Recursive Nix is broken with --store #5360
Description
Describe the bug
addDependency uses setns which needs privileges to enter the mount namespace to add bind mounts. With --store when not run as root, this fails.
When using Recursive Nix with --store and root, it fails here instead for some yet unknown reason.
In practice, this means that any non-trivial derivation built inside the sandbox will fail as it causes addDependency to be called.
Steps To Reproduce
{ pkgs ? import <nixpkgs> {} }:
let
hello-nix = pkgs.writeText "hello.nix" ''
with import ${pkgs.path} {}; hello
'';
in pkgs.runCommand "djE" {
nativeBuildInputs = [ pkgs.nixUnstable ];
requiredSystemFeatures = [ "recursive-nix" ];
} ''
nix-build ${hello-nix}
cp -L ./result $out
''Expected behavior
It should work.
nix-env --version output
nix (Nix) 2.4pre20210922_bcd73eb