1 files changed, 37 insertions, 0 deletions

diff --git a/doc/builders/images/ocitools.section.md b/doc/builders/images/ocitools.section.md
new file mode 100644
index 00000000000..d3dee57ebac
--- /dev/null
+++ b/doc/builders/images/ocitools.section.md
@@ -0,0 +1,37 @@
+# pkgs.ociTools {#sec-pkgs-ociTools}
+
+`pkgs.ociTools` is a set of functions for creating containers according to the [OCI container specification v1.0.0](https://github.com/opencontainers/runtime-spec). Beyond that it makes no assumptions about the container runner you choose to use to run the created container.
+
+## buildContainer {#ssec-pkgs-ociTools-buildContainer}
+
+This function creates a simple OCI container that runs a single command inside of it. An OCI container consists of a `config.json` and a rootfs directory.The nix store of the container will contain all referenced dependencies of the given command.
+
+The parameters of `buildContainer` with an example value are described below:
+
+```nix
+buildContainer {
+  args = [
+    (with pkgs;
+      writeScript "run.sh" ''
+        #!${bash}/bin/bash
+        exec ${bash}/bin/bash
+      '').outPath
+  ];
+
+  mounts = {
+    "/data" = {
+      type = "none";
+      source = "/var/lib/mydata";
+      options = [ "bind" ];
+    };
+  };
+
+  readonly = false;
+}
+```
+
+- `args` specifies a set of arguments to run inside the container. This is the only required argument for `buildContainer`. All referenced packages inside the derivation will be made available inside the container
+
+- `mounts` specifies additional mount points chosen by the user. By default only a minimal set of necessary filesystems are mounted into the container (e.g procfs, cgroupfs)
+
+- `readonly` makes the container\'s rootfs read-only if it is set to true. The default value is false `false`.