Docker - Image

Card Puncher Data Processing


This page is about the container image in Docker.

OCI is the standardized container format used by Docker



Docker stores downloaded images on the Docker host at the Docker Root Dir location

sudo ls /var/lib/docker/image/aufs
distribution       imagedb            layerdb            repositories.json


# or
# or where tag default to latest (ie same repository:latest)
# Sha
# In the registry, all content is content addressable, referenced by a digest (currently sha256)


  • sha256:e90fc3a is the digest
  • user identify user images. The user that created the image. For example the image training/sinatra has been created by the user training.


  • One
docker images --filter reference=image-name
  • All
docker images
REPOSITORY          TAG                 IMAGE ID            CREATED              SIZE
docker-whale        latest              1351cae1fdfb        About a minute ago   275.1 MB
ubuntu              latest              f753707788c5        7 weeks ago          127.2 MB
hello-world         latest              c54a2cc56cbb        5 months ago         1.848 kB
docker/whalesay     latest              6b362a9f73eb        18 months ago        247 MB
training/webapp     latest              6fae60ef3446        19 months ago        348.8 MB


  • repository is what repository they came from, for example ubuntu.
  • tag are the tags for each image, for example 14.04.
  • Image id: The image ID of each image.







See Docker - Tag (Tag, push, and pull your image)

A repository potentially holds multiple variants of an image

In the case of the ubuntu image, there is multiple variants covering Ubuntu 10.04, 12.04, 12.10, 13.04, 13.10 and 14.04. Each variant is identified by a tag and you can refer to a tagged image like so:



In the registry, all images are content addressable, referenced by a digest (currently sha256)

Example of image referencing with digest

# the format
# an example

To see the digest for images:

docker images --digests

To pull with a digest

docker pull NAME@sha256:xxx

Build Version

Next to the tag, image may have more labels to set more defiinition on the build.

Example: with inspect and the label build_version

docker inspect -f '{{ index .Config.Labels "build_version" }}' <image_name>


A base image is a minimal linux image where you start to build more complicated image. See Docker - dockerfile



docker rmi -f (name or id)


See also: Docker - Clean (Removing Image and Container)


Visualization of the image and their different layer:

(Pre) load

Docker will automatically download any image you use that isn’t already present on the Docker host when you try to run it. If you want to pre-load an image you can download it using the docker pull


When doing a pull, you can see that each layer of the image has been pulled down

docker pull centos
Using default tag: latest
latest: Pulling from library/centos
f1b10cd84249: Pull complete
c852f6d61e65: Pull complete
7322fbe74aa5: Pull complete
Digest: sha256:90305c9112250c7e3746425477f1c4ef112b03b4abe78c612e092037bfecc3b7
Status: Downloaded newer image for centos:latest


To create an image, you can

  • use a Dockerfile to specify instructions to (create|build) an image.
  • create a commit from an existing container
docker commit containerName imageName


You can update a container created from an image and commit the results to an image.

You can commit the changes made to an image

docker commit -m "Added json gem" -a "Kate Smith"  0b2616b0e5a8 ouruser/sinatra:v2


  • -m: commit message
  • -a: commit author
  • 0b2616b0e5a8: the container ID
  • ouruser/sinatra:v2: the target image


# docker search searchTerm
docker search oracle
NAME                             DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
wnameless/oracle-xe-11g          Oracle Express 11g R2 on Ubuntu 16.04 LTS       352                  [OK]
oraclelinux                      Oracle Linux is an open-source operating s...   260       [OK]
alexeiled/docker-oracle-xe-11g   This is a working (hopefully) Oracle XE 11...   185                  [OK]
sath89/oracle-12c                Oracle Standard Edition 12c Release 1 with...   78                   [OK]
sath89/oracle-xe-11g             Oracle xe 11g with database files mount su...   76                   [OK]


  • OFFICIAL means that it comes from an official repository
  • AUTOMATED means that the build is automated.


A container is a running instance of an image that you create with a run command.

See Docker - Containers

Save / Export

docker save [OPTIONS] IMAGE [IMAGE...]


To see the property of the image such as the entrypoint, you can use the inspect command

How to see the files (mount)

Docker image are just a file store that you can run.

Example with mkfs where they are transformed as a the ext3 file system format 1)

#!/usr/bin/env bash

set -euo pipefail


# We have to pick a fixed size in advance for the .img file we create, so base it on the size
# of the original Docker image to avoid either wasting space or having the later tar extraction
# step fail with out of disk space errors. The image will be mounted read-only at runtime, so
# does not need free space for app files (separate mounts are used for those). The multiplier
# here is to account for the 5-6% loss of usable space due to ext3 filesystem overhead, as well
# as to ensure a few MB additional free space headroom.

echo "Using file size of ${IMG_SIZE_IN_MB} MB based on Docker image size of ${DOCKER_IMAGE_SIZE_IN_MB} MB"

mkdir -p "$(dirname "$IMG")"

# Create an empty file of the specified size.
# Using `fallocate` instead of `dd` since it's faster, simpler for this use-case, and doesn't
# suffer from `dd`'s non-determinism when attempting to copy an exact number of bytes:
fallocate --length "${IMG_SIZE_IN_MB}MiB" "${IMG}"

# Format that file as an ext3 filesystem.
# The `-T` argument forces the 'default' config profile to be used, since otherwise if the filesystem size
# is less than 512 MB (as is the case for Heroku-24's run image) the 'small' profile would be used instead.
# The `-m` argument reduces reserved-blocks-percentage from its default of 5% to 1%.
# TODO: Switch to calling `mkfs.ext3` or `mke2fs -t ext3` since the `mkfs` alias is deprecated:
mkfs -t ext3 -T default -m 1 -v "$IMG"

# Adjust the filesystem parameters for improved performance on runtime instances.
# The `-c` and `-i` arguments disable automatic filesystem checks, which are otherwise run based
# on number of times the image is mounted, or how much time has passed since the last check.
tune2fs -c 0 -i 0 "$IMG"

It is then just a file store format that you can mount 2)

#!/usr/bin/env bash

set -euo pipefail


mkdir -p "$IMG_MNT"
mount -o loop,noatime,nodiratime "$IMG" "$IMG_MNT"

Documentation / Reference

Discover More
Card Puncher Data Processing

is a lightweight virtualization platform. allows you to run Linux and windows applications (image inside containers). The project provides the means of packaging applications in lightweight containers...
Card Puncher Data Processing
Docker - (Virtual) Host (or Machine or Server) - Docker Type

This page is the host machine in Docker (ie the machine where the daemon is installed). Before a host was created through the docker-machine executable (creation, start, stop,...) but with the WSL...
Docker - Architecture

The docker architecture is composed of: an host where the daemon run a daemon that manage and run all Docker object (such as image and container) a registry to download and push image a docker...
Docker Build Context
Docker - Build (an image from a Dockerfile)

The build command creates an image from: a Dockerfile. and a build context : A build context is a list of files sent to the daemon. Example: All files from: a directory if they are not in ignore...
Card Puncher Data Processing
Docker - Clean (Removing Image and Container)

Docker host disk sizing management. Docker stores all layers/images in its file formate (i.e. aufs) in default /var/lib/docker directory. Remove the container that where not used months ago See...
Card Puncher Data Processing
Docker - Commit (Image History)

Create a new image from a container's changes A RUN instruction in a build dockerfile generates commits. containers can then be created from any point in an image’s history, much like source control....
Docker For Windows Switch Container Type
Docker - Containers

in Docker. A container is a running instance of an image. Docker containers only run as long as the command you specify is active. A container ID uniquely identifies a container. A container...
Docker Daemon
Docker - Daemon - dockerd

The Docker daemon (dockerd) is the hypervisor background process that the docker cli command is calling under the hood. It's a runtime for containers. a background service running on the host that...
Card Puncher Data Processing
Docker - Docker Root Dir (Docker Data Storage Path)

The docker root dir is the root path where all data docker is stored. On Windows Docker Desktop, it's stored inside the docker-desktop-data image. Log into the host And select it where:...
Docker Run Container Explainer
Docker - Getting Started

install docker To generate this message, Docker took the following steps: 1- The Docker client contacted the Docker daemon. 2- The Docker daemon pulled the “hello-world” image from the Docker...

Share this page:
Follow us:
Task Runner