16 lines
840 B
Plaintext
16 lines
840 B
Plaintext
When building a Docker image from a Dockerfile, a context directory is used and
|
|
sent to the Docker daemon before the actual build starts. This context
|
|
directory usually contains the Dockerfile itself, along with all the files that
|
|
will be necessary for the build to succeed. This generally includes:
|
|
|
|
* the source code of applications to set up in the container.
|
|
* configuration files for other software components.
|
|
* other necessary packages or components.
|
|
|
|
The `COPY` and `ADD` directives in the Dockerfiles are then used to actually
|
|
copy content from the context directory to the image file system.
|
|
|
|
When `COPY` or `ADD` are used to recursively copy entire top-level directories
|
|
or multiple items whose names are determined at build-time, unexpected files
|
|
might get copied to the image filesystem. It could affect their
|
|
confidentiality. |