Docker "copy-on-write (CoW)" strategy

Question

I was reading about Docker and I read something I do not understand as well. The copy-on-write (CoW) strategy I know what it means in general but

1: What does this mean in Docker?

2: Why is this used in Docker?

Answer 1

copy-on-write (CoW) strategy

• Most union filesystems use something called copy-on-write, which is easier to understand if you think of it as copy-on-change.

• When a file in a read-only layer (not the top layer) is modified, the whole file is first copied from the read-only layer into the writable layer before the change is made.

• This has a negative impact on runtime performance and image size.

What does it's mean in Docker?

Let's use ubuntu:latest image and do a couple of operations on it.

Layer 1:

docker container run --name mod_ubuntu ubuntu:latest touch /mychange

docker container diff mod_ubuntu # to get the diff from a base image

This command will produce the output:

A /mychange

Layer 2:

docker container run --name mod_busybox_delete busybox:latest rm /etc/passwd

docker container diff mod_busybox_delete

This time, the output will have two rows:

C /etc
D /etc/passwd

Layer 3:

docker container run --name mod_busybox_change busybox:latest touch /etc/passwd

docker container diff mod_busybox_change

The diff subcommand will show two changes:

C /etc
C /etc/passwd

It's not the exact image(delete operation is missing). Just to show the concept of it. One can add the respective operation and can relate.

---

Note: When you look at the Image, do look from Top view.

Note: Changes to filesystem attributes such as file ownership and permissions are recorded in the same way as changes to files. Be careful when modifying filesystem attributes on large numbers of files, as those files will likely be copied into the layer performing the change.