Docker permission issue when mounting volumes on an encrypted llvm partition? - docker

I run a Fedora distribution. My /home is an encrypted volume.
When mounting files or directories as volume with docker using the -v option or through the volumes directory in a docker-compose.yml file I get very weird permissions on the file :
$ touch ~/test
$ docker run -v /home/jkr/test:/test -it --rm nginx bash
$ root#65fcd1754a1d:/# ls -la /
ls: cannot access '/test': Permission denied
total 84
drwxr-xr-x. 1 root root 4096 Aug 30 20:29 .
drwxr-xr-x. 1 root root 4096 Aug 30 20:29 ..
-rwxr-xr-x. 1 root root 0 Aug 30 20:29 .dockerenv
drwxr-xr-x. 2 root root 4096 Aug 16 00:00 bin
drwxr-xr-x. 2 root root 4096 Jun 13 10:30 boot
drwxr-xr-x. 5 root root 360 Aug 30 20:29 dev
drwxr-xr-x. 1 root root 4096 Aug 17 11:46 docker-entrypoint.d
-rwxrwxr-x. 1 root root 1202 Aug 17 11:45 docker-entrypoint.sh
drwxr-xr-x. 1 root root 4096 Aug 30 20:29 etc
drwxr-xr-x. 2 root root 4096 Jun 13 10:30 home
drwxr-xr-x. 1 root root 4096 Aug 17 11:46 lib
drwxr-xr-x. 2 root root 4096 Aug 16 00:00 lib64
drwxr-xr-x. 2 root root 4096 Aug 16 00:00 media
drwxr-xr-x. 2 root root 4096 Aug 16 00:00 mnt
drwxr-xr-x. 2 root root 4096 Aug 16 00:00 opt
dr-xr-xr-x. 490 root root 0 Aug 30 20:29 proc
drwx------. 2 root root 4096 Aug 16 00:00 root
drwxr-xr-x. 3 root root 4096 Aug 16 00:00 run
drwxr-xr-x. 2 root root 4096 Aug 16 00:00 sbin
drwxr-xr-x. 2 root root 4096 Aug 16 00:00 srv
dr-xr-xr-x. 13 root root 0 Aug 30 20:16 sys
-?????????? ? ? ? ? ? test
drwxrwxrwt. 1 root root 4096 Aug 17 11:46 tmp
drwxr-xr-x. 1 root root 4096 Aug 16 00:00 usr
drwxr-xr-x. 1 root root 4096 Aug 16 00:00 var
Notice the permission of the /test file inside the docker
-?????????? ? ? ? ? ? test
If I create this test file on a non encrypted llvm volume e.g. in /opt/ or /tmp then the permission is correct.
Is there any way to mount docker volume on an encrypted partition ?

- means its regular file , when this file is created then which user are use this permission maybe this user is deleted but file is exists thats why ?? is showing

Related

Docker on RHEL 8 creating files and folder with 027 permission

I am running nginxinc/nginx-unprivileged:stable-alpine docker image on RHEL 8.8 server. when docker container starts its creating directory and file with umask 0027.
But my docker 20.10.17 daemon running with Umask of 0022. my server default umask is 0027 this I can't change due to security requirements.
# systemd-analyze dump |egrep -i 'docker|umask'
ReferencedBy: docker.service (destination-file)
UMask: 0022
Here is inside container file system permission on RHEL 8 server.
# ls -l
total 76
drwxr-x--- 1 root root 4096 Jun 16 21:57 app
drwxr-x--- 1 root root 4096 Jun 16 21:57 bin
drwxr-x--- 5 root root 360 Jun 17 20:18 dev
drwxr-x--- 1 root root 4096 Jun 16 21:57 docker-entrypoint.d
-rwxr-x--- 1 root root 1202 Jun 16 21:57 docker-entrypoint.sh
drwxr-x--- 1 root root 4096 Jun 17 20:18 etc
drwxr-x--- 2 root root 4096 Jun 16 21:57 home
drwxrwxrwt 1 root root 4096 Jun 16 21:57 tmp
drwxr-x--- 1 root root 4096 Jun 16 21:57 usr
drwxr-x--- 1 root root 4096 Jun 16 21:57 var
Here is inside container file system permission on windows machine with same docker iamge.
ls -l
drwxr-xr-x 2 root root 4096 May 23 16:51 bin
drwxr-xr-x 5 root root 360 Jun 17 18:39 dev
drwxr-xr-x 1 root root 4096 Jun 16 10:36 docker-entrypoint.d
-rwxr-xr-x 1 root root 1202 Jun 16 10:36 docker-entrypoint.sh
drwxr-xr-x 1 root root 4096 Jun 17 18:39 etc
drwxr-xr-x 2 root root 4096 May 23 16:51 home
drwxr-xr-x 1 root root 4096 May 23 16:51 usr
drwxr-xr-x 1 root root 4096 May 23 16:51 var
How can I make docker container file system created with umask of 0022?
Thanks
when docker container starts
That means you need to build your own image, based on nginxinc/nginx-unprivileged:stable-alpine, with a new entry point like:
#!/bin/sh
# entrypoint.sh
umask 022
# ... other first-time setup ...
exec "$#"
See "Change umask in docker containers" for more details, but the idea remains the same.

Docker Container - Update entry point file

I've Docker Container on Ubuntu and trying to start it that was initially setup by a professional developer (I'm a newbie with docker/container thing)
While starting the container using docker start 16e5e9280bfe -a I get this error
bash: startup.sh: No such file or directory
here is the list of containers
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
16e5e9280bfe 9fc1df773d19 "bash startup.sh" 9 months ago Exited (127) 53 seconds ago mystifying_kapitsa
The Command bash startup.sh has a problem that the docker is not able to find the startup.sh file (probably it gets deleted) and I dont know where this file should be created (need your help in this regards)
I tried to edit the config.v2.json file (removing the CMD and ARG parameter) under /var/lib/docker/containers/16e5e9280bfea319c5094cddb4b2da71b6e461be824b119c32817e281d282f39/ but when I start the container, it get's overwritten by the system and startup.sh appears again in the file
Incase you need to know I've many overlays
drwx------ 3 root root 4096 Mar 15 09:02 09a7c19f2a8e478b75d8362915c9f324fca4a0a02e24637a1e636017ac94306d/
drwx------ 3 root root 4096 Mar 15 09:02 1c8a6778fe9c2285a0fb9497cf033f70c04a16d66e644f93e4d332b7f68e1b5a/
drwx------ 3 root root 4096 Jul 14 2019 1d0c600d79c41bf9b5554fa928a297ac3a359fbff1c8ef903c40809b913ea640/
drwx------ 3 root root 4096 Jul 14 2019 407310e8d2aefdb76bd01fa1675eef1b7512885532703c9f658c14fb9bd16b5d/
drwx------ 3 root root 4096 Mar 15 09:02 63a54717c69963a50921d0c63931674c8547ad032a13de29f585df956e3e8fa5/
drwx------ 3 root root 4096 Feb 27 2018 65a84394f71682bcf7eb92bb77e78525dc594b8688726e2fc2e125fe7c762f4d/
drwx------ 3 root root 4096 Mar 15 09:02 68b4eb941a39414a13e1d20d623f1fa65951cf688e3ef221e3ce7ebb4a3bb5a1/
drwx------ 3 root root 4096 Oct 19 2019 758f8ce11982261aae7c2200e421952f155742cbee4421d73c2ee822b6a44d6d/
drwx------ 3 root root 4096 Mar 4 2018 7cfe53f80077d076c046ffe12bb189c0ae8397c02879e4ab82dfb2970708ff7b/
drwx------ 3 root root 4096 Feb 27 2018 7ea1bc5aab7bdbe917daa8ab70f02a1bbdd5fef3ccd7b5865d5f0b65cf188168/
drwx------ 3 root root 4096 Feb 27 2018 8726b7fc216e2caf30bc6bdfd67aac681c076fe016a3078093a327de0eb86f71/
drwx------ 3 root root 4096 Oct 19 2019 a051306523973e4bb6942c9d9bb58d39fe55e5a4d8ba69bd907285d321f8c361/
drwx------ 4 root root 4096 Mar 15 12:06 a1af7c75c5d4bdd231d5494618851ba1226adf91879e7091cf03313d8b97b89a/
drwx------ 4 root root 4096 Mar 15 07:26 a1af7c75c5d4bdd231d5494618851ba1226adf91879e7091cf03313d8b97b89a-init/
drwx------ 3 root root 4096 Mar 15 09:02 aeea6b5c888be7896a298965b7163ea14343e3bf4bb5ccb8cd2a839cba66e62d/
drwx------ 3 root root 4096 Oct 19 2019 b44ca2240ee9a220eca0598a2f747ad1dfeb439019363189cbec85fb69a74775/
drwx------ 3 root root 4096 Feb 27 2018 bb8c3313a4e30681ac71c8e0279ed72ea94d4fbcb1f6cf6144ac98a238e3df34/
drwx------ 3 root root 4096 Mar 15 09:02 cdbbda1e3e039677378745b5e0a971fabc78d7ca37c6b3c15da45a54037da57b/
drwx------ 3 root root 4096 Feb 27 2018 d1edbc1173ed75f9fc4b800893975bdf3c6f2440f8483fb9e5acb817f19a7e45/
drwx------ 3 root root 4096 Feb 27 2018 e8b6a178f59cfa58f9821b555fbe28ae25ee64a22525271c5d8507dbaa41d553/
drwx------ 3 root root 4096 Feb 27 2018 eb14f3c333daad51203a19145d00d484862c2443f02ad711a28b9bad3bbdf08e/
drwx------ 3 root root 4096 Jul 14 2019 f598570a29c2ba8a452969191bb362431d62ef33a81da9bd4ac2aabaac2027da/
drwx------ 3 root root 4096 Feb 27 2018 ffe7c7b1cc80b55698a1e7bc355fe48595dc07502a59f261821de01fcbc59f49/
This is the config.v2.json File - you may want to check please
{"StreamConfig":{},"State":{"Running":false,"Paused":false,"Restarting":false,"OOMKilled":false,"RemovalInProgress":false,"Dead":false,"Pid":0,"ExitCode":127,"Error":"","StartedAt":"2021-03-15T10:49:57.080556832Z","FinishedAt":"2021-03-15T10:49:57.114871213Z","Health":null},"ID":"16e5e9280bfea319c5094cddb4b2da71b6e461be824b119c32817e281d282f39","Created":"2020-05-31T17:01:37.405644454Z","Managed":false,"Path":"bash","Args":["startup.sh"],"Config":{"Hostname":"16e5e9280bfe","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"ExposedPorts":{"21/tcp":{},"22/tcp":{},"443/tcp":{},"80/tcp":{}},"Tty":true,"OpenStdin":true,"StdinOnce":false,"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","FFMPEG_VERSION=3.3.6","FDKAAC_VERSION=0.1.5","LAME_VERSION=3.99.5","LIBASS_VERSION=0.13.7","OGG_VERSION=1.3.2","OPENCOREAMR_VERSION=0.1.4","OPUS_VERSION=1.2","OPENJPEG_VERSION=2.1.2","THEORA_VERSION=1.1.1","VORBIS_VERSION=1.3.5","VPX_VERSION=1.7.0","X264_VERSION=20170226-2245-stable","X265_VERSION=2.3","XVID_VERSION=1.3.4","FREETYPE_VERSION=2.5.5","FRIBIDI_VERSION=0.19.7","FONTCONFIG_VERSION=2.12.4","LIBVIDSTAB_VERSION=1.1.0","KVAZAAR_VERSION=1.2.0","SRC=/usr/local","LD_LIBRARY_PATH=/usr/local/lib"],"Cmd":["startup.sh"],"Image":"9fc1df773d19","Volumes":{"/var/log/":{}},"WorkingDir":"/var/www/html","Entrypoint":["bash"],"OnBuild":null,"Labels":{}},"Image":"sha256:9fc1df773d198694f22f33c823ea8a05db78dcc7ea787ffafdc6ee95008bcbab","NetworkSettings":{"Bridge":"","SandboxID":"e32693eb6d1f685f8a77187c9f9713558d49248bc47ab6b8a97045ad37856a3e","HairpinMode":false,"LinkLocalIPv6Address":"","LinkLocalIPv6PrefixLen":0,"Networks":{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"1dfe0ae53916827fbc1a6fe18387a7653f48cdc445b823cc3d42cce04a8ac242","EndpointID":"","Gateway":"","IPAddress":"","IPPrefixLen":0,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"","DriverOpts":null,"IPAMOperational":false}},"Service":null,"Ports":null,"SandboxKey":"/var/run/docker/netns/e32693eb6d1f","SecondaryIPAddresses":null,"SecondaryIPv6Addresses":null,"IsAnonymousEndpoint":true,"HasSwarmEndpoint":false},"LogPath":"/var/lib/docker/containers/16e5e9280bfea319c5094cddb4b2da71b6e461be824b119c32817e281d282f39/16e5e9280bfea319c5094cddb4b2da71b6e461be824b119c32817e281d282f39-json.log","Name":"/mystifying_kapitsa","Driver":"overlay","OS":"linux","MountLabel":"","ProcessLabel":"","RestartCount":0,"HasBeenStartedBefore":true,"HasBeenManuallyStopped":false,"MountPoints":{"/var/log":{"Source":"","Destination":"/var/log","RW":true,"Name":"5154e45a0f7d2fe5ce97d406f496474f9247e9413e4fc3ce076b59a45014c60c","Driver":"local","Type":"volume","Spec":{},"SkipMountpointCreation":false},"/var/www/demo":{"Source":"/var/www/demo","Destination":"/var/www/demo","RW":true,"Name":"","Driver":"","Type":"bind","Propagation":"rprivate","Spec":{"Type":"bind","Source":"/var/www/demo","Target":"/var/www/demo"},"SkipMountpointCreation":false},"/var/www/html":{"Source":"/var/www/html","Destination":"/var/www/html","RW":true,"Name":"","Driver":"","Type":"bind","Propagation":"rprivate","Spec":{"Type":"bind","Source":"/var/www/html","Target":"/var/www/html/"},"SkipMountpointCreation":false}},"SecretReferences":null,"ConfigReferences":null,"AppArmorProfile":"docker-default","HostnamePath":"/var/lib/docker/containers/16e5e9280bfea319c5094cddb4b2da71b6e461be824b119c32817e281d282f39/hostname","HostsPath":"/var/lib/docker/containers/16e5e9280bfea319c5094cddb4b2da71b6e461be824b119c32817e281d282f39/hosts","ShmPath":"","ResolvConfPath":"/var/lib/docker/containers/16e5e9280bfea319c5094cddb4b2da71b6e461be824b119c32817e281d282f39/resolv.conf","SeccompProfile":"","NoNewPrivileges":false}
I'm using Ubuntu 18.04.3 LTS
Thank you!
You need to find where is the startup script in the overlays of the image, container and volumes that are attached. You will need to find the last version (last layer) where the file was changed last and modify it there.
However, this is not to be done by someone who do not have in-depth understanding of the docker-engine.
But you don't need to do all this things just to enter in a stopped+failed container.
If a you need the access to the container, what you can do is to create image from the container
docker commit mystifying_kapitsa my_container:latest
Once you have the image, you can use it as a base for new images or, you can create new container from the image like this:
docker exec -ti --name i_am_in my_container:latest /bin/bash
This will give you a shell inside the image from the container and all data that ware in the mystifying_kapitsa will be in.

Where do I find logs for containerized Flask server?

I'm getting status code 500 on my Dockerized Flask server.
I bashed into the container to check the logs:
docker exec -ti container_name /bin/bash
in /var/log I found:
root#b80b0c02fd18:/var/log# ls -al
total 224
drwxr-xr-x 1 root root 4096 Oct 13 21:02 .
drwxr-xr-x 1 root root 4096 Oct 12 07:00 ..
-rw-r--r-- 1 root root 9052 Oct 20 20:50 alternatives.log
drwxr-xr-x 1 root root 4096 Oct 20 20:49 apt
-rw-rw---- 1 root utmp 0 Oct 12 07:00 btmp
-rw-r--r-- 1 root root 164661 Oct 20 20:50 dpkg.log
-rw-r--r-- 1 root root 3232 Oct 12 07:00 faillog
-rw-rw-r-- 1 root utmp 29492 Oct 12 07:00 lastlog
-rw-rw-r-- 1 root utmp 0 Oct 12 07:00 wtmp
I couldn't cat or nano the files faillog nor lastlog so I don't know if the files
are relevant.
Where do I find access log or error log for containerized Flask server ?
docker logs <your container_name> to see the logs of the container
You can also find the logs for the flask app at /var/log/daemon.log

cat: "Permission denied" inside a docker container for existing file with proper permissions

I'm new to docker and started with simple examples, but get "Permission denied":
Gyro#Helper:~$ sudo docker run prakhar1989/static-site sh -c 'echo foo > delete.me;echo bar >> delete.me;ls -l;type cat;ls -l /bin/cat;echo -n "I am ";whoami;cat delete.me'
total 72
drwxr-xr-x 2 root root 4096 Dec 4 2015 bin
drwxr-xr-x 2 root root 4096 Aug 26 2015 boot
-rw-r--r-- 1 root root 8 Feb 15 15:38 delete.me
drwxr-xr-x 5 root root 340 Feb 15 15:38 dev
drwxr-xr-x 1 root root 4096 Feb 15 15:38 etc
drwxr-xr-x 2 root root 4096 Aug 26 2015 home
drwxr-xr-x 9 root root 4096 Nov 27 2014 lib
drwxr-xr-x 2 root root 4096 Dec 4 2015 lib64
drwxr-xr-x 2 root root 4096 Dec 4 2015 media
drwxr-xr-x 2 root root 4096 Dec 4 2015 mnt
drwxr-xr-x 2 root root 4096 Dec 4 2015 opt
dr-xr-xr-x 271 root root 0 Feb 15 15:38 proc
drwx------ 2 root root 4096 Dec 4 2015 root
drwxr-xr-x 3 root root 4096 Dec 4 2015 run
drwxr-xr-x 2 root root 4096 Dec 4 2015 sbin
drwxr-xr-x 2 root root 4096 Dec 4 2015 srv
dr-xr-xr-x 13 root root 0 Dec 26 11:32 sys
drwxrwxrwt 1 root root 4096 Dec 16 2015 tmp
drwxr-xr-x 1 root root 4096 Jan 3 2016 usr
drwxr-xr-x 1 root root 4096 Dec 16 2015 var
-rwxr-xr-x 1 root root 69 Jan 3 2016 wrapper.sh
cat is /bin/cat
-rwxr-xr-x 1 root root 51912 Mar 14 2015 /bin/cat
I am root
cat: delete.me: Permission denied
The original problem was Permission denied on wrapper.sh so I played around a bit to get more information on the problem.
The code and result above tells me that I can create a file named delete.me, append contents, see the file via ls, can check that cat is /bin/cat and has execute permission. I am logged in into the container as user root, but cat won't obey.
Is it a bug?
docker info gives:
Gyro#Helper:~$ sudo docker info
Containers: 38
Running: 0
Paused: 0
Stopped: 38
Images: 5
Server Version: 18.09.9
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 894b81a4b802e4eb2a91d1ce216b8817763c29fb
runc version: N/A
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 5.0.0-32-generic
Operating System: Ubuntu Core 16
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 15.08GiB
Name: x260
ID: JCNS:55GU:FMFK:GJGF:JQ2P:IMSA:JOW2:JT5L:VQOB:QG4C:2NU5:Z6DR
Docker Root Dir: /var/snap/docker/common/var-lib-docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
Thanks to the help of #JohnKugelman it works now.
Key thing is not to call
sudo snap install docker
but
sudo apt install docker.io
Gyro#Helper:~$ sudo snap remove docker
docker removed
Gyro#Helper:~$ sudo docker run prakhar1989/static-site sh -c 'echo foo > delete.me;echo bar >> delete.me;ls -l;type cat;ls -l /bin/cat;echo -n "I am ";whoami;cp delete.me newfile.del;ls -alrt'
sudo: docker: command not found
Gyro#Helper:~$ docker
Command 'docker' not found, but can be installed with:
sudo snap install docker # version 18.09.9, or
See 'snap info docker' for additional versions.
Gyro#Helper:~$ sudo apt install docker.io
Reading package lists... Done
(stuff deleted)
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Processing triggers for ureadahead (0.100.0-21) ...
7[0;51r8[1A[JGyro#Helper:~$
Gyro#Helper:~$ sudo docker run prakhar1989/static-site sh -c 'echo foo > delete.me;echo bar >> delete.me;ls -l;type cat;ls -l /bin/cat;echo -n "I am ";whoami;cp delete.me newfile.del;ls -alrt'
Unable to find image 'prakhar1989/static-site:latest' locally
latest: Pulling from prakhar1989/static-site
(download progress deleted)
total 72
drwxr-xr-x 2 root root 4096 Dec 4 2015 bin
drwxr-xr-x 2 root root 4096 Aug 26 2015 boot
-rw-r--r-- 1 root root 8 Feb 15 17:16 delete.me
drwxr-xr-x 5 root root 340 Feb 15 17:16 dev
drwxr-xr-x 1 root root 4096 Feb 15 17:16 etc
drwxr-xr-x 2 root root 4096 Aug 26 2015 home
drwxr-xr-x 9 root root 4096 Nov 27 2014 lib
drwxr-xr-x 2 root root 4096 Dec 4 2015 lib64
drwxr-xr-x 2 root root 4096 Dec 4 2015 media
drwxr-xr-x 2 root root 4096 Dec 4 2015 mnt
drwxr-xr-x 2 root root 4096 Dec 4 2015 opt
dr-xr-xr-x 292 root root 0 Feb 15 17:16 proc
drwx------ 2 root root 4096 Dec 4 2015 root
drwxr-xr-x 3 root root 4096 Dec 4 2015 run
drwxr-xr-x 2 root root 4096 Dec 4 2015 sbin
drwxr-xr-x 2 root root 4096 Dec 4 2015 srv
dr-xr-xr-x 13 root root 0 Dec 26 11:32 sys
drwxrwxrwt 1 root root 4096 Dec 16 2015 tmp
drwxr-xr-x 1 root root 4096 Jan 3 2016 usr
drwxr-xr-x 1 root root 4096 Dec 16 2015 var
-rwxr-xr-x 1 root root 69 Jan 3 2016 wrapper.sh
cat is /bin/cat
-rwxr-xr-x 1 root root 51912 Mar 14 2015 /bin/cat
I am root
total 84
drwxr-xr-x 9 root root 4096 Nov 27 2014 lib
drwxr-xr-x 2 root root 4096 Aug 26 2015 home
drwxr-xr-x 2 root root 4096 Aug 26 2015 boot
drwxr-xr-x 2 root root 4096 Dec 4 2015 srv
drwxr-xr-x 3 root root 4096 Dec 4 2015 run
drwx------ 2 root root 4096 Dec 4 2015 root
drwxr-xr-x 2 root root 4096 Dec 4 2015 opt
drwxr-xr-x 2 root root 4096 Dec 4 2015 mnt
drwxr-xr-x 2 root root 4096 Dec 4 2015 media
drwxr-xr-x 2 root root 4096 Dec 4 2015 lib64
drwxr-xr-x 2 root root 4096 Dec 4 2015 bin
drwxr-xr-x 2 root root 4096 Dec 4 2015 sbin
drwxrwxrwt 1 root root 4096 Dec 16 2015 tmp
drwxr-xr-x 1 root root 4096 Dec 16 2015 var
-rwxr-xr-x 1 root root 69 Jan 3 2016 wrapper.sh
drwxr-xr-x 1 root root 4096 Jan 3 2016 usr
dr-xr-xr-x 13 root root 0 Dec 26 11:32 sys
drwxr-xr-x 1 root root 4096 Feb 15 17:16 etc
-rwxr-xr-x 1 root root 0 Feb 15 17:16 .dockerenv
dr-xr-xr-x 290 root root 0 Feb 15 17:16 proc
drwxr-xr-x 5 root root 340 Feb 15 17:16 dev
-rw-r--r-- 1 root root 8 Feb 15 17:16 delete.me
-rw-r--r-- 1 root root 8 Feb 15 17:16 newfile.del
drwxr-xr-x 1 root root 4096 Feb 15 17:16 ..
drwxr-xr-x 1 root root 4096 Feb 15 17:16 .
Gyro#Helper:~$ sudo docker run prakhar1989/static-site sh -c 'echo foo > delete.me;echo bar >> delete.me;ls -l;type cat;ls -l /bin/cat;echo -n "I am ";whoami;cat delete.me;ls -alrt'
total 72
drwxr-xr-x 2 root root 4096 Dec 4 2015 bin
drwxr-xr-x 2 root root 4096 Aug 26 2015 boot
-rw-r--r-- 1 root root 8 Feb 15 17:17 delete.me
drwxr-xr-x 5 root root 340 Feb 15 17:17 dev
drwxr-xr-x 1 root root 4096 Feb 15 17:17 etc
drwxr-xr-x 2 root root 4096 Aug 26 2015 home
drwxr-xr-x 9 root root 4096 Nov 27 2014 lib
drwxr-xr-x 2 root root 4096 Dec 4 2015 lib64
drwxr-xr-x 2 root root 4096 Dec 4 2015 media
drwxr-xr-x 2 root root 4096 Dec 4 2015 mnt
drwxr-xr-x 2 root root 4096 Dec 4 2015 opt
dr-xr-xr-x 291 root root 0 Feb 15 17:17 proc
drwx------ 2 root root 4096 Dec 4 2015 root
drwxr-xr-x 3 root root 4096 Dec 4 2015 run
drwxr-xr-x 2 root root 4096 Dec 4 2015 sbin
drwxr-xr-x 2 root root 4096 Dec 4 2015 srv
dr-xr-xr-x 13 root root 0 Dec 26 11:32 sys
drwxrwxrwt 1 root root 4096 Dec 16 2015 tmp
drwxr-xr-x 1 root root 4096 Jan 3 2016 usr
drwxr-xr-x 1 root root 4096 Dec 16 2015 var
-rwxr-xr-x 1 root root 69 Jan 3 2016 wrapper.sh
cat is /bin/cat
-rwxr-xr-x 1 root root 51912 Mar 14 2015 /bin/cat
I am root
foo
bar
total 80
drwxr-xr-x 9 root root 4096 Nov 27 2014 lib
drwxr-xr-x 2 root root 4096 Aug 26 2015 home
drwxr-xr-x 2 root root 4096 Aug 26 2015 boot
drwxr-xr-x 2 root root 4096 Dec 4 2015 srv
drwxr-xr-x 3 root root 4096 Dec 4 2015 run
drwx------ 2 root root 4096 Dec 4 2015 root
drwxr-xr-x 2 root root 4096 Dec 4 2015 opt
drwxr-xr-x 2 root root 4096 Dec 4 2015 mnt
drwxr-xr-x 2 root root 4096 Dec 4 2015 media
drwxr-xr-x 2 root root 4096 Dec 4 2015 lib64
drwxr-xr-x 2 root root 4096 Dec 4 2015 bin
drwxr-xr-x 2 root root 4096 Dec 4 2015 sbin
drwxrwxrwt 1 root root 4096 Dec 16 2015 tmp
drwxr-xr-x 1 root root 4096 Dec 16 2015 var
-rwxr-xr-x 1 root root 69 Jan 3 2016 wrapper.sh
drwxr-xr-x 1 root root 4096 Jan 3 2016 usr
dr-xr-xr-x 13 root root 0 Dec 26 11:32 sys
drwxr-xr-x 1 root root 4096 Feb 15 17:17 etc
-rwxr-xr-x 1 root root 0 Feb 15 17:17 .dockerenv
dr-xr-xr-x 289 root root 0 Feb 15 17:17 proc
drwxr-xr-x 5 root root 340 Feb 15 17:17 dev
-rw-r--r-- 1 root root 8 Feb 15 17:17 delete.me
drwxr-xr-x 1 root root 4096 Feb 15 17:17 ..
drwxr-xr-x 1 root root 4096 Feb 15 17:17 .
Gyro#Helper:~$ sudo docker run --rm prakhar1989/static-site
Nginx is running...

Docker: Where is the image stored in Ubuntu

I created a Docker image.
Its repository name is docker-hello-world and its Docker Image ID is e127d87570f9.
I understood that it should be placed in /var/lib/docker/overlay2/, but when I open this folder this is what I see:
$ sudo ls -alF /var/lib/docker/overlay2/
total 40
drwx------ 10 root root 4096 Dec 28 17:28 ./
drwx--x--x 14 root root 4096 Dec 28 01:35 ../
drwx------ 3 root root 4096 Dec 28 01:35 0a6ee9708ef2529b105ae04ee9279877f23a3408d81ea58433e34f9e278fd90e/
drwx------ 4 root root 4096 Dec 28 17:28 17c9c50edb4ecc6ffd47a688720dfe1b7f5d407ac9eb8f2b0ec5e62eccf9400f/
drwx------ 4 root root 4096 Dec 28 01:36 5fd838043c830a61c6efeeec62c1c1cca9d500556faca5870c526b0a34766a63/
drwx------ 4 root root 4096 Dec 28 01:35 5fd838043c830a61c6efeeec62c1c1cca9d500556faca5870c526b0a34766a63-init/
drwx------ 4 root root 4096 Dec 28 17:28 820dc021f10e31423aaba6ada86fbc06a03aa531d277c5de598e101dd2cd9881/
drwx------ 3 root root 4096 Dec 28 17:28 cfc4379bcf9885bd305fae0f85368941b863bb7533db4d088ffcd397b86f2182/
drwx------ 4 root root 4096 Dec 28 17:28 fa4ffb5887a1cbde6b3e58505119043ec891754bb3d797f1aedf68292c52477b/
drwx------ 2 root root 4096 Dec 28 17:28 l/
Do you know where to look for the image file?

Resources