Can a Container Layer Be Written to?

Question
Are container layers immutable or can one be written to?

Answers
Maybe they can be written to. It depends how you define a layer.

Here are quotes and sources that say you cannot write to a layer:

The layers of a container image are all immutable. Immutable means that once generated, the layer cannot ever be changed.

https://medium.com/@goyalsaurabh66/docker-images-838383b367

One of the principles of Docker containers is that an image is immutable -- once built, it’s unchangeable, and if you want to make changes, you’ll get a new image as a result.

https://www.cloudbees.com/blog/container-image-immutability-power-metadata

Immutable containers are containers that have no state. … Immutability improves security by decreasing the damage that can be done by a local compromise. Immutable images themselves have no secrets and save no state that could get corrupted. Immutable containers are trivial to verify because they never change.

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_atomic_host/7/html/container_security_guide/keeping_containers_fresh_and_updateable

Here are quotes and sources that say you can write to a layer:

When you start a container, Docker takes all the layers on your image, and adds a new one on top of it – That’s the read-write layer, and the one containing all the changes you do to your filesystem: File changes, file additions, file deletions.

https://blogs.cisco.com/developer/container-image-layers-1

Docker uses storage drivers to store image layers, and to store data in the writable layer of a container. The container’s writable layer does not persist after the container is deleted, but is suitable for storing ephemeral data that is generated at runtime.

https://docs.docker.com/storage/storagedriver/

As we have discussed, a container image is made of a stack of immutable or read-only layers. When the Docker engine creates a container from such an image, it adds a writable container layer on top of this stack of immutable layers.

https://www.oreilly.com/library/view/learn-docker/9781788997027/9459555d-45ab-4046-a403-c12407665717.xhtml

This Stackoverflow.com posting refers to writable layers of Docker.

Leave a comment

Your email address will not be published. Required fields are marked *