warning: unknown setting 'extra-sandbox-paths'

[mudrii]

Describe the bug
A clear and concise description of what the bug is.

 ~ > sudo nix-channel --update
warning: unknown setting 'extra-sandbox-paths'
warning: unknown setting 'extra-sandbox-paths'
unpacking channels...
warning: unknown setting 'extra-sandbox-paths'
 ~ > nixos-rebuild switch
warning: unknown setting 'extra-sandbox-paths'
building Nix...
warning: unknown setting 'extra-sandbox-paths'
warning: unknown setting 'extra-sandbox-paths'
warning: unknown setting 'extra-sandbox-paths'
warning: unknown setting 'extra-sandbox-paths'
building the system configuration...
warning: unknown setting 'extra-sandbox-paths'
warning: unknown setting 'extra-sandbox-paths'
error: --- SysError ---------------------------------------------------------------- nix-env
creating symlink from '/nix/var/nix/profiles/.0_system' to 'system-848-link': Permission denied

~ > sudo nix-channel --update && sudo nixos-rebuild switch
warning: unknown setting 'extra-sandbox-paths'
warning: unknown setting 'extra-sandbox-paths'
unpacking channels...
warning: unknown setting 'extra-sandbox-paths'
warning: unknown setting 'extra-sandbox-paths'
building Nix...
warning: unknown setting 'extra-sandbox-paths'
warning: unknown setting 'extra-sandbox-paths'
warning: unknown setting 'extra-sandbox-paths'
warning: unknown setting 'extra-sandbox-paths'
building the system configuration...
warning: unknown setting 'extra-sandbox-paths'
warning: unknown setting 'extra-sandbox-paths'
warning: unknown setting 'extra-sandbox-paths'
activating the configuration...
setting up /etc...
reloading user units for mudrii...
setting up tmpfiles

To Reproduce
Steps to reproduce the behavior:

1. Run usual system update

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context
Add any other context about the problem here.

Notify maintainers

Metadata
Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

nix-shell -p nix-info --run "nix-info -m"
warning: unknown setting 'extra-sandbox-paths'
warning: unknown setting 'extra-sandbox-paths'
 - system: `"x86_64-linux"`
 - host os: `Linux 5.8.17, NixOS, 20.09.1599.d105075a1fd (Nightingale)`
 - multi-user?: `yes`
 - sandbox: `yes`
warning: unknown setting 'extra-sandbox-paths'
 - version: `nix-env (Nix) 2.4pre20201102_550e11f`
warning: unknown setting 'extra-sandbox-paths'
 - channels(root): `"home-manager-20.09, nixos-20.09.1599.d105075a1fd, unstable-21.03pre249162.1dc37370c48"`
warning: unknown setting 'extra-sandbox-paths'
 - channels(mudrii): `""`
warning: unknown setting 'extra-sandbox-paths'
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`

Maintainer information:

# a list of nixpkgs attributes affected by the problem
attribute:
# a list of nixos modules affected by the problem
module:

[mudrii]

I think I find the issue

Seems is related to nixFlakes entry in configuration.nix

    nix.package = pkgs.nixFlakes;
    nix.extraOptions = ''
      experimental-features = nix-command flakes 
      '';

[nixos-discourse]

This issue has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/warning-unknown-setting-extra-sandbox-paths/9836/2

[manveru]

This most likely is from https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/misc/nix-daemon.nix#L43 and caused by NixOS/nix@ff4dea6

[mudrii]

If I use

nix. package = pkgs.nixUnstable;

I can't run even basic nix expressions

nix eval '(1 + 1)'
warning: unknown setting 'extra-sandbox-paths'
error: --- BadURL ---------------------------------------------------------------------- nix
'(1 + 1)' is not a valid URL

[manveru]

that would be nix eval --expr '(1+1)' and is unrelated.

[vikanezrimaya]

Oh no! It seems like this breaks boot.binfmt.emulatedSystems support for building Nix packages! I have pushed a preliminary fix for it on my own fork, but it needs to be gated behind a version check, and I'm not sure how to do that.

There is also a branch that tracks nixos-unstable with the fix cherry-picked called unstable-fix-sandbox-paths.

[leotaku]

@kisik21 Do you mean a check for the Nix version? If so, the file in question already seems to have those in a few places. (here)

Maybe something like this could work? (simplified)

let
  sandboxSetting = if versionAtLeast nixVersion "???" then
    "sandbox-paths"
  else
    "extra-sandbox-paths";
in pkgs.writeFile "nix.conf" ''
  ...
  ${sandboxSetting} = ${toString cfg.sandboxPaths}
  ...
''

EDIT: It seems like having sandbox-paths in your nix.conf also overrides some important default settings, so this won't work reliably. However, extra-sandbox-paths no longer working seems to have been caused by a bug which has already been fixed on Nix master. (Confirmed here by Eelco Dolstra himself.)

[vikanezrimaya]

@leotaku great! ✨ when will it drip down to nixpkgs master and then nixos-unstable?

[leotaku]

@kisik21 From what I understand, the changes from Nix master trickle down into the nixUnstable package like any other upstream package would. As such, it seems hard to give any useful estimate.

Currently, a PR for upgrading nixUnstable seems to be blocked by incompatibilities with Hydra, so it might take a while.

[vikanezrimaya]

{ pkgs, ... }: {
  nix.sandboxPaths = ["/bin/sh=${pkgs.busybox-sandbox-shell}/bin/busybox"];
}

This could help you if you use my fork branch and accidentally override your nix.conf's default sandbox path and break your system building process.

[stale]

I marked this as stale due to inactivity. → More info

[vikanezrimaya]

I hope we can close it as solved since multiple overlapping attempts (sometimes unsuccessful, like mine) to fix this issue happened and one of them got into the main branch.