I've been playing around with different ways to get graphical applications working in Docker and in the process creates some large images.

For example, the '-desktop' images below are ending up over 1GB in size:

$ docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
vnc-desktop         latest              0a735a285bff        5 minutes ago       1.2GB
vnc-server          latest              187dfbdbd7b2        8 minutes ago       281MB
<none>              <none>              80b195ed612a        2 days ago          1.2GB
<none>              <none>              f3f5df00776c        2 days ago          1.2GB
firefox             latest              153457306c0a        2 days ago          593MB
x2go-desktop        latest              aed4c9257d0e        7 days ago          1.27GB
x2go-server         latest              98420596959f        7 days ago          646MB
debian              latest              e1de74e67cc7        3 weeks ago         101MB

One of the important ideas with Docker, from people I've spoken to and listed as #3 in the 10 things to avoid in docker containers from RedHat, is to keep the images small.

So, the first question is clearly "how do I find out what is causing the size?". Docker uses a layered, copy on write, file-system to build it's images. So, our first place to look is at what is causing the size:

$ docker history vnc-desktop
IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
0a735a285bff        33 seconds ago      /bin/sh -c chmod 755 /usr/bin/encfs-*mount ;…   1.12kB
f8527d83c945        34 seconds ago      /bin/sh -c #(nop) COPY --chown=1000:1000mult…   77B
e3e7bf9d4dd7        35 seconds ago      /bin/sh -c #(nop) COPY file:312ccb167fba5e01…   341B
43ac331b16e3        35 seconds ago      /bin/sh -c #(nop) COPY file:93e855a31685c780…   698B
cf2d30c50cf1        35 seconds ago      /bin/sh -c apt-get install rsync                3.73MB
b135c3a993a0        41 seconds ago      /bin/sh -c apt-get install -qy firefox-esr r…   915MB
1671caaa13ff        3 minutes ago       /bin/sh -c #(nop)  USER root                    0B
187dfbdbd7b2        3 minutes ago       /bin/sh -c #(nop)  CMD ["/usr/bin/vncserver"…   0B
a1392420ea15        2 days ago          /bin/sh -c #(nop)  USER developer               0B
936fd8b9efaf        2 days ago          /bin/sh -c #(nop)  EXPOSE 5901                  0B
4f1bcb3bfb9e        2 days ago          /bin/sh -c useradd -m -s /bin/bash -u 1000 d…   333kB
31ae50a22d11        2 days ago          /bin/sh -c apt-get update ;  apt-get install…   180MB
ca2f7546fb51        2 days ago          /bin/sh -c #(nop)  ENV DEBIAN_FRONTEND=nonin…   0B
e1de74e67cc7        3 weeks ago         /bin/sh -c #(nop)  CMD ["bash"]                 0B
<missing>           3 weeks ago         /bin/sh -c #(nop) ADD file:6e8620824300ccf37…   101MB
Here we can see that the base image is 101MB in size, and 915MB is being added by the command to install Firefox (and other packages).

My next question is "so, what did the firefox (et al.) install actually change?". Well, the solution I've found so far is to "save" the container image at the point I want to examine:

$ docker save -o test.tar b135c3a993a0
This will include a copy of each layer's filesystem:
$ tar tf test.tar
7b32155dab22eb0d5faa197e7fc7f329795be9becd26480163dd8ec2b2477170/
7b32155dab22eb0d5faa197e7fc7f329795be9becd26480163dd8ec2b2477170/VERSION
7b32155dab22eb0d5faa197e7fc7f329795be9becd26480163dd8ec2b2477170/json
7b32155dab22eb0d5faa197e7fc7f329795be9becd26480163dd8ec2b2477170/layer.tar
acd89b57bf313b92fb5c0a0e516293b94d95d3ea427d1a3f8f7bc55ba175f19e/
acd89b57bf313b92fb5c0a0e516293b94d95d3ea427d1a3f8f7bc55ba175f19e/VERSION
acd89b57bf313b92fb5c0a0e516293b94d95d3ea427d1a3f8f7bc55ba175f19e/json
acd89b57bf313b92fb5c0a0e516293b94d95d3ea427d1a3f8f7bc55ba175f19e/layer.tar
b135c3a993a09634e204cb0fc11f5fa6801d082e1a47471d50708b8f871ea2a1.json
d88eb1165788d0215ba51050b3496086541d32505b4a8c24a8284f2636f4cf4a/
d88eb1165788d0215ba51050b3496086541d32505b4a8c24a8284f2636f4cf4a/VERSION
d88eb1165788d0215ba51050b3496086541d32505b4a8c24a8284f2636f4cf4a/json
d88eb1165788d0215ba51050b3496086541d32505b4a8c24a8284f2636f4cf4a/layer.tar
e14687248cea12d8112c3102c8d16604829553403933cda75612e49d5724d027/
e14687248cea12d8112c3102c8d16604829553403933cda75612e49d5724d027/VERSION
e14687248cea12d8112c3102c8d16604829553403933cda75612e49d5724d027/json
e14687248cea12d8112c3102c8d16604829553403933cda75612e49d5724d027/layer.tar
manifest.json
The manifest.json file has an ordered list of the stack of filesystems that make up the image, from bottom to top:
$ tar xf test.tar manifest.json
$ cat manifest.json
[{"Config":"b135c3a993a09634e204cb0fc11f5fa6801d082e1a47471d50708b8f871ea2a1.json","RepoTags":null,"Layers":["e14687248cea12d8112c3102c8d16604829553403933cda75612e49d5724d027/layer.tar","acd89b57bf313b92fb5c0a0e516293b94d95d3ea427d1a3f8f7bc55ba175f19e/layer.tar","7b32155dab22eb0d5faa197e7fc7f329795be9becd26480163dd8ec2b2477170/layer.tar","d88eb1165788d0215ba51050b3496086541d32505b4a8c24a8284f2636f4cf4a/layer.tar"]}]
So I can see that d88eb1165788d0215ba51050b3496086541d32505b4a8c24a8284f2636f4cf4a is the top layer. Extracting the layer and checking its json information confirms it is the layer related to the firefox-esr install:
$ tar xf test.tar d88eb1165788d0215ba51050b3496086541d32505b4a8c24a8284f2636f4cf4a
$ cat d88eb1165788d0215ba51050b3496086541d32505b4a8c24a8284f2636f4cf4a/json
{"id":"d88eb1165788d0215ba51050b3496086541d32505b4a8c24a8284f2636f4cf4a","parent":"7b32155dab22eb0d5faa197e7fc7f329795be9becd26480163dd8ec2b2477170","created":"2019-07-04T14:47:47.97801335Z","container":"23844897ffb1de131f2c27fa7f8021d480708b351a6a207d6e18b04bf5441376","container_config":{"Hostname":"","Domainname":"","User":"root","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"ExposedPorts":{"5901/tcp":{}},"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","DEBIAN_FRONTEND=noninteractive"],"Cmd":["/bin/sh","-c","apt-get install -qy firefox-esr rox-filer vlc feh openbox encfs gedit"],"ArgsEscaped":true,"Image":"sha256:1671caaa13ffc8e67c220ecb2f4ff59a066944fe05fc68ef8deb8bcfef1c4440","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"docker_version":"18.09.2","config":{"Hostname":"","Domainname":"","User":"root","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"ExposedPorts":{"5901/tcp":{}},"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","DEBIAN_FRONTEND=noninteractive"],"Cmd":["/usr/bin/vncserver",":1","-fg","-SecurityTypes","None"],"ArgsEscaped":true,"Image":"sha256:1671caaa13ffc8e67c220ecb2f4ff59a066944fe05fc68ef8deb8bcfef1c4440","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"architecture":"amd64","os":"linux"}}
So now I can see what files changed by looking at the tar archive contents (in verbose mode to see sizes etc):
$ tar tvf d88eb1165788d0215ba51050b3496086541d32505b4a8c24a8284f2636f4cf4a/layer.tar
drwxr-xr-x  0 0      0           0  4 Jul 15:46 bin/
-rwxr-xr-x  0 0      0       35448 29 Jan  2017 bin/bunzip2
-rwxr-xr-x  0 0      0           0 29 Jan  2017 bin/bzcat link to bin/bunzip2
lrwxrwxrwx  0 0      0           0 29 Jan  2017 bin/bzcmp -> bzdiff
-rwxr-xr-x  0 0      0        2140 29 Jan  2017 bin/bzdiff
lrwxrwxrwx  0 0      0           0 29 Jan  2017 bin/bzegrep -> bzgrep
-rwxr-xr-x  0 0      0        4877 29 Jan  2017 bin/bzexe
lrwxrwxrwx  0 0      0           0 29 Jan  2017 bin/bzfgrep -> bzgrep
-rwxr-xr-x  0 0      0        3642 29 Jan  2017 bin/bzgrep
-rwxr-xr-x  0 0      0           0 29 Jan  2017 bin/bzip2 link to bin/bunzip2...
...
drwxr-xr-x  0 0      0           0  4 Jul 15:47 var/log/
-rw-r--r--  0 0      0        6908  4 Jul 15:47 var/log/alternatives.log
drwxr-xr-x  0 0      0           0  4 Jul 15:45 var/log/apt/
-rw-r--r--  0 0      0       27232  4 Jul 15:45 var/log/apt/eipp.log.xz
-rw-r--r--  0 0      0       25285  4 Jul 15:47 var/log/apt/history.log
-rw-r-----  0 0      4      132119  4 Jul 15:47 var/log/apt/term.log
-rw-r--r--  0 0      0      316375  4 Jul 15:47 var/log/dpkg.log
-rw-r--r--  0 0      0       32032  4 Jul 15:47 var/log/faillog
-rw-r--r--  0 0      0        1206  4 Jul 15:47 var/log/fontconfig.log
-rw-rw-r--  0 0      43     292292  4 Jul 15:47 var/log/lastlog
Finally I can sort this by the size column, numerically, to see which files are the largest:
$ tar tvf d88eb1165788d0215ba51050b3496086541d32505b4a8c24a8284f2636f4cf4a/layer.tar | sort -k5 -n
-rw-------  0 0      0           0  4 Jul 15:47 var/lib/dpkg/triggers/Lock
-rw-------  0 0      0           0 10 Jun 01:00 etc/.pwd.lock
-rw-------  0 0      0           0 10 Jun 01:00 var/cache/debconf/passwords.dat
-rw-r-----  0 0      0           0  2 Jul 15:58 var/cache/apt/archives/lock
-rw-r-----  0 0      0           0  4 Jul 15:46 var/lib/dpkg/lock
-rw-r--r--  0 0      0           0  4 Jul 15:45 var/lib/python/python3.5_installed
-rw-r--r--  0 0      0           0  4 Jul 15:46 var/lib/dpkg/info/zeroinstall-injector.md5sums
-rw-r--r--  0 0      0           0  4 Jul 15:46 var/lib/emacsen-common/state/package/installed/dictionaries-common
-rw-r--r--  0 0      0           0  4 Jul 15:46 var/lib/emacsen-common/state/package/installed/emacsen-common
...
-r--r--r--  0 0      0     8581174  4 Jul 15:46 lib/udev/hwdb.bin
-rw-r--r--  0 0      0    10651648  5 Oct  2016 usr/lib/x86_64-linux-gnu/libx265.so.95
-rw-r--r--  0 0      0    13196568 21 May 23:04 usr/lib/x86_64-linux-gnu/libavcodec.so.57.64.101
-rw-r--r--  0 0      0    16901754 20 Jun 18:48 usr/lib/firefox-esr/omni.ja
-rw-r--r--  0 0      0    16930664 30 Jan  2018 usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18.6.15
-rw-r--r--  0 0      0    25675624 14 Mar  2018 usr/lib/x86_64-linux-gnu/libicudata.so.57.1
-rw-r--r--  0 0      0    34491722 20 Jun 18:48 usr/lib/firefox-esr/browser/omni.ja
-rw-r--r--  0 0      0    43481520 30 Jan  2018 usr/lib/x86_64-linux-gnu/libwebkit2gtk-4.0.so.37.24.9
-rw-r--r--  0 0      0    97688800 20 Jun 18:48 usr/lib/firefox-esr/libxul.so