From the Docker documentation :
The Docker image is read-only. When Docker runs a container from an image, it adds a read-write layer on top of the image (using a UnionFS) in which your application runs.
How are changes reconciled across layers? If I change the content of a file, would Docker only keep track of delta or will it store the altered file in the new layer?
I looked at this discussion at superuser, but still not certain about the final image structure.
If you have a file in a layer and modify it (using RUN, or COPY or ADD), a new layer is created with the new entire file, not delta. Even worse if you only change the permission attributes of the file, RUN chmod 400 file a new layer is created and the whole file content reside in this new layer.
Regards