How to view files inside docker image without running it? (NOTE: THIS QUESTION IS HOW TO READ FILES WITHOUT RUNNING THE CONTAINER) [duplicate]

About

Asked 10/2, 2021 at 16:57 Answered 10/2, 2021 at 16:59

Solved docker

Sometimes running the docker image fails so ssh’ing into the container is not an option. in that cases how do we see the content inside container?

There is a existing question but mistakenly marked as duplicate. how to browse docker image without running it?

NOTE: To stupid Moderators with stupid EGO, Please read the question PROPERLY before making judgement about closing the problem. Don't think you know better than others.

Countrywoman answered 10/2, 2021 at 16:57 Comment(4)

The duplicate target of the question you cited has a couple of examples that don't involve running the container (docker export trying to examine the /var/lib/docker content directly). Mostly, though, you do need to actually run the image in some form to look around. – Regenaregency 10/2, 2021 at 18:19

Also consider docker run --rm -it imagename bash to get a temporary container, running an interactive shell instead of the default image CMD. This will let you explore things, and also try just running what the standard command should have been and see how it fails. – Regenaregency 10/2, 2021 at 18:20

1. I correctly stated that the question stated as duplicate is not a duplicate. – Countrywoman 4/3, 2021 at 16:32

2. the intention of this question IS TO EXAMINE WITHOUT RUNNING THE DOCKER CONTAINER – Countrywoman 4/3, 2021 at 16:33

Answering my own question.

you can add something like to override the entry point in the Dockerfile and run ls or cat command to see inside.

ENTRYPOINT ls /etc/fluentd

Countrywoman answered 10/2, 2021 at 16:59 Comment(3)

You can also docker run --rm --entrypoint ls imagename /etc/fluentd without modifying the Dockerfile. This is kind of awkward, and you might update the Dockerfile to use CMD instead of ENTRYPOINT; then you could docker run --rm imagename ls /etc/fluentd. – Regenaregency 10/2, 2021 at 18:17

How is this "not running the container"? You're setting up all the namespaces -- the filesystem namespace, the user namespace, the PID namespace -- and invoking a process inside it. That's running the container. In particular, if the container contains a compromised ls executable, you just invoked that executable. (Even worse, if it contains a compromised /bin/sh executable, you just ran that, because this is really running sh -c 'ls /etc/fluentd' in the container). – Translucid 7/3, 2023 at 18:37

Whereas the docker export answer in the linked duplicate really is operating without running the container at all, and -- unlike the answer here -- works even if the container doesn't have sh or ls executables inside it. So that duplicate genuinely does have a legitimate answer to your question as you asked it, whereas the answer you added yourself doesn't meet your own specification. – Translucid 7/3, 2023 at 18:40

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags