✦ For everyone, free.

Practical knowledge for real and everyday life

Home

8.1.2.1 Runtime Read Only Layers

A focused guide to Runtime Read Only Layers, connecting core concepts with practical Docker and container operations.

Runtime read-only layers are the immutable image layers a container's filesystem is built upon while it runs, contributing the bulk of its filesystem content without ever being directly modifiable by anything happening inside that running container.

How These Layers Contribute to the Running Container

At runtime, the storage driver presents these read-only layers as part of a single, unified filesystem view, even though they remain entirely unmodified and unmodifiable for the container's entire life.

docker run -d --name myapp myapp:1.0
docker exec myapp cat /etc/os-release

This file is read directly from one of the image's read-only layers, with the running container having no ability to permanently alter that specific layer's actual content.

Why Multiple Containers Can Safely Share These Layers

Because these layers are guaranteed never to change, many containers created from the same image can safely share them simultaneously, with the storage driver only needing to maintain one copy of this shared, read-only content regardless of how many containers are actually using it.

docker run -d --name container-a myapp:1.0
docker run -d --name container-b myapp:1.0
docker system df -v

This reveals that the shared image layers are stored once, not duplicated for each container using them, demonstrating the storage efficiency this immutability enables.

Why Attempting to Modify Them Doesn't Actually Work

An operation that appears to modify a file originating from a read-only layer actually triggers copy-on-write, creating a modified copy in the container's own writable layer rather than altering the underlying read-only layer itself.

docker exec myapp sh -c "echo 'modified' > /etc/hostname"
docker run -d --name fresh-container myapp:1.0
docker exec fresh-container cat /etc/hostname

This newly created container shows the original, unmodified content, confirming the earlier change only ever affected the first container's own writable layer.

Why Understanding Runtime Read-Only Layers Matters

Recognizing the immutability of these shared, read-only layers — and the storage efficiency this immutability provides — clarifies fundamentally how Docker achieves its characteristic, efficient sharing of common content across many containers built from the same image.

Related content