Understanding Docker Images, Containers, and Commands

Image Definition

An Docker image is a stack of read‑only layers presented as a unified view; the union file system merges these layers into a single filesystem that hides the underlying multiple layers from the user.

The layers are stored on the host under /var/lib/docker/aufs (or similar directories), and each layer has a pointer to its parent.

Container Definition

A container is essentially the same stack of layers as an image, but with an additional topmost read‑write layer that allows modifications.

Thus, container = image + writable layer , and the definition does not depend on whether the container is running.

Running Container Definition

A running container combines the writable layer with an isolated process space and the processes running inside it.

File system isolation lets processes modify files in the writable layer, which are persisted only within that layer.

Image Layer Definition

Each image layer contains not only filesystem changes but also metadata (e.g., parent‑layer information, creation timestamps). Metadata for a layer is stored in a JSON file under paths such as /var/lib/docker/graph/ /json .

Tying It All Together

Understanding these implementation details clarifies how Docker commands work.

docker create

Creates a new container from a specified image by adding a writable layer; the container is not started.

docker start

Creates an isolated process space for a stopped container and starts it.

docker run

Combines docker create and docker start : it creates a container from an image and immediately runs it.

docker ps

Lists all running containers. Use docker ps -a to see both running and stopped containers.

docker images

Shows top‑level images (the images that can be used to create containers). docker images -a lists all layers, effectively all read‑only layers.

docker stop

Sends a SIGTERM signal to the processes in a running container, allowing graceful shutdown.

docker kill

Sends a SIGKILL signal to immediately terminate all processes in a container.

docker pause

Uses cgroups to suspend the container's processes (similar to sending SIGTSTP).

docker rm

Removes the writable layer of a stopped container.

docker rmi

Removes an image layer; only top‑level layers can be removed directly unless forced with -f .

docker commit

Converts a container's writable layer into a new read‑only image layer.

docker build

Executes a Dockerfile by repeatedly running docker create , modifying the filesystem, and docker commit , creating a new layer for each step.

docker exec

Runs a new process inside a running container.

docker inspect

Extracts the top‑level metadata of a container or image.

docker save

Creates a tar archive of an image, preserving all layers and their metadata for transfer to another host.

docker export

Creates a tar archive of a container's filesystem only, discarding metadata and flattening layers.

docker history

Recursively lists the history of an image's layers.

Example Commands

List Docker's storage directories:

/var/lib/docker/

Run a container and create a file:

docker run ubuntu touch happiness.txt.

Find the created file on the host:

/var/lib/docker/aufs/diff/860a7b.../happiness.txt

These examples demonstrate how changes made inside a container are reflected in the host's union file system.