buildFHSEnv mounts /nix/store read-only and prevents FHS-installers from running.

[clefru]

Describe the bug

buildFHSEnv mounts /nix/store read-only, so we can't use an FHS environment inside a derivation to produce an output inside /nix/store. This is the case, for instance, when running a proprietary installer that requires an FHS environment. buildFHSEnvChroot still works though.

Please see https://github.com/clefru/nur-packages/blob/master/pkgs/ib-tws/default.nix#L28 for my main motivation.

Steps To Reproduce

{ pkgs ? import <nixpkgs> {} }:
with pkgs;
stdenv.mkDerivation {
  name = "my-foo-installer";
  phases = [ "installPhase" ];
  installPhase = ''
    echo "Running foo..."
    ${buildFHSEnvChroot { name = "fhs"; }}/bin/fhs ${pkgs.writeShellScript "okay" ''
    mkdir -p $out/works && echo "buildFHSEnvChroot worked"
''}
    ${buildFHSEnv { name = "fhs"; }}/bin/fhs ${pkgs.writeShellScript "fail" ''
    mkdir -p $out/fails && echo "buildFHSEnv worked"
''}
  '';
}

Expected behavior

buildFHSEnv should support installers (used inside a derivation builder script) that require an FHS environment.

Notify maintainers

@Atemu

Metadata

[user@system:~]$ nix-shell -p nix-info --run "nix-info -m"
 - system: `"x86_64-linux"`
 - host os: `Linux 5.15.117, NixOS, 23.05 (Stoat), 23.05pre-git`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.13.3`
 - channels(root): `"nixos-hardware"`
 - channels(clemens): `""`
 - nixpkgs: `/nix/nixpkgs`

[Atemu]

You should be able to bind-mount the outputs as rw via extraBwrapArgs.

I guess we could also just mount the Nix store rw as it should be ro at a lower level anyways.

[tulilirockz]

This also makes it so if you want to have a persistent partition in /nix/persist for impermanence any programs that use this FHS function will not work properly (e.g.: Steam errors out due to RO filesystem)