In-Depth Analysis of File System Inspection Methods for Failed Docker Builds

Nov 27, 2025 · Programming · 9 views · 7.8

Keywords: Docker Debugging | Build Failure | Filesystem Inspection | Image Layers | Container Technology

Abstract: This paper provides a comprehensive examination of debugging techniques for Docker build failures, focusing on leveraging the image layer mechanism to access file systems of failed builds. Through detailed code examples and step-by-step guidance, it demonstrates the complete workflow from starting containers from the last successful layer, reproducing issues, to fixing Dockerfiles, while comparing debugging method differences across Docker versions, offering practical troubleshooting solutions for developers.

Fundamental Principles of Docker Build Layer Mechanism

Docker image construction employs a layered filesystem architecture where each successful RUN instruction creates a new image layer. This design not only optimizes storage efficiency but also provides convenient debugging pathways. When build commands fail, developers can inspect filesystem states by accessing specific layers.

Core Methods for Build Failure Debugging

Consider the following Dockerfile example:

FROM busybox
RUN echo 'foo' > /tmp/foo.txt
RUN echo 'bar' >> /tmp/foo.txt

During the build process, Docker outputs the image layer ID for each step:

$ DOCKER_BUILDKIT=0 docker build -t debug-demo .
Sending build context to Docker daemon 47.62 kB
Step 1/3 : FROM busybox
 ---> 00f017a8c2a6
Step 2/3 : RUN echo 'foo' > /tmp/foo.txt
 ---> Running in 4dbd01ebf27f
 ---> 044e1532c690
Removing intermediate container 4dbd01ebf27f
Step 3/3 : RUN echo 'bar' >> /tmp/foo.txt
 ---> Running in 74d81cb9d2b1
 ---> 5bd8172529c1
Removing intermediate container 74d81cb9d2b1
Successfully built 5bd8172529c1

Accessing Filesystem of Specific Build Layers

Starting containers via layer IDs allows inspection of filesystem states at corresponding stages:

$ docker run --rm 044e1532c690 cat /tmp/foo.txt
foo

$ docker run --rm -it 044e1532c690 sh
/ # ls -l /tmp
total 4
-rw-r--r--    1 root     root             4 Mar  9 19:09 foo.txt
/ # cat /tmp/foo.txt 
foo

Handling Build Failure Scenarios

When commands in Dockerfile execution fail, the debugging workflow proceeds as follows:

  1. Identify the ID of the last successfully executed layer
  2. Start an interactive container: docker run --rm -it <last_working_layer> bash -il
  3. Reproduce the failing command within the container
  4. Analyze failure causes and test fixes
  5. Update corresponding commands in Dockerfile

Comparison of Alternative Debugging Approaches

Beyond the successful layer-based method, direct inspection of failed container states is also possible:

$ docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                          PORTS               NAMES
6934ada98de6        42e0228751b3        "/bin/sh -c './utils/"   24 minutes ago      Exited (1) About a minute ago                       sleepy_bell

$ docker commit 6934ada98de6
sha256:7015687976a478e0e94b60fa496d319cdf4ec847bcd612aecf869a72336e6b83

$ docker run -it 7015687976a4 bash -il

This approach is particularly suitable for lengthy build processes, enabling direct access to filesystem states at the moment of failure.

Docker Version Compatibility Considerations

Starting from Docker version 20.10, BuildKit becomes the default build engine. On Linux or macOS systems, traditional build output can be obtained by disabling BuildKit via environment variables:

DOCKER_BUILDKIT=0 docker build ...

Corresponding commands for Windows systems:

# Command Line
set DOCKER_BUILDKIT=0
docker build ...

# PowerShell
$env:DOCKER_BUILDKIT=0
docker build ...

Advanced Debugging Techniques

Using set -ex in RUN instructions enhances error information output:

RUN set -ex && \\
    apt-get update && \\
    apt-get install -y required-packages

This configuration displays detailed trace information during command execution and exits immediately upon encountering errors, facilitating rapid problem localization.

Practical Application Scenario Analysis

Taking CPAN module installation failure as an example, when cpanm command fails due to missing dependencies, accessing the last successful layer allows inspection of log files in the /.cpanm/work directory. After manually installing missing system packages within the container, test whether the cpanm command can execute successfully, then add the identified dependency packages to the Dockerfile.

Summary and Best Practices

The core of Docker build debugging lies in fully utilizing layered architecture characteristics. Developers are advised to regularly commit tests during complex build processes, ensuring each major step can execute independently and successfully. For production environment builds, integrating build cache strategies into CI/CD pipelines is recommended to reduce repetitive build time consumption during debugging processes.

Copyright Notice: All rights in this article are reserved by the operators of DevGex. Reasonable sharing and citation are welcome; any reproduction, excerpting, or re-publication without prior permission is prohibited.