Unable to install or update packages in nixos-25.05 container

v.k · July 5, 2025, 5:55pm

I am running
Client version: 6.11
Server version: 6.11

All settings/configuration are left as default. (Network/storage) I can also verify network connectivity.

Kernel:
6.15.4-061504-generic #202506271452 SMP PREEMPT_DYNAMIC Fri Jun 27 19:59:22 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

container instance launch:

incus launch images:nixos/25.05

When installing vim package by adding

environment.systemPackages = [
    pkgs.vim
  ];

[root@nixos:~]# sudo nix-channel --list
nixos https://nixos.org/channels/nixos-25.05

[root@nixos:~]# sudo nix-channel --update
unpacking 1 channels...
error: this system does not support the kernel namespaces that are required for sandboxing; use '--no-sandbox' to disable sandboxing
error: program '/nix/store/q7v3i9ii8mp6pjasxwip4ybq79hzxj1q-nix-2.28.4/bin/nix-env' failed with exit code 1

[root@nixos:~]# nixos-rebuild switch
warning: Nix search path entry 'nixpkgs=channel:nixos-25.05' does not exist, ignoring
error:
       … while calling the 'import' builtin
         at «string»:1:6:
            1| with import <nixpkgs/nixos> {}; config.system.build.nixos-rebuild
             |      ^

       … while realising the context of a path

       … while calling the 'findFile' builtin
         at «string»:1:13:
            1| with import <nixpkgs/nixos> {}; config.system.build.nixos-rebuild
             |             ^

       error: file 'nixpkgs/nixos' was not found in the Nix search path (add it using $NIX_PATH or -I)
building Nix...
warning: Nix search path entry 'nixpkgs=channel:nixos-25.05' does not exist, ignoring
error: file 'nixpkgs/nixos' was not found in the Nix search path (add it using $NIX_PATH or -I)
warning: Nix search path entry 'nixpkgs=channel:nixos-25.05' does not exist, ignoring
error: file 'nixpkgs' was not found in the Nix search path (add it using $NIX_PATH or -I)
warning: Nix search path entry 'nixpkgs=channel:nixos-25.05' does not exist, ignoring
error: file 'nixpkgs/nixos/modules/installer/tools/nix-fallback-paths.nix' was not found in the Nix search path (add it using $NIX_PATH or -I)
/tmp/nixos-rebuild.jTn3cc/nix
warning: Nix search path entry 'nixpkgs=channel:nixos-25.05' does not exist, ignoring
error: file 'nixpkgs' was not found in the Nix search path (add it using $NIX_PATH or -I)
building the system configuration...
warning: Nix search path entry 'nixpkgs=channel:nixos-25.05' does not exist, ignoring
error: file 'nixpkgs/nixos' was not found in the Nix search path (add it using $NIX_PATH or -I)

I am looking forward to using Nix with Incus and appreciate any help the community can provide.

simos · July 5, 2025, 8:08pm

Hi!

When you use namespaces in Linux, the default is to not permit the nesting of namespaces. That is, to be able to use namespaces if they are already being used (in an outer layer).

Incus uses namespaces, and Nix uses namespaces. Therefore, you need to instruct Incus to permit the use of namespaces in that specific Nixos container. If you were to use a VM for Nixos, then it would work just fine because it is not restricted by namespaces (VMs use hardware virtualization while containers use Linux kernel (software) features like namespaces, cgroups, etc).

Let’s see in practice.

$ incus launch images:nixos/25.05 nixos
Launching nixos
$ incus shell nixos             

[root@nixos:~]# nix-channel --list
nixos https://nixos.org/channels/nixos-25.05

[root@nixos:~]# nix-channel --update
unpacking 1 channels...
error: this system does not support the kernel namespaces that are required for sandboxing; use '--no-sandbox' to disable sandboxing
error: program '/nix/store/q7v3i9ii8mp6pjasxwip4ybq79hzxj1q-nix-2.28.4/bin/nix-env' failed with exit code 1

[root@nixos:~]# logout
$ incus delete --force nixos
$ incus launch images:nixos/25.05 nixos -c security.nesting=true
Launching nixos
$ incus shell nixos

[root@nixos:~]# nix-channel --update
unpacking 1 channels...

[root@nixos:~]#

Then,

[root@nixos:/etc/nixos]# nix-env -iA nixos.vim
installing 'vim-9.1.1336'
these 2 paths will be fetched (8.62 MiB download, 42.24 MiB unpacked):
  /nix/store/f8c58j75l0csizf31nlww3mxzsiq7bzq-vim-9.1.1336
  /nix/store/4yvwrzq78lcqb1rg1vlbgbbhvki4887n-vim-9.1.1336-xxd
copying path '/nix/store/f8c58j75l0csizf31nlww3mxzsiq7bzq-vim-9.1.1336' from 'https://cache.nixos.org'...
copying path '/nix/store/4yvwrzq78lcqb1rg1vlbgbbhvki4887n-vim-9.1.1336-xxd' from 'https://cache.nixos.org'...
building '/nix/store/zwzzrgf685iq8br6myqf13a90dqkghmf-user-environment.drv'...

[root@nixos:/etc/nixos]# vim --version
VIM - Vi IMproved 9.1 (2024 Jan 02, compiled Jan 01 1980 00:00:00)
Included patches: 1-1336
Compiled by nixbld
...

v.k · July 6, 2025, 4:41pm

Appreciate the detailed steps. Hope you have a great day.

adamcstephens · July 6, 2025, 5:28pm

This is a great explanation. Thanks!