1apptainer(1) apptainer(1)
2
6 apptainer-shell - Run a shell within a container
7
11 apptainer shell [shell options...]
12
16 apptainer shell supports the following formats:
17 *.sif Singularity Image Format (SIF). Native to Singular‐
20 ity (3.0+) and Apptainer (v1.0.0+)
21 *.sqsh SquashFS format. Native to Singularity 2.4+
24 *.img ext3 format. Native to Singularity versions < 2.4.
27 directory/ sandbox format. Directory containing a valid root
30 file
31 system and optionally Apptainer meta-data.
32 instance://* A local running instance of a container. (See the
35 instance
36 command group.)
37 library://* A SIF container hosted on a Library (no default)
40 docker://* A Docker/OCI container hosted on Docker Hub or an‐
43 other
44 OCI registry.
45 shub://* A container hosted on Singularity Hub.
48 oras://* A SIF container hosted on an OCI registry that sup‐
51 ports
52 the OCI Registry As Storage (ORAS) specification.
53
57 --add-caps="" a comma separated capability list to add
58 --allow-setuid[=false] allow setuid binaries in container (root
61 only)
62 --app="" set an application to run inside a container
65 --apply-cgroups="" apply cgroups from file for container processes
68 (root only)
69 -B, --bind=[] a user-bind path specification. spec has the format
72 src[:dest[:opts]], where src and dest are outside and inside paths. If
73 dest is not given, it is set equal to src. Mount options ('opts') may
74 be specified as 'ro' (read-only) or 'rw' (read/write, which is the de‐
75 fault). Multiple bind paths can be given by a comma separated list.
76 -e, --cleanenv[=false] clean environment before running container
79 --compat[=false] apply settings for increased OCI/Docker compati‐
82 bility. Infers --containall, --no-init, --no-umask, --writable-tmpfs.
83 -c, --contain[=false] use minimal /dev and empty other directories
86 (e.g. /tmp and $HOME) instead of sharing filesystems from your host
87 -C, --containall[=false] contain not only file systems, but also
90 PID, IPC, and environment
91 --disable-cache[=false] dont use cache, and dont create cache
94 --dns="" list of DNS server separated by commas to add in re‐
97 solv.conf
98 --docker-login[=false] login to a Docker Repository interactively
101 --drop-caps="" a comma separated capability list to drop
104 --env=[] pass environment variable to contained process
107 --env-file="" pass environment variables from file to contained
110 process
111 -f, --fakeroot[=false] run container in new user namespace as uid
114 0
115 --fusemount=[] A FUSE filesystem mount specification of the form
118 ': ' - where is 'container' or 'host', specifying where the mount will
119 be performed ('container-daemon' or 'host-daemon' will run the FUSE
120 process detached). is the path to the FUSE executable, plus options
121 for the mount. is the location in the container to which the FUSE
122 mount will be attached. E.g. 'container:sshfs 10.0.0.1:/ /sshfs'. Im‐
123 plies --pid.
124 -h, --help[=false] help for shell
127 -H, --home="/builddir" a home directory specification. spec can
130 either be a src path or src:dest pair. src is the source path of the
131 home directory outside the container and dest overrides the home direc‐
132 tory within the container.
133 --hostname="" set container hostname
136 -i, --ipc[=false] run container in a new IPC namespace
139 --keep-privs[=false] let root user keep privileges in container
142 (root only)
143 --mount=[] a mount specification e.g. 'type=bind,source=/opt,des‐
146 tination=/hostopt'.
147 -n, --net[=false] run container in a new network namespace (sets
150 up a bridge network interface by default)
151 --network="bridge" specify desired network type separated by com‐
154 mas, each network will bring up a dedicated interface inside container
155 --network-args=[] specify network arguments to pass to CNI plugins
158 --no-home[=false] do NOT mount users home directory if /home is
161 not the current working directory
162 --no-https[=false] use http instead of https for docker:// oras://
165 and library:///... URIs
166 --no-init[=false] do NOT start shim process with --pid
169 --no-mount=[] disable one or more mount xxx options set in app‐
172 tainer.conf
173 --no-privs[=false] drop all privileges from root user in con‐
176 tainer)
177 --no-umask[=false] do not propagate umask to the container, set
180 default 0022 umask
181 --nv[=false] enable Nvidia support
184 --nvccli[=false] use nvidia-container-cli for GPU setup (experi‐
187 mental)
188 -o, --overlay=[] use an overlayFS image for persistent data stor‐
191 age or as read-only layer of container
192 --passphrase[=false] prompt for an encryption passphrase
195 --pem-path="" enter an path to a PEM formatted RSA key for an en‐
198 crypted container
199 -p, --pid[=false] run container in a new PID namespace
202 --pwd="" initial working directory for payload process inside the
205 container
206 --rocm[=false] enable experimental Rocm support
209 -S, --scratch=[] include a scratch directory within the container
212 that is linked to a temporary dir (use -W to force location)
213 --security=[] enable security features (SELinux, Apparmor, Sec‐
216 comp)
217 -s, --shell="" path to program to use for interactive shell
220 --syos[=false] execute SyOS shell
223 -u, --userns[=false] run container in a new user namespace, allow‐
226 ing Apptainer to run completely unprivileged on recent kernels. This
227 disables some features of Apptainer, for example it only works with
228 sandbox images.
229 --uts[=false] run container in a new UTS namespace
232 --vm[=false] enable VM support
235 --vm-cpu="1" number of CPU cores to allocate to Virtual Machine
238 (implies --vm)
239 --vm-err[=false] enable attaching stderr from VM
242 --vm-ip="dhcp" IP Address to assign for container usage. Defaults
245 to DHCP within bridge network.
246 --vm-ram="1024" amount of RAM in MiB to allocate to Virtual Ma‐
249 chine (implies --vm)
250 -W, --workdir="" working directory to be used for /tmp, /var/tmp
253 and $HOME (if -c/--contain was also used)
254 -w, --writable[=false] by default all Apptainer containers are
257 available as read only. This option makes the file system accessible as
258 read/write.
259 --writable-tmpfs[=false] makes the file system accessible as read-
262 write with non persistent data (with overlay support only)
263
267 $ apptainer shell /tmp/Debian.sif
268 Apptainer/Debian.sif> pwd
269 /home/gmk/test
270 Apptainer/Debian.sif> exit
271 $ apptainer shell -C /tmp/Debian.sif
273 Apptainer/Debian.sif> pwd
274 /home/gmk
275 Apptainer/Debian.sif> ls -l
276 total 0
277 Apptainer/Debian.sif> exit
278 $ sudo apptainer shell -w /tmp/Debian.sif
280 $ sudo apptainer shell --writable /tmp/Debian.sif
281 $ apptainer shell instance://my_instance
283 $ apptainer shell instance://my_instance
285 Apptainer: Invoking an interactive shell within container...
286 Apptainer container:~> ps -ef
287 UID PID PPID C STIME TTY TIME CMD
288 ubuntu 1 0 0 20:00 ? 00:00:00 /usr/local/bin/apptainer/bin/sinit
289 ubuntu 2 0 0 20:01 pts/8 00:00:00 /bin/bash --norc
290 ubuntu 3 2 0 20:02 pts/8 00:00:00 ps -ef
291
296 apptainer(1)
297
301 22-Jun-2022 Auto generated by spf13/cobra
302Auto generated by spf13/cobra Jun 2022 apptainer(1)