Comprehensive Guide to File Copying Between Docker Containers and Host Systems

Keywords: Docker | File Copying | Container Technology | Continuous Integration | Multi-stage Build

Abstract: This article provides an in-depth exploration of various technical methods for file copying between Docker containers and host systems. It begins with the fundamental docker cp command, covering container identification and path specification rules. The analysis extends to permission handling mechanisms and symbolic link behaviors during file copying operations. For build scenarios, the article details the application of multi-stage build technology, particularly advanced techniques using FROM scratch and --output options for artifact export. Special system file copying limitations and their solutions are also addressed, supported by comprehensive code examples and practical application scenarios to offer readers complete technical guidance.

Fundamentals of Docker Container File Copying

When using Docker for dependency building in continuous integration environments, copying build artifacts from containers to the host is a common requirement. Docker provides the specialized docker cp command to accomplish this functionality.

Basic Copy Command Syntax

The fundamental syntax of the docker cp command is as follows:

docker cp <containerId>:/file/path/within/container /host/path/target

Where <containerId> can be either the complete container ID or the container name. For example:

$ sudo docker cp goofy_roentgen:/out_read.jpg .

Container Identification Methods

To obtain identification information for running containers, use the docker ps command:

$ sudo docker ps

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                                            NAMES
1b4ad9311e93        bamos/openface      "/bin/bash"         33 minutes ago      Up 33 minutes       0.0.0.0:8000->8000/tcp, 0.0.0.0:9000->9000/tcp   goofy_roentgen

From the output, you can retrieve both the container ID and container name, either of which can be used with the docker cp command. Using partial container IDs is also supported:

$ sudo docker cp 1b4a:/out_read.jpg .

Path Handling Rules

Docker container paths are relative to the container's root directory (/) by default. This means the leading slash is optional, and the following two notations are equivalent:

docker cp container:/tmp/file.txt .
docker cp container:tmp/file.txt .

Local paths can be either absolute or relative. Relative paths are interpreted relative to the current working directory where the docker cp command is executed.

Detailed Copy Behavior

The docker cp command behaves similarly to the Unix cp -a command:

Directories are copied recursively
Permission information is preserved when possible
Files copied to containers have ownership set to the root user
Files copied to the host have ownership set to the user who executed the command

Symbolic Link Processing

By default, docker cp copies symbolic links themselves rather than their targets. To copy the link target instead, use the -L option:

docker cp -L container:/path/to/symlink ./target

Multi-Stage Build Technology

For exporting files during the build process, multi-stage builds provide a more elegant solution. Here's a typical multi-stage build example:

FROM whateverbaseimagea:tag AS builder
RUN dosomething

FROM whateverbaseimageb:tag AS binaries
COPY --from builder /source/path/from/builder/stage /target/path/in/binaries/stage

FROM whateverbaseimagec:tag as final
COPY --from builder /source/different/path/from/builder/stage /target/different/path/in/final/stage

File Export Using FROM scratch

By creating a dedicated stage based on scratch, files can be exported to the host:

FROM scratch as copytohost
COPY --from builder /build/artifacts /

Then build this stage using the --output option:

docker build --target copytohost --output type=local,dest=./artifacts .

Special File Copying Limitations

Certain system files cannot be copied directly via docker cp, including:

Files under the /proc directory
Files under the /sys directory
Special device files under /dev
tmpfs mount points
User-created mount points

Alternative Solutions

For special files that cannot be copied directly, use the tar command in combination with docker exec:

$ docker exec CONTAINER tar Ccf $(dirname SRC_PATH) - $(basename SRC_PATH) | tar Cxf DEST_PATH -

Or:

$ tar Ccf $(dirname SRC_PATH) - $(basename SRC_PATH) | docker exec -i CONTAINER tar Cxf DEST_PATH -

Streaming Copy Functionality

docker cp supports streaming copies using -, allowing reading from standard input or writing tar archives to standard output:

$ docker cp CONTAINER:/var/logs/app.log - | tar x -O | grep "ERROR"

Practical Application Scenarios

In continuous integration environments, typical file copying workflows include:

Executing build tasks within Docker containers
Exporting build artifacts using docker cp or multi-stage builds
Processing or deploying these artifacts on the host system

This approach avoids the complexity of installing all runtimes and libraries on CI agents while maintaining build environment isolation and consistency.

Copyright Notice: All rights in this article are reserved by the operators of DevGex. Reasonable sharing and citation are welcome; any reproduction, excerpting, or re-publication without prior permission is prohibited.