Does each layer in docker container filesystem contain the full filesystem or only the changed ones?

An instruction from Dockerfile may create a new layer in the filesystem for the image. So does each layer created by the instructions from Dockerfile contain the copy of the previous layer plus the changes or only the changes from the previous layer?

In the documentation, I found this.

Each layer is only a set of differences from the layer before it.

[Updated]
I also found this.

This Dockerfile contains four commands. Commands that modify the filesystem create a layer. The FROM statement starts out by creating a layer from the ubuntu:22.04 image. The LABEL command only modifies the image’s metadata, and doesn’t produce a new layer. The COPY command adds some files from your Docker client’s current directory. The first RUN command builds your application using the make command, and writes the result to a new layer. The second RUN command removes a cache directory, and writes the result to a new layer. Finally, the CMD instruction specifies what command to run within the container, which only modifies the image’s metadata, which doesn’t produce an image layer.

I used a tool called dive to inspect the image’s layers

1 Like

It seems you found the exact answer to your question then…
Each layer contains only what’s added in that layer

Images are built from all those layers stacked atop each other

That is why removing files in a later layer than the one they were added on does not reduce any space

For example:

# Bad
RUN apt-get install some-package
RUN rm -rf /var/log/apt/
    # Files still exist in previous layer

# Good
RUN apt-get install some-package \
    && rm -rf /var/log/apt/
2 Likes

I also found this from in documentation.

This Dockerfile contains four commands. Commands that modify the filesystem create a layer. The FROM statement starts out by creating a layer from the ubuntu:22.04 image. The LABEL command only modifies the image’s metadata, and doesn’t produce a new layer. The COPY command adds some files from your Docker client’s current directory. The first RUN command builds your application using the make command, and writes the result to a new layer. The second RUN command removes a cache directory, and writes the result to a new layer. Finally, the CMD instruction specifies what command to run within the container, which only modifies the image’s metadata, which doesn’t produce an image layer.

I used a tool called dive to inspect each layer of the image. And each layer has the previous layer’s contents.

When using Dive, by default you see the image as it looks after adding each layer.

Green files were added in that layer, yellows modified, reds deleted and whites unchanged

You can press CTRL+U to show only the files added/removed/modified by that layer

1 Like

Thank you for taking your time explaining me.

You’re welcome, have a nice weekend :slight_smile:

1 Like