Use pivot_root instead of chroot

[symphorien]

Using pivot_root instead of chroot enables the use of user namespaces inside nix-user-chroot: before

$ nix-build --option sandbox true -E 'with import <nixpkgs> {}; stdenv.mkDerivation { name = "need-sandbox"; src=sl.src; buildScript = "echo yay"; }'
these derivations will be built:
  /nix/store/hgqsrs11mhhzydahv8hr4q6ks7ljxn5g-need-sandbox.drv
error: cloning builder process: Operation not permitted
error: unable to start build process

After:

$ nix-build --option sandbox true -E 'with import <nixpkgs> {}; stdenv.mkDerivation { name = "need-sandbox"; buildCommand = "echo yay; touch $out"; }'
these derivations will be built:
  /nix/store/qpa0aj8ii9bv75wvy77xb1jgp14mpq94-need-sandbox.drv
building '/nix/store/qpa0aj8ii9bv75wvy77xb1jgp14mpq94-need-sandbox.drv'...
yay
/nix/store/fvdflsac743zh3f3q0s1zzba2348sliw-need-sandbox

The inspiration for using pivot_root is https://lkml.org/lkml/2018/10/15/628

One quirk is that creating a temporary directory, bind mounting everything inside and then pivot_root does not work (for an unknown reason). The bindmounted directories are empty after pivoting. So instead I go the other way around: pivot_root to an empty directory and then I use the mount point for the old root to repopulate the new one. One detail is that I cannot unmount the old root. So I hide it with another. The only directory which is guaranteed to be in the new root is /nix, so I pivot the old root to /nix. This is a bit confusing when reading the code.

[symphorien]

Also fixes #7

$ ./nix-user-chroot nix ./nix-user-chroot nix echo yay
yay

[Mic92]

@lethalman are you still interested in maintaining this?

[Mic92]

I ported your implementation to rust. This also fixes the missing license of this project: https://github.com/nix-community/nix-user-chroot