Docker – questions you have, answers you need

Developers and non-operation teams often ask us about the plain, simple and common tasks in our daily work. We have decided to write a comprehensive article with frequently asked questions on Docker. We plan to update this article as feedback comes with the next questions.

What is Docker?

Docker is a container runtime that uses Linux isolation layers such as namespaces, cgroups and capabilities. It may be compared to several other engines such as OpenVZ or LXC.


What is Docker daemon?

Docker daemon is a REST-driven HTTP server. It is responsible for container creation, management and network specification. From the perspective of the operating system, this is just another daemon running under control of  systemd.


What is Docker registry?

Docker registry is a web-application that provides Docker image layers through an HTTP server. As well as Docker daemon, it’s implementation is based on the REST API principles. There are a lot of different Docker registry solutions on the market:

  • Public ones (Quay, or DockerHub)
  • Open-source ones that you may use as private (Harbor, GitLab Registry, or just Registry)
  • Cloud ones (Elastic Container Service, or Google Container Registry)

How to list Docker containers?

To list currently running containers, you can use the following command:

docker ps
[email protected]:~$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
0e9222a27773        nginx               "/docker-entrypoint.…"   3 seconds ago       Up 2 seconds        80/tcp              affectionate_jennings
[email protected]:~$

And if you want to list all containers, including stopped and finished ones, you’ll have to add -a parameter:

[email protected]:~$ docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                     PORTS               NAMES
77f0db8465ec        nginx               "/docker-entrypoint.…"   16 seconds ago      Exited (0) 3 seconds ago                       beautiful_mahavira
0e9222a27773        nginx               "/docker-entrypoint.…"   32 seconds ago      Up 31 seconds              80/tcp              affectionate_jennings
[email protected]:~$

How to stop a Docker container?

If your container with id 1231421412 and name moby_doby is Running, you can stop it by using any of the two commands below:

docker stop beautiful_mahavira
docker stop 77f0db8465ec

How to access the shell of  Docker container?

You can use docker exec command:

[email protected]:~$ docker exec -it 0e9222a27773 bash
[email protected]:/# exit
[email protected]:~$

How to restart Docker?

It depends on what you want to accomplish. See, restarting the daemon is not the same thing as restarting the container. If you want to restart the whole Docker daemon, you can use the following command:

systemctl restart docker

If you want to restart a specific Docker container, you can execute one of the following commands:

[email protected]:~$ docker restart 0e9222a27773
0e9222a27773
[email protected]:~$
[email protected]:~$ docker restart affectionate_jennings
affectionate_jennings
[email protected]:~$

What is Docker image?

Docker image is a binary version of the application environment. From a technical point of view, Docker image is nothing else than just an archive with a list of layers.


Where are Docker images stored?

Docker images are stored locally at a specified location. By default, you can find them in /var/lib/docker directory.


How to install Docker?

There are multiple ways to install Docker depending on the operating system. To get a version suited for your operating system, visit the official documentation.

As an example, the install process on Ubuntu goes as following:

[email protected]:~# apt -y install docker.io
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
  aufs-tools debootstrap docker-doc rinse zfs-fuse | zfsutils
The following NEW packages will be installed:
  docker.io
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 39.9 MB of archives.
After this operation, 199 MB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 docker.io amd64 19.03.6-0ubuntu1~18.04.1 [39.9 MB]
Fetched 39.9 MB in 5s (8,275 kB/s)
Preconfiguring packages ...
Selecting previously unselected package docker.io.
(Reading database ... 59920 files and directories currently installed.)
Preparing to unpack .../docker.io_19.03.6-0ubuntu1~18.04.1_amd64.deb ...
Unpacking docker.io (19.03.6-0ubuntu1~18.04.1) ...
Setting up docker.io (19.03.6-0ubuntu1~18.04.1) ...
docker.service is a disabled or a static unit, not starting it.
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
[email protected]:~#

How to uninstall Docker?

Similar to the installation, the uninstall process depends on your operating system and the method you did use to install it. For example, CentOS users would do it like this: 

yum -y erase docker
[email protected]:~# apt -y remove docker.io
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  bridge-utils cgroupfs-mount containerd pigz runc ubuntu-fan
Use 'apt autoremove' to remove them.
The following packages will be REMOVED:
  docker.io
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
After this operation, 199 MB disk space will be freed.
(Reading database ... 60129 files and directories currently installed.)
Removing docker.io (19.03.6-0ubuntu1~18.04.1) ...
'/usr/share/docker.io/contrib/nuke-graph-directory.sh' -> '/var/lib/docker/nuke-graph-directory.sh'
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...

Of course, even after the removal of packages, there’s still a lot of leftover artefacts that were left over by Docker, and could be useful in forensics. For example you can find container data and metadata at /var/lib/docker directory:

[email protected]:~# ls -la /var/lib/docker/
total 76
drwx--x--x 14 root root  4096 Aug 15 10:49 .
drwxr-xr-x 38 root root  4096 Aug 11 22:19 ..
drwx------  2 root root  4096 Aug 11 22:19 builder
drwx--x--x  4 root root  4096 Aug 11 22:19 buildkit
drwx------  2 root root  4096 Aug 15 09:52 containers
drwx------  3 root root  4096 Aug 11 22:19 image
drwxr-x---  3 root root  4096 Aug 11 22:19 network
-rwxr-xr-x  1 root root  1473 Aug 15 10:49 nuke-graph-directory.sh
drwx------  3 root root 20480 Aug 15 10:48 overlay2
drwx------  4 root root  4096 Aug 11 22:19 plugins
drwx------  2 root root  4096 Aug 15 10:43 runtimes
drwx------  2 root root  4096 Aug 11 22:19 swarm
drwx------  2 root root  4096 Aug 15 10:46 tmp
drwx------  2 root root  4096 Aug 11 22:19 trust
drwx------  2 root root  4096 Aug 12 13:28 volumes
[email protected]:~#
[email protected]:~# grep 'dockerd' /var/log/syslog  | wc -l
330
[email protected]:~#

How to remove Docker image?

There are multiple ways to remove a container image. The easiest one is to use rmi command that takes either image-name:tag or image_id as an argument:

[email protected]:~$ docker rmi docker.elastic.co/elasticsearch/elasticsearch:7.4.2
Untagged: docker.elastic.co/elasticsearch/elasticsearch:7.4.2
Untagged: docker.elastic.co/elasticsearch/[email protected]:ef0cdf17f8d00d8d90a7872b6672bc44283c6204e86bdf0067f93e9f637aad2a
Deleted: sha256:b1179d41a7b42f921f8ea0c5fa319c8aac4a3083dd733494170428917007e55f
Deleted: sha256:e2510b17662e1f1675956d6110e232bef9ad12d50a510d2c742874101dbccae3
Deleted: sha256:3d654f85b8638a63ee05d8ed180adbebf9540784516b871c286f15850e2d78cb
Deleted: sha256:2a9288f6ffbf7a6691c7ebd5c92f46c8ab613dca90f0083130659e89569c7046
Deleted: sha256:29da76515a152f752dd46997b2a15af334cb30590fc0b400f3f0026fe3e11e96
Deleted: sha256:3b29b1a160d1679cb3ae85d052fc482fdaed98d21bb1f0ee96bb19b7a199c241
Deleted: sha256:013226c026c75e3529aaad1f254488aa3649e649edd067f0568203aced28a06c
Deleted: sha256:877b494a9f30e74e61b441ed84bb74b14e66fb9cc321d83f3a8a19c60d078654
[email protected]:~$
[email protected]:~$ docker rmi b1179d41a7b4
Untagged: docker.elastic.co/elasticsearch/elasticsearch:7.4.2
Untagged: docker.elastic.co/elasticsearch/[email protected]:ef0cdf17f8d00d8d90a7872b6672bc44283c6204e86bdf0067f93e9f637aad2a
Deleted: sha256:b1179d41a7b42f921f8ea0c5fa319c8aac4a3083dd733494170428917007e55f
Deleted: sha256:e2510b17662e1f1675956d6110e232bef9ad12d50a510d2c742874101dbccae3
Deleted: sha256:3d654f85b8638a63ee05d8ed180adbebf9540784516b871c286f15850e2d78cb
Deleted: sha256:2a9288f6ffbf7a6691c7ebd5c92f46c8ab613dca90f0083130659e89569c7046
Deleted: sha256:29da76515a152f752dd46997b2a15af334cb30590fc0b400f3f0026fe3e11e96
Deleted: sha256:3b29b1a160d1679cb3ae85d052fc482fdaed98d21bb1f0ee96bb19b7a199c241
Deleted: sha256:013226c026c75e3529aaad1f254488aa3649e649edd067f0568203aced28a06c
Deleted: sha256:877b494a9f30e74e61b441ed84bb74b14e66fb9cc321d83f3a8a19c60d078654
[email protected]:~$

How to ssh into Docker container?

Docker containers are not designed to run secure shell server – and doing such a thing would not provide any real benefit whatsoever while posing a security threat at the same time. It’s just not worth it. You should use Docker native tooling (e.g. exec command) to access a shell inside a container.
Of course, there are exceptions from this rule. For instance, there are plenty of honeypots, that are designed to expose ssh-server.


What is Docker Swarm?

Docker Swarm is an orchestrator – like Kubernetes, or Nomad – but contrary to those two, Swarm is built into the Docker itself.


Why should I use Docker?

It highly depends on the business and technical requirements of your project. If you’re a small startup that is starting from scratch and your business model allows for an architecture that would benefit from containerized workloads – great. If you’re a large business that in order to migrate their workloads would require a large investment in terms of time and resources, but advantages would be rather minimal – probably not.

If you still want to check if Docker will be useful to your project, you can ask yourself these questions:

  • Are we aiming for horizontal scaling infrastructure?
  • Do we have differences between local, development, and production environments?
  • Are we aiming to use systems resources as much as possible?

If you answered “Yes” more than twice, you could profit from investing into Docker. Please keep in mind these are very generic questions and decisions should be made based on your business and technical needs.


How does Docker container work?

Docker container is simply just another Linux process with cgroups, namespaces, and capabilities applied. Take a look at part of process list:

root      1133  0.0  1.0 888316 42716 ?        Ssl  21:55   0:02 /usr/bin/containerd
root      3188  0.0  0.1   9236  4840 ?        Sl   22:44   0:00  \_ containerd-shim -namespace moby -workdir /var/lib/containerd/io.containerd.runtime.v1.linux/moby
root      3213  0.5  0.1  10628  6112 ?        Ss   22:44   0:00      \_ nginx: master process nginx -g daemon off;
systemd+  3277  0.0  0.0  11024  2528 ?        S    22:44   0:00          \_ nginx: worker process

What language is Docker written in?

Docker is written in Golang.


How to remove all Docker images?

There are a lot of ways to remove all images. The easiest one is to use rmi command:

[email protected]:~$ docker rmi -f $(docker images -q)
Untagged: wpscanteam/wpscan:latest
Untagged: wpscanteam/[email protected]:f3d79f3f7a451183b9a13f4f77a012f3039c0fc628776e2852a97c667cb6a8d1
Deleted: sha256:936139684bfe1608524165a6f19dcb48eb6609a4a08f6ba96f6b31a07214a539
Deleted: sha256:a778224b7b4a5bb2338d0c342db7707c3e7d68f957a0acd27a7f230363ea2d61
Deleted: sha256:63db2e94499076a31f6a99eaeefeb310d7629e454aed361fe7095d35026158b0
Deleted: sha256:246427ecf4d0ee3ff7c7f30749129b1eb9f74059df9d377ff33626268a62dc29
Deleted: sha256:c31c4cb04715ddfbe2e6521f498a70a418fb60a5f1aad35f14ab026203504510
Deleted: sha256:d50f267580381d1ebfee515631c2039a69ab80f6cdfbe75e0fbe6166884eb784
Deleted: sha256:195f6b9c13b066dfc540ab1699f313b9e1f1943bea5431bac51e08e944ebc9f9
Deleted: sha256:0e61c55377b732432f7974785ca853423b7449a4015a9c790bf22133fe93a183
Deleted: sha256:9941c530c24ac213844a1c809db74816c7e31b78956ec938908d0bb5d7632f35
Deleted: sha256:d85f23bc8798cbff15aecfe94e14801481750b830d1cb5099a62caa2150e0b03
Deleted: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a
Error response from daemon: conflict: unable to delete 4bb46517cac3 (cannot be forced) - image is being used by running container 22e79ccca7f3
[email protected]:~$

How to learn more about Docker?

There are plenty of resources available online. However, they are often generic, complicated, and might leave a lot of things not as clarified as they should be. If you’d like a dedicated session tailored to your company’s needs – contact us. We provide comprehensive training on any level of expertise starting from Docker for beginners, through advanced usage of Docker, to best practices and security considerations.


If you want to learn Docker for yourself – check our offer of personal training materials, we’re sure you’ll find something that will suit your needs.

About the author

GDPR