Sandbox: Where does /bin/sh come from?

blitz · February 11, 2025, 9:45pm

I have a question about the Nix sandbox. In this simple derivation, there are no dependencies yet the sandbox does contain a /bin/sh. Where does it come from?

builtins.derivation {
   name = "simple";
   builder = "/bin/sh";
   args = [ "-c" "echo 1 > $out" ];
   system = "x86_64-linux";
}

waffle8946 · February 11, 2025, 9:55pm

https://nix.dev/manual/nix/2.24/release-notes/rl-2.0

In Linux sandbox builds, we now provide a default /bin/sh (namely ash from BusyBox).