diff --git a/pkgs/tools/security/nsjail/default.nix b/pkgs/tools/security/nsjail/default.nix
new file mode 100644
index 00000000000..f2ec3af139f
--- /dev/null
+++ b/pkgs/tools/security/nsjail/default.nix
@@ -0,0 +1,30 @@
+{ stdenv, fetchgit }:
+
+stdenv.mkDerivation rec {
+  name = "nsjail-git-2015-08-10";
+
+  src = fetchgit {
+    url = https://github.com/google/nsjail;
+    rev = "8b951e6c2827386786cde4a124cd1846d25b9404";
+    sha256 = "b3b863423cc676111d2d1afbac524eee6fa824588cafccb7c42ff470508a13b1";
+  };
+
+  installPhase = ''
+    mkdir -p $out/bin
+    cp nsjail $out/bin
+  '';
+
+  meta = {
+    description = ''
+      A light-weight process isolation tool, making use of Linux namespaces
+      and seccomp-bpf syscall filters
+      '';
+    homepage = http://google.github.io/nsjail;
+
+    license = stdenv.lib.licenses.apsl20;
+
+    maintainers = [ stdenv.lib.maintainers.bosu ];
+
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index f3e5d961dbd..4cbc36213d2 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -2417,6 +2417,8 @@ let
     pythonPackages = python3Packages;
   };
 
+  nsjail = callPackage ../tools/security/nsjail {};
+
   nss_pam_ldapd = callPackage ../tools/networking/nss-pam-ldapd {};
 
   ntfs3g = callPackage ../tools/filesystems/ntfs-3g { };