do you want an image?

[Mic92]

that should be ok.

[Mic92]

@LnL7 do your run docker on nixos? Do you have any non-standard options?

[Mic92]

Or does your error happen during docker build?

[Mic92]

Dockerfiles are also working for me.

[Mic92]

Ah, no. Now I can reproduce it.

[Mic92]

Let's get swifty: https://github.com/Mic92/cntr :)

[Mic92]

I first guessed it was a special syscall filter being applied during docker build. But I get the same error when using cntr, so it must be something else. I will digger deeper.

[Mic92]

That seccomp error is not the actual problem.

[LnL7]

Thanks for the help with debugging!