Home Explore Blog Models CI



docker
3rd chunk of `content/manuals/engine/storage/drivers/aufs-driver.md`
dbfb7398d925c387a8523d5833292320ed098f4667d20a9a00000001000008a3
  layer where it is found.

- **The file only exists in the container layer**: If a container opens a file
  for read access and the file exists in the container layer, it is read from
  there.

- **The file exists in both the container layer and the image layer**: If a
  container opens a file for read access and the file exists in the container
  layer and one or more image layers, the file is read from the container layer.
  Files in the container layer obscure files with the same name in the image
  layers.

### Modifying files or directories

Consider some scenarios where files in a container are modified.

- **Writing to a file for the first time**: The first time a container writes
  to an existing file, that file does not exist in the container (`upperdir`).
  The `aufs` driver performs a *copy_up* operation to copy the file from the
  image layer where it exists to the writable container layer. The container
  then writes the changes to the new copy of the file in the container layer.

  However, AUFS works at the file level rather than the block level. This
  means that all copy_up operations copy the entire file, even if the file is
  very large and only a small part of it is being modified. This can have a
  noticeable impact on container write performance. AUFS can suffer
  noticeable latencies when searching for files in images with many layers.
  However, it is worth noting that the copy_up operation only occurs the first
  time a given file is written to. Subsequent writes to the same file operate
  against the copy of the file already copied up to the container.

- **Deleting files and directories**:

  - When a _file_ is deleted within a container, a *whiteout* file is created
    in the container layer. The version of the file in the image layer is not
    deleted (because the image layers are read-only). However, the whiteout
    file prevents it from being available to the container.

  - When a _directory_ is deleted within a container, an _opaque file_ is
    created in the container layer. This works in the same way as a
    whiteout file and effectively prevents the directory from being accessed,
    even though it still exists in the image layer.
Title: AUFS: Details on Modifying and Deleting Files/Directories
Summary
When a container modifies an existing file for the first time, AUFS performs a `copy_up` operation, copying the entire file to the container layer, which can impact write performance. Subsequent writes modify the copy in the container layer. Deleting a file creates a 'whiteout' file in the container layer, preventing access to the original in the image layer. Deleting a directory creates an 'opaque' file, effectively blocking access even though the directory still exists in the image layer.