How Docker container volumes work even when they aren't running?

Question

Take a typical data only Docker container:

FROM stackbrew/busybox:latest

RUN mkdir /data
VOLUME /data

Now I have seen a great deal of them that are run like this:

docker run -name my-data data true

The true command exits as soon as it runs, and so does the container. But surprisingly it continues to serve the volume when you connect it with another container via --volumes-from my-data.

My question is, how does that work? How does a stopped container still allow access in it's volumes?

Answer 1

Volumes in docker are not a top-level thing. They are "simply" part of container's meta-data.

When you have VOLUME in your dockerfile or start a container with -v, Docker will create a directory in /var/lib/docker/volumes* with a random ID (this is the exact same process as creating an image with commit except it is empty) and add that random ID to the container's metadata.

When the container starts, Docker will mount-bind the directory /var/lib/docker/volumes/* at the given location for that volume.

When you use volumes-from, Docker will just lookup the volume id and the location from an other container, running or not and mount-bind the directory at the set location.

Volumes are not linked with the runtime, it is just directories that are mounted.

* With newer versions, Docker now uses the vfs driver for storage and /var/lib/docker/volumes/ is used only for metadatas like size, create time, etc. The actual data are stored in /var/lib/docker/vfs/dir/<volume id>