Cloning builder process: Operation not permitted when using Nix (under Linux) update channel

Following the suggestion in this comment resolves the problem:

sysctl kernel.unprivileged_userns_clone=1

Nix uses quite a lot of flags for the clone, mainly to detach some linux namespaces. I expect your system doesn't support some of these for unprivileged processes. IIRC some distros chose that because of security concerns.