Darwin sandbox build fails with "fork: Operation not permitted" #759
Description
E.g. with Nix 9be0374, Nixpkgs 15.09:
$ nix-build --option build-use-chroot true -E 'with import <nixpkgs> {}; runCommand "foo" { } "touch $out"'
building path(s) ‘/nix/store/hnzwbm53jds3kzv4ic360kpjib397x45-foo’
/nix/store/vzk0677wwysshiffn05cfjaq19sl8qfp-stdenv-darwin/setup: fork: Operation not permitted
builder for ‘/nix/store/hy4qcbcapvscwi1clp32hdqva2d9v4ma-foo.drv’ failed due to signal 11 (Segmentation fault: 11)
error: build of ‘/nix/store/hy4qcbcapvscwi1clp32hdqva2d9v4ma-foo.drv’ failed
This is caused by the fact that a bunch of required sandbox permissions (in particular, allow process-fork) have been moved from Nix to pkgs/stdenv/pure-darwin/standard-sandbox.sb in Nixpkgs. These permissions should be provided unconditionally, not left to the Nix expression to get right.