dockerTools: Keep fakechroot disabled by default

Avoid risk of breaking existing images by making it opt-in.

2 files changed, 3 insertions, 1 deletions

diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix
index a6d3109bf6d..9a20df57777 100644
--- a/pkgs/build-support/docker/default.nix
+++ b/pkgs/build-support/docker/default.nix
@@ -818,7 +818,8 @@ rec {
       fakeRootCommands ? ""
     , # Whether to run fakeRootCommands in fakechroot as well, so that they
       # appear to run inside the image, but have access to the normal Nix store.
-      enableFakechroot ? pkgs.stdenv.buildPlatform.isLinux
+      # Perhaps this could be enabled on by default on pkgs.stdenv.buildPlatform.isLinux
+      enableFakechroot ? false
     , # We pick 100 to ensure there is plenty of room for extension. I
       # believe the actual maximum is 128.
       maxLayers ? 100
diff --git a/pkgs/build-support/docker/examples.nix b/pkgs/build-support/docker/examples.nix
index 28b26be1f8a..f2d4f809ae4 100644
--- a/pkgs/build-support/docker/examples.nix
+++ b/pkgs/build-support/docker/examples.nix
@@ -566,6 +566,7 @@ rec {
     name = "image-via-fake-chroot";
     tag = "latest";
     config.Cmd = [ "hello" ];
+    enableFakechroot = true;
     # Crucially, instead of a relative path, this creates /bin, which is
     # intercepted by fakechroot.
     # This functionality is not available on darwin as of 2021.