Menu
The docker documentation says that you can build this minimal image:
FROM scratch
ADD hello /
CMD ["/hello"]
Presumably the way this works is that the CMD step is using the default shell (that is, bin/sh, per https://stackoverflow.com/a/21564990/10900852) to run the hello executable.
But if SCRATCH is really entirely empty, where is bin/sh coming from? Why does my image contain a shell?
690
asked Oct 18 '25 03:10
A container built from scratch does NOT have anything inside at the beginning, so your image contains no /bin/sh.
However, there are two formats of CMD which matters here:
CMD ["/hello"]
CMD /hello
The first format specifies a full command and is called directly via execve(2). The actual process executed is as exactly as ["/hello"] (i.e. argc == 1)
The second format specifies a "entrypoint parameter" and is passed as a single argument to entrypoint, so Docker will attempt to run ["/bin/sh", "-c", "/hello"] with argc == 3 and fail.
You can replace the CMD line with CMD /hello and observe it for yourself.
121
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
