Docker containers get their image’s filesystem upon initial build. If changes are made to the container, the file system of the container may be different from the contents of the image after creation. writable layer,

The ability to observe changes to the filesystem can help you debug issues and check for missing data. Files written to the container’s file system will be lost when the container is restarted or destroyed. In some cases you may unintentionally make writings that must be directed continuously amount rather than.

In this article, we will share some techniques to identify the modifications made to the container file system. You can use this information to track container activity and check for discrepancies between different environments.

using docker diff

There is a built-in command in the Docker CLI for this purpose. run docker diff Will enumerate all changes made to files and directories in a particular container. It accepts the ID or name of the container you want to inspect.

Start a simple container for demonstration purposes:

$ docker run -it --name alpine alpine:latest sh

This will start a new container running the Alpine image. Your terminal window will be attached to the container. Keep this window open.

run now docker diff In another terminal session:

$ docker diff alpine

No output is produced because the fresh container still matches the alpine image’s filesystem exactly.

Switch back to your first terminal that is still connected to the container. Run a few commands to add, remove, or replace files:

/ # touch demo
/ # touch example

Return to your first shell window. repeat docker diff Command to see the changes made:

$ docker diff alpine
A /example
C /root
C /root/.ash_history
A /demo

Now two new files are visible in the output of the command. run touch Entries were also added to the container’s shell history. to amend /root/.ash_history are also reported, as well as the resulting changes /root directory.

interpreting docker diff output

each line of production produced by docker diff either prefixed by A, C either D Depends on the type of change occurring:

• A The file or directory has been added to the container’s file system. It is not present in the original image.
• C – The content of the file or directory varies with the version of the image.
• D – The path in the image has been removed from the container.

This information enables you to quickly spot anomalies that may explain missing data or unexpected behavior.

Any filesystem changes that are not visible in the output will affect paths that are mapped to a Docker volume. These files are stored outside the container, independently of its filesystem, so they are not exposed by docker diff ,

View content in original image

It might be helpful to compare the included file version to the original image. You can do this by creating a new container and then copying the file. use docker create Instead docker run So the container is created but not started. This will ensure that modifications caused by the script’s entry point to the image do not affect the result.

$ docker create --name temp-container my-image:latest
$ docker cp temp-container:/path/to/file copied-file
$ docker rm temp-container

An alternative approach is to run the container with a custom entrypoint that emits the contents of the file to the standard output stream. include --rm Flag so that the container is automatically removed after the command completes:

$ docker run --rm --entrypoint cat alpine:latest /path/to/file > copied-file

Comparing the difference between two containers

Sometimes you may need to compare the difference between two different containers running the same image. first use docker diff To get personal change lists:

$ docker diff first-container > first
$ docker diff second-container > second

Now you can use standard Unix tools such as diff Command to find difference in two change lists:

diff first second
3c3
< A /a-new-file
---
> A /demo

The difference shows that /a-new-file has been removed in another container /demo has been added.

Another way to compare containers is to use docker export and the tar command to access a comprehensive file list:

$ docker export demo-container | tar tv
-rwxr-xr-x 0/0               0 2022-06-21 14:21 .dockerenv
drwxr-xr-x 0/0               0 2022-05-23 17:51 bin/
lrwxrwxrwx 0/0               0 2022-05-23 17:51 bin/arch -> /bin/busybox
lrwxrwxrwx 0/0               0 2022-05-23 17:51 bin/ash -> /bin/busybox
lrwxrwxrwx 0/0               0 2022-05-23 17:51 bin/base64 -> /bin/busybox
lrwxrwxrwx 0/0               0 2022-05-23 17:51 bin/bbconfig -> /bin/busybox
...

Repeat this command for both your containers. then you can use diff To compare two lists. The enhanced output of tar can help you keep track of when files have changed when the modification times and permissions are displayed.

summary

The file system of Docker containers must be identical to the image from which they were created. Discrepancies can occur when software within the container writes content directly to the file system. Users can be another source of difference when systems such as docker exec Used to run commands within a running container.

docker diff The utility provides a convenient way to view these changes. Although you cannot see why a file was added or removed, the ability to retrieve a list of revisions can be invaluable in understanding why particular behavior is being observed.

In this article we focused on checking the changes made to the running containers. You can use various tools such as docker history and dive To inspect the changes made to the layers within the Docker image. The two approaches can be used in tandem, allowing you to work out the exact point that a file was added or modified within a container’s layer stack.