free webpage hit counter

How to check for changes to a Docker container’s filesystem

Docker logo

Docker containers inherit their image filesystem after initial creation. Changes to the container’s writable layer may cause the container’s filesystem to differ from the image content after creation.

The ability to review changes to the filesystem helps you debug problems and investigate missing data. Files written to the container’s filesystem are lost when the container is restarted or destroyed. In some cases you may be managing to write deliberately, instead of directing to a continuous volume.

In this article, we share some techniques for identifying modifications made to container filesystems. You can use this information to track container activity and investigate differences between different environments.

Using docker diff

Docker CLI has a built-in command for this purpose. is running docker diff Counts all changes made to files and directories in a given container. It accepts the id or name of the container you want to check.

Start a simple container for demonstration purposes:

$ docker run -it --name alpine alpine:latest sh

This will start a new container running the Alpine image. Your terminal window will be attached to the container. Keep this window open.

run now docker diff In the second terminal session:

$ docker diff alpine

No output is produced because the fresh container still exactly matches the Alpine image’s filesystem.

Return to your first terminal still attached to the container. Run some commands that add, delete or replace files:

/ # touch demo
/ # touch example

Return to your first shell window. Repeat docker diff Command to see the changes made:

$ docker diff alpine
A /example
C /root
C /root/.ash_history
A /demo

Now two new files will appear in the output of the command. is running touch Also adds entries to the container’s shell history. Change to /root/.ash_history has also been reported, and has changed as a result /root directory.

Defining docker diff output

Every line of production docker diff is prefixed by one A, C Or D Depending on the type of change that has occurred:

  • A – A file or directory is added to the container’s filesystem. It does not exist in the original film.
  • C – The content of the file or directory differs from the version in the image.
  • D – The path in the image is deleted from the container.

This information enables you to quickly find discrepancies that explain missing data or unexpected behavior.

Any filesystem changes not shown in the output affect the paths mapped to the Docker volume. These files are stored outside the container independently of its filesystem, so they are not overhead. docker diff .

Viewing content in original image

It can be helpful to compare the file version included in the original image. You can do this by creating a new container and then copying the file. use docker create Instead docker run So the container is created but not started. This ensures that modifications caused by the image entrypoint script do not affect the result.

$ docker create --name temp-container my-image:latest
$ docker cp temp-container:/path/to/file copied-file
$ docker rm temp-container

An alternative way is to run a container with a custom entrypoint that emits the file’s content to a standard output stream. add --rm flag so that the container is automatically removed after the command completes:

$ docker run --rm --entrypoint cat alpine:latest /path/to/file > copied-file

Comparing differences between two containers

Sometimes you may need to compare the difference between two different containers running the same image. First use docker diff To get individual change lists:

$ docker diff first-container > first
$ docker diff second-container > second

Now you can use standard Unix tools diff Command to find differences in two change lists:

diff first second
< A /a-new-file
> A /demo

The difference shows that /a-new-file Removed in second vessel /demo added.

Another way to compare containers is to use docker export And the tar command to access the comprehensive file list:

$ docker export demo-container | tar tv
-rwxr-xr-x 0/0               0 2022-06-21 14:21 .dockerenv
drwxr-xr-x 0/0               0 2022-05-23 17:51 bin/
lrwxrwxrwx 0/0               0 2022-05-23 17:51 bin/arch -> /bin/busybox
lrwxrwxrwx 0/0               0 2022-05-23 17:51 bin/ash -> /bin/busybox
lrwxrwxrwx 0/0               0 2022-05-23 17:51 bin/base64 -> /bin/busybox
lrwxrwxrwx 0/0               0 2022-05-23 17:51 bin/bbconfig -> /bin/busybox

Repeat this command for both your containers. Then you can use diff To compare two lists. Tor’s enhanced output helps you track when files have been changed by displaying modification times and permissions.


The filesystems of Docker containers should resemble the image they are created from. Differences can occur when software in a container writes content directly to the filesystem. Users can be another source of variation, such as mechanisms docker exec Used to run commands in a running container.

The docker diff The utility provides a convenient way to view these changes. Although you can’t see why a file was added or removed, the ability to retrieve a list of modifications is invaluable in understanding why a particular behavior is being observed.

In this article we focus on reviewing changes made to running containers. You can use different tools docker history And dive in to check the changes made to the layers inside the Docker image. The two methods can be used together, allowing you to work out the exact point at which a file was added or modified in the container’s layer stack.

Leave a Reply

Your email address will not be published.

Previous post LH native performs with chart-topping musician, other artists at the festival | News, Sport, Work
Next post The dangers of cell phone SIM card swapping and how to protect yourself