The docker container is simply a run time copy of a docker image resources, The docker container utilizes the filesystem structure originally packed into it via the union filesystem packaged from various image layers during the docker image creation.
The docker provides a standard diff command which compares the filesystem data in docker image with the container.
Syntax:
# docker diff [CONTAINER ID | CONTAINER NAME]
Before jumping in lets examine a docker container below and take a look at filesystem by logging into it.
root@node03:~# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e3de85aaf61c 9a0b6e4f0956 "sh" 2 months ago Up 3 minutes jovial_hertz
We have a running container with a random name jovial_hertz, and we login to the container as follows
root@node03:~# docker exec -it jovial_hertz bash
We are now inside the container and now will create a directory linuxcent
and the also create a ASCII text file test
and then exit out from the container.
root@e3de85aaf61c:~# mkdir linuxcent root@e3de85aaf61c:~# cd linuxcent root@e3de85aaf61c:~# touch test root@e3de85aaf61c:~# exit
Created a directory called linuxcent and a touched a test file and now logged out from the container with the exit command.
The docker diff
command will run against the container should result in the modified data and we contemplate the results
root@node03:~# docker diff jovial_hertz C /root A /root/linuxcent A /root/linuxcent/test C /root/.bash_history
The Flags A in front of /root/linuxcent
and /root/linuxcent/test
indicate that these are directory and file that were the new additions to the container and Flag C indicates that the other 2 files were changed.
Thus it helps us to compare and contrast the new changes to a container filesystem for better auditing.