diff --git a/src/libstore/build/local-derivation-goal.cc b/src/libstore/build/local-derivation-goal.cc
index bea5a6040..d1eeb58de 100644
--- a/src/libstore/build/local-derivation-goal.cc
+++ b/src/libstore/build/local-derivation-goal.cc
@@ -480,13 +480,16 @@ void LocalDerivationGoal::startBuilder()
     additionalSandboxProfile = parsedDrv->getStringAttr("__sandboxProfile").value_or("");
 #endif
 
-    /* Create a temporary directory where the build will take place.
-     * That directory is wrapped into a restricted daemon-owned one to make sure
-     * that the builder can't open its build directory to the world.
-     * */
-    auto parentTmpDir = createTempDir("", "nix-build-" + std::string(drvPath.name()), false, false, 0700);
-    tmpDir = parentTmpDir + "/build";
-    createDir(tmpDir, 0700);
+    /* Create a temporary directory where the build will take
+       place. */
+    tmpDir = createTempDir("", "nix-build-" + std::string(drvPath.name()), false, false, 0700);
+    if (useChroot) {
+        /* If sandboxing is enabled, put the actual TMPDIR underneath
+           an inaccessible root-owned directory, to prevent outside
+           access. */
+        tmpDir = tmpDir + "/build";
+        createDir(tmpDir, 0700);
+    }
     chownToBuilder(tmpDir);
 
     for (auto & [outputName, status] : initialOutputs) {