nix --store vs docker container

[wfranzini]

Hi,

I'm experimenting nix 2.0 with a CI system based on docker containers (https://concourse.ci).

In order to reduce the build time I was trying to use concourse's cache feature with the --store argument. However nix-env -i and nix build both fails with the following error message:

evaluating file '/nix/store/6p2gambjac7xdkd2a7w1dsxdk1q5cq4d-nix-2.0/share/nix/corepkgs/buildenv.nix'
evaluating file '/nix/store/6p2gambjac7xdkd2a7w1dsxdk1q5cq4d-nix-2.0/share/nix/corepkgs/config.nix'
error: cloning builder process: Operation not permitted

Is this a issue or simply the --store option is not meant to be run inside a container?

Thanks

[AmineChikhaoui]

Probably an issue with nested linux namespaces usage, as the build runs in PID/mount/.. namespaces https://github.com/NixOS/nix/blob/master/src/libstore/build.cc#L2132 and you're already in namespaces set by docker ? maybe if you try disabling sandboxing it will work

[cleverca22]

also, nix only tries to use namespaces if its root if you drop root and still have +w to the store, it will just skip all namespacing

[garbas]

I was hitting the same problem, but then running docker container with --privileged flag solved it. not sure you have this option, but it might be a solution.

[stale[bot]]

I marked this as stale due to inactivity. → More info