nix 2.6 breaks restrict-eval when relying on NIX_PATH

[Mic92]

Describe the bug

Before it was possible to restrict the nix path like this:

~/git/nix/result/bin/nix-env -f . -qa \* --meta --xml --option restrict-eval true --option allow-import-from-derivation true --drv-path --show-trace -I nixpkgs=$(nix-instantiate --find-file nixpkgs) -I $(pwd)

Now it throws this error:

warning: Nix search path entry '/home/joerg/.nix-defexpr/channels' does not exist, ignoring
error: access to absolute path '/home/joerg/.nix-defexpr/channels' is forbidden in restricted mode

       … while realising the context of path '/home/joerg/.nix-defexpr/channels'

       at /home/joerg/git/nur-packages-template/default.nix:9:17:

            8|
            9| { pkgs ? import <nixpkgs> { } }:
             |                 ^
           10|

       … while realising the context of a path

       at /home/joerg/git/nur-packages-template/default.nix:9:10:

            8|
            9| { pkgs ? import <nixpkgs> { } }:
             |          ^
           10|

also see this CI error: https://github.com/nix-community/nur-packages-template/runs/4933350451?check_suite_focus=true#step:6:12

Steps To Reproduce

$ git clone https://github.com/nix-community/nur-packages-template
$ nix-env -f . -qa \* --meta --xml --option restrict-eval true --option allow-import-from-derivation true --drv-path --show-trace -I nixpkgs=$(nix-instantiate --find-file nixpkgs) -I $(pwd)

Expected behavior

A way to test if a nix file is only importing from allowed paths. We rely on this in both ofborg and NUR

** tested on master 0a70b37

[thufschmitt]

Didn’t try it, but I suspect it’s due to cbbd21e where I had to do some wonky stuff for <foo> to work properly

[Mic92]

Fixed in #6001