# Docker Union Filesystem Simulation with Overlayfs in Linux

## Inspect Docker filesystem

Inspect a docker container image file graph with a following command

In [36]:
docker inspect portainer | jq '.[0].GraphDriver'

[1;39m{
  [0m[34;1m"Data"[0m[1;39m: [0m[1;39m{
    [0m[34;1m"LowerDir"[0m[1;39m: [0m[0;32m"/var/lib/docker/overlay2/c1b3e76503a158e0b5bbfceee8e39b9e0baed0d350ffbdf4d1ac7a56f87ab896-init/diff:/var/lib/docker/overlay2/cefc1ec6c053dd7219a84a20e7e0ed17e3c8c6c571c928779f141813b0be916d/diff:/var/lib/docker/overlay2/bd0c77175bb069c25d0be4067d38e73a68e0b4931972f5cd3bf3ec8ec09ed489/diff"[0m[1;39m,
    [0m[34;1m"MergedDir"[0m[1;39m: [0m[0;32m"/var/lib/docker/overlay2/c1b3e76503a158e0b5bbfceee8e39b9e0baed0d350ffbdf4d1ac7a56f87ab896/merged"[0m[1;39m,
    [0m[34;1m"UpperDir"[0m[1;39m: [0m[0;32m"/var/lib/docker/overlay2/c1b3e76503a158e0b5bbfceee8e39b9e0baed0d350ffbdf4d1ac7a56f87ab896/diff"[0m[1;39m,
    [0m[34;1m"WorkDir"[0m[1;39m: [0m[0;32m"/var/lib/docker/overlay2/c1b3e76503a158e0b5bbfceee8e39b9e0baed0d350ffbdf4d1ac7a56f87ab896/work"[0m[1;39m
  [1;39m}[0m[1;39m,
  [0m[34;1m"Name"[0m[1;39m: [0m[0;32m"overlay2"[0m[1;39m
[1;39m}[0m
[?2004h

: 1

The lower layer has a set of directories

## how overlays work

Overlay filesystems, also known as “union filesystems” or “union mounts” let you mount a filesystem using 2 directories: a “lower” directory, and an “upper” directory.

Basically:

the lower directory of the filesystem is read-only
the upper directory of the filesystem can be both read to and written from
When a process reads a file, the overlayfs filesystem driver looks in the upper directory and reads the file from there if it’s present. Otherwise, it looks in the lower directory.

When a process writes a file, overlayfs will just write it to the upper directory.

In [4]:
mkdir -p docker/overlayfs-test && cd docker/overlayfs-test

[?2004l[?2004h

: 1

In [7]:
mkdir upper lower merged work

[?2004l[?2004h

: 1

In [10]:
pwd && ls

/home/elangovan/workspace/devops/docker/overlayfs-test
total 24
drwxr-xr-x 6 elangovan elangovan 4096 Nov 18 12:49 [0m[01;34m.[0m
drwxr-xr-x 3 elangovan elangovan 4096 Nov 18 12:47 [01;34m..[0m
drwxr-xr-x 2 elangovan elangovan 4096 Nov 18 12:51 [01;34mlower[0m
drwxr-xr-x 2 elangovan elangovan 4096 Nov 18 12:49 [01;34mmerged[0m
drwxr-xr-x 2 elangovan elangovan 4096 Nov 18 12:51 [01;34mupper[0m
drwxr-xr-x 2 elangovan elangovan 4096 Nov 18 12:49 [01;34mwork[0m
[?2004h

: 1

In [9]:
echo "I'm from lower!" > lower/in_lower.txt
echo "I'm from upper!" > upper/in_upper.txt
echo "I'm from lower!" > lower/in_both.txt
echo "I'm from upper!" > upper/in_both.txt

[?2004h[?2004l[?2004l[?2004l

: 1

In [14]:
sudo -S mount -t overlay overlay -o lowerdir=/home/elangovan/workspace/devops/docker/overlayfs-test/lower,\
upperdir=/home/elangovan/workspace/devops/docker/overlayfs-test/upper,\
workdir=/home/elangovan/workspace/devops/docker/overlayfs-test/work \
/home/elangovan/workspace/devops/docker/overlayfs-test/merged < ~/p1

[sudo] password for elangovan: [?2004h

: 1

## Testing after overlayfs mount

"in_both.txt" files are in both lower and upper layer. "both.txt" file from upper layer is visible at the merged layer

![overlay-fs.png](attachment:overlay-fs.png)


In [19]:
ls lower upper merged

lower:4l
total 16
drwxr-xr-x 2 elangovan elangovan 4096 Nov 18 12:51 [0m[01;34m.[0m
drwxr-xr-x 6 elangovan elangovan 4096 Nov 18 12:49 [01;34m..[0m
-rw-r--r-- 1 elangovan elangovan   16 Nov 18 12:51 [00;32min_both.txt[0m
-rw-r--r-- 1 elangovan elangovan   16 Nov 18 12:51 [00;32min_lower.txt[0m

merged:
total 20
drwxr-xr-x 1 elangovan elangovan 4096 Nov 18 12:51 [01;34m.[0m
drwxr-xr-x 6 elangovan elangovan 4096 Nov 18 12:49 [01;34m..[0m
-rw-r--r-- 1 elangovan elangovan   16 Nov 18 12:51 [00;32min_both.txt[0m
-rw-r--r-- 1 elangovan elangovan   16 Nov 18 12:51 [00;32min_lower.txt[0m
-rw-r--r-- 1 elangovan elangovan   16 Nov 18 12:51 [00;32min_upper.txt[0m

upper:
total 16
drwxr-xr-x 2 elangovan elangovan 4096 Nov 18 12:51 [01;34m.[0m
drwxr-xr-x 6 elangovan elangovan 4096 Nov 18 12:49 [01;34m..[0m
-rw-r--r-- 1 elangovan elangovan   16 Nov 18 12:51 [00;32min_both.txt[0m
-rw-r--r-- 1 elangovan elangovan   16 Nov 18 12:51 [00;32min_upper.txt[0m
[?2004h

: 1

In [15]:
cat merged/in_both.txt 

I'm from upper!
[?2004h

: 1

In [16]:
find lower/ upper/ merged/

lower/4l
lower/in_lower.txt
lower/in_both.txt
upper/
upper/in_upper.txt
upper/in_both.txt
merged/
merged/in_lower.txt
merged/in_both.txt
merged/in_upper.txt
[?2004h

: 1

## What happens after creating a new file?

Create a new file in merged layer

In [21]:
echo 'new file' > merged/new_file

[?2004l[?2004h

: 1

In [22]:
ls -l */new_file 

-rw-r--r-- 1 elangovan elangovan 9 Nov 18 15:05 merged/new_file
-rw-r--r-- 1 elangovan elangovan 9 Nov 18 15:05 upper/new_file
[?2004h

: 1

The new file gets created in the upper directory.

## what happens when you delete a file?

In [23]:
rm merged/in_both.txt

[?2004l[?2004h

: 1

In [28]:
ls -l upper lower merged work

lower:4l
total 16
drwxr-xr-x 2 elangovan elangovan 4096 Nov 18 12:51 [0m[01;34m.[0m
drwxr-xr-x 6 elangovan elangovan 4096 Nov 18 12:49 [01;34m..[0m
-rw-r--r-- 1 elangovan elangovan   16 Nov 18 12:51 [00;32min_both.txt[0m
-rw-r--r-- 1 elangovan elangovan   16 Nov 18 12:51 [00;32min_lower.txt[0m

merged:
total 20
drwxr-xr-x 1 elangovan elangovan 4096 Nov 18 15:10 [01;34m.[0m
drwxr-xr-x 6 elangovan elangovan 4096 Nov 18 12:49 [01;34m..[0m
-rw-r--r-- 1 elangovan elangovan   16 Nov 18 12:51 [00;32min_lower.txt[0m
-rw-r--r-- 1 elangovan elangovan   16 Nov 18 12:51 [00;32min_upper.txt[0m
-rw-r--r-- 1 elangovan elangovan    9 Nov 18 15:05 new_file

upper:
total 16
drwxr-xr-x 2 elangovan elangovan 4096 Nov 18 15:10 [01;34m.[0m
drwxr-xr-x 6 elangovan elangovan 4096 Nov 18 12:49 [01;34m..[0m
c--------- 2 root      root      0, 0 Nov 18 15:10 [40;33;01min_both.txt[0m
-rw-r--r-- 1 elangovan elangovan   16 Nov 18 12:51 [00;32min_upper.txt[0m
-rw-r--r-- 1 elangovan elangovan 

: 1

After removing in_both.txt at merged layer, it disappear from merged directory but in upper layer, it shows as a character device

In [35]:
sudo -S ls -al work/index work/work < ~/p1

work/index:
total 8
d--------- 2 root      root      4096 Nov 18 15:10  .
drwxr-xr-x 4 elangovan elangovan 4096 Nov 18 13:12  ..
c--------- 2 root      root      0, 0 Nov 18 15:10 '#c2'

work/work:
total 8
d--------- 2 root      root      4096 Nov 18 13:12 .
drwxr-xr-x 4 elangovan elangovan 4096 Nov 18 13:12 ..
[?2004h

: 1