UFS – A special filesystem for docker containers

2022.01.31

Union File System is a file system used in containers. If you are aware about file systems in linux then you might question what is wrong about other linux file systems such as, ext2, ext3, ext4, XFS? 

Well, there seems to be a problem with traditional linux file systems

  • If you initialise a container with X memory and spin more such containers, in traditional file systems this would mean that there is actually X amount of memory specifically dedicated to a particular container till the container is running, but this is not feasible in terms of memory usage efficiency. 
  • There was a need of being able to transfer data between the host OS and the container running on it, which is helpful on many levels, one example of this is collecting container logs right before it shuts down.

The solution to all these problems? You guessed it right, it is UFS.

The Union File System runs on top of other file systems. It presents all the different file systems as a single file system.

The Union File System runs on top of other file systems. It presents all the different file systems as a single file system. But the shocking part is that it is not a file system per se, it is a mounting mechanism, which mounts various file systems to a single directory. This forms a single, coherent file system. Contents of the directories which have the same path within the mounted directory will be the same. 

Properties of UFS

 

  • Logical merging of multiple layers: A UFS should be able to provide a coherent view and access to the multiple file systems running.
  • Read-only upper layers, writable lower layers: In an overlay-type filesystem, the file systems present on a machine are divided into 2 types, upper and lower. If a file with the same name exists in both the lower and upper file systems then the file in the upper layer is shown to the user whereas the one in the lower layer is either hidden or merged with the file in the upper file system.
  • Copy on Write: If multiple callers request for a single resource then copies of this resource are created for each caller. This is maintained till the caller tries to modify its ‘copy’, whenever that happens that particular caller gets its own private copy of the resource to modify.
  • Simulate removal from lower directory through 'whiteout'file: It is a method of removing files in a union file system where there are multiple file systems involved where some of them may be read-only file systems. This way the files to be removed are whitelisted.

Exploring a container’s FS

To explore a container’s file system you just need to run very easy and basic commands. The only prerequisite is that you must have docker installed on your system. 

First you need to start and run a container.

docker run -i -t alpine

This will search the local directory for an image named alpine:latest. If it is not found then docker will fetch the image from its registry and run the container. The -i and -t options open a terminal inside the container through which you can run commands in the container’s shell directly.

Exploring mounts

To see the list of mounts in a container/linux system, just run mount and it will display a list of all mounts along with the file system mounts.

Output of 'mount'

This is essentially the output of the /etc/mtab file. You can display the contents of this file and compare the output to mount

Exploring the whole filesystem

To explore the whole filesystem you can dump the whole FS from the container to your host system by

docker export -o filesystem.tar

You can now do 

tar -tvf filesystem.tar

Contents of the container

As you can see, the above screenshot shows an output of all of the container's filesystem, this output is shown in the above screenshot.

 

I would like to end this blog by dropping this link here which will improve your understanding of UFS on a much deeper and hands on level.