The Nix daemon itself still uses root at build/install time for now. NixOS doesn't have any built-in sandboxing for running applications à la Docker, though it does have AppArmor support. But then, NixOS doesn't generally have applications run as root (containerized or otherwise), unlike Docker.
The Nix daemon itself still uses root at build/install time for now. NixOS doesn't have any built-in sandboxing for running applications à la Docker, though it does have AppArmor support. But then, NixOS doesn't generally have applications run as root (containerized or otherwise), unlike Docker.