I wonder if I can mount an image(ex. ubuntu image) in docker whose storage driver is devicemapper "without executing it as a container".
Actually I succeeded to mount the filesystem in a container like this.
- type "docker run -it ubuntu"
- type "df -h"
- found that "/dev/dm-3" was mounted on "/var/lib/docker/devicemapper/mnt/b8~~~"
- type "dd if=/dev/dm-3 of=result.dd"
- mount result.dd and found rootfs directory
- look into it
I need to find the way to mount an image without executing it as a container. (I am doing some research in digital forensics.) I already know the command "docker save~", "docker~ export" but I don't mean these things.
I scrutinized under "/var/lib/docker" but only found a suspicious directory which is "/var/lib/docker/image/devicemapper/layerdb/sha256/" and each directory under this path has its own "tar-split.json.gz" file. I untarred it and found that it means some differences between layers?!
And I don't know what to do more form now. Is there anyone who can help me, please ㅜㅜ. I am doing this because when we investigate a docker-based system, we need to look into the filesystem in an image without making the image a container and we need to "dd" the filesystem in it and import the ".dd" file to another computer used for investigation.
