nixos: rename chroot* to sandbox*

On Nix side this was done months ago:
https://github.com/NixOS/nix/pull/682

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,6 +1,6 @@
 ###### Things done
 
-- [ ] Tested using sandboxing (`nix-build --option build-use-chroot true` or [nix.useChroot](http://nixos.org/nixos/manual/options.html#opt-nix.useChroot) on NixOS)
+- [ ] Tested using sandboxing (`nix-build --option build-use-sandbox true` or [nix.useSandbox](http://nixos.org/nixos/manual/options.html#opt-nix.useSandbox) on NixOS)
 - Built on platform(s)
    - [ ] NixOS
    - [ ] OS X

nixos/modules/rename.nix

@@ -68,6 +68,10 @@ with lib;
     # proxy
     (mkRenamedOptionModule [ "nix" "proxy" ] [ "networking" "proxy" "default" ])
 
+    # sandboxing
+    (mkRenamedOptionModule [ "nix" "useChroot" ] [ "nix" "useSandbox" ])
+    (mkRenamedOptionModule [ "nix" "chrootDirs" ] [ "nix" "sandboxPaths" ])
+
     # KDE
     (mkRenamedOptionModule [ "kde" "extraPackages" ] [ "environment" "systemPackages" ])
     (mkRenamedOptionModule [ "environment" "kdePackages" ] [ "environment" "systemPackages" ])

nixos/modules/services/misc/nix-daemon.nix

@@ -24,8 +24,8 @@ let
 
   nixConf =
     let
-      # If we're using a chroot for builds, then provide /bin/sh in
+      # If we're using sandbox for builds, then provide /bin/sh in
-      # the chroot as a bind-mount to bash. This means we also need to
+      # the sandbox as a bind-mount to bash. This means we also need to
       # include the entire closure of bash.
       sh = pkgs.stdenv.shell;
       binshDeps = pkgs.writeReferencesToFile sh;
@@ -39,8 +39,8 @@ let
         build-users-group = nixbld
         build-max-jobs = ${toString (cfg.maxJobs)}
         build-cores = ${toString (cfg.buildCores)}
-        build-use-chroot = ${if (builtins.isBool cfg.useChroot) then (if cfg.useChroot then "true" else "false") else cfg.useChroot}
+        build-use-sandbox = ${if (builtins.isBool cfg.useSandbox) then (if cfg.useSandbox then "true" else "false") else cfg.useSandbox}
-        build-chroot-dirs = ${toString cfg.chrootDirs} /bin/sh=${sh} $(echo $extraPaths)
+        build-sandbox-paths = ${toString cfg.sandboxPaths} /bin/sh=${sh} $(echo $extraPaths)
         binary-caches = ${toString cfg.binaryCaches}
         trusted-binary-caches = ${toString cfg.trustedBinaryCaches}
         binary-cache-public-keys = ${toString cfg.binaryCachePublicKeys}
@@ -98,25 +98,25 @@ in
         '';
       };
 
-      useChroot = mkOption {
+      useSandbox = mkOption {
         type = types.either types.bool (types.enum ["relaxed"]);
         default = false;
         description = "
-          If set, Nix will perform builds in a chroot-environment that it
+          If set, Nix will perform builds in a sandboxed environment that it
           will set up automatically for each build.  This prevents
           impurities in builds by disallowing access to dependencies
           outside of the Nix store.
         ";
       };
 
-      chrootDirs = mkOption {
+      sandboxPaths = mkOption {
         type = types.listOf types.str;
         default = [];
         example = [ "/dev" "/proc" ];
         description =
           ''
             Directories from the host filesystem to be included
-            in the chroot.
+            in the sandbox.
           '';
       };