1singularity(1)                                                  singularity(1)
2
3
4

NAME

6       singularity-run  -  Run  the user-defined default command within a con‐
7       tainer
8
9
10

SYNOPSIS

12       singularity run [run options...]
13
14
15

DESCRIPTION

17       This command will launch a Singularity container  and  execute  a  run‐
18       script
19         if  one  is  defined  for that container. The runscript is a metadata
20       file within
21         the container that contains shell commands. If the  file  is  present
22       (and
23         executable)  then this command will execute that file within the con‐
24       tainer
25         automatically. All arguments following the  container  name  will  be
26       passed
27         directly to the runscript.
28
29
30       singularity run accepts the following container formats:
31
32
33       *.sif               Singularity Image Format (SIF). Native to Singular‐
34       ity 3.0+
35
36
37       *.sqsh              SquashFS format.  Native to Singularity 2.4+
38
39
40       *.img               ext3 format. Native to Singularity versions < 2.4.
41
42
43       directory/          sandbox format. Directory containing a  valid  root
44       file
45                             system and optionally Singularity meta-data.
46
47
48       instance://*         A  local running instance of a container. (See the
49       instance
50                             command group.)
51
52
53       library://*         A SIF container hosted on a Library
54                             (default https://cloud.sylabs.io/library)
55
56
57       docker://*          A Docker/OCI container hosted on Docker Hub or  an‐
58       other
59                             OCI registry.
60
61
62       shub://*            A container hosted on Singularity Hub.
63
64
65       oras://*            A SIF container hosted on an OCI registry that sup‐
66       ports
67                             the OCI Registry As Storage (ORAS) specification.
68
69
70

OPTIONS

72       --add-caps=""      a comma separated capability list to add
73
74
75       --allow-setuid[=false]      allow setuid binaries  in  container  (root
76       only)
77
78
79       --app=""      set an application to run inside a container
80
81
82       --apply-cgroups=""      apply cgroups from file for container processes
83       (root only)
84
85
86       -B, --bind=[]      a user-bind path specification.  spec has the format
87       src[:dest[:opts]], where src and dest are outside and inside paths.  If
88       dest is not given, it is set equal to src.  Mount options ('opts')  may
89       be  specified as 'ro' (read-only) or 'rw' (read/write, which is the de‐
90       fault). Multiple bind paths can be given by a comma separated list.
91
92
93       -e, --cleanenv[=false]      clean environment before running container
94
95
96       -c, --contain[=false]      use minimal /dev and empty other directories
97       (e.g. /tmp and $HOME) instead of sharing filesystems from your host
98
99
100       -C,  --containall[=false]       contain not only file systems, but also
101       PID, IPC, and environment
102
103
104       --disable-cache[=false]      dont use cache, and dont create cache
105
106
107       --dns=""      list of DNS server separated by  commas  to  add  in  re‐
108       solv.conf
109
110
111       --docker-login[=false]      login to a Docker Repository interactively
112
113
114       --drop-caps=""      a comma separated capability list to drop
115
116
117       --env=[]      pass environment variable to contained process
118
119
120       --env-file=""       pass  environment  variables from file to contained
121       process
122
123
124       -f, --fakeroot[=false]      run container in new user namespace as  uid
125       0
126
127
128       --fusemount=[]       A  FUSE filesystem mount specification of the form
129       ': ' - where  is 'container' or 'host', specifying where the mount will
130       be  performed  ('container-daemon'  or  'host-daemon' will run the FUSE
131       process detached).  is the path to the FUSE  executable,  plus  options
132       for  the  mount.   is  the  location in the container to which the FUSE
133       mount will be attached. E.g. 'container:sshfs 10.0.0.1:/  /sshfs'.  Im‐
134       plies --pid.
135
136
137       -h, --help[=false]      help for run
138
139
140       -H,  --home="/builddir"       a home directory specification.  spec can
141       either be a src path or src:dest pair.  src is the source path  of  the
142       home directory outside the container and dest overrides the home direc‐
143       tory within the container.
144
145
146       --hostname=""      set container hostname
147
148
149       -i, --ipc[=false]      run container in a new IPC namespace
150
151
152       --keep-privs[=false]      let root user keep  privileges  in  container
153       (root only)
154
155
156       -n,  --net[=false]       run container in a new network namespace (sets
157       up a bridge network interface by default)
158
159
160       --network="bridge"      specify desired network type separated by  com‐
161       mas, each network will bring up a dedicated interface inside container
162
163
164       --network-args=[]      specify network arguments to pass to CNI plugins
165
166
167       --no-home[=false]       do  NOT  mount users home directory if /home is
168       not the current working directory
169
170
171       --no-init[=false]      do NOT start shim process with --pid
172
173
174       --no-mount=[]      disable one or more mount xxx options set in  singu‐
175       larity.conf
176
177
178       --no-privs[=false]       drop  all  privileges  from  root user in con‐
179       tainer)
180
181
182       --no-umask[=false]      do not propagate umask to  the  container,  set
183       default 0022 umask
184
185
186       --nohttps[=false]       do  NOT  use HTTPS with the docker:// transport
187       (useful for local docker registries without a certificate)
188
189
190       --nonet[=false]      disable VM network handling
191
192
193       --nv[=false]      enable experimental Nvidia support
194
195
196       -o, --overlay=[]      use an overlayFS image for persistent data  stor‐
197       age or as read-only layer of container
198
199
200       --passphrase[=false]      prompt for an encryption passphrase
201
202
203       --pem-path=""       enter  an path to a PEM formated RSA key for an en‐
204       crypted container
205
206
207       -p, --pid[=false]      run container in a new PID namespace
208
209
210       --pwd=""      initial working directory for payload process inside  the
211       container
212
213
214       --rocm[=false]      enable experimental Rocm support
215
216
217       -S,  --scratch=[]      include a scratch directory within the container
218       that is linked to a temporary dir (use -W to force location)
219
220
221       --security=[]      enable security features  (SELinux,  Apparmor,  Sec‐
222       comp)
223
224
225       -u, --userns[=false]      run container in a new user namespace, allow‐
226       ing Singularity to run completely unprivileged on recent kernels.  This
227       disables  some  features of Singularity, for example it only works with
228       sandbox images.
229
230
231       --uts[=false]      run container in a new UTS namespace
232
233
234       --vm[=false]      enable VM support
235
236
237       --vm-cpu="1"      number of CPU cores to allocate  to  Virtual  Machine
238       (implies --vm)
239
240
241       --vm-err[=false]      enable attaching stderr from VM
242
243
244       --vm-ip="dhcp"       IP Address to assign for container usage. Defaults
245       to DHCP within bridge network.
246
247
248       --vm-ram="1024"      amount of RAM in MiB to allocate  to  Virtual  Ma‐
249       chine (implies --vm)
250
251
252       -W,  --workdir=""       working directory to be used for /tmp, /var/tmp
253       and $HOME (if -c/--contain was also used)
254
255
256       -w, --writable[=false]      by default all Singularity  containers  are
257       available as read only. This option makes the file system accessible as
258       read/write.
259
260
261       --writable-tmpfs[=false]       makes  the  file  system  accessible  as
262       read-write with non persistent data (with overlay support only)
263
264
265

EXAMPLE

267                # Here we see that the runscript prints "Hello world: "
268                $ singularity exec /tmp/debian.sif cat /singularity
269                #!/bin/sh
270                echo "Hello world: "
271
272                # It runs with our inputs when we run the image
273                $ singularity run /tmp/debian.sif one two three
274                Hello world: one two three
275
276                # Note that this does the same thing
277                $ ./tmp/debian.sif one two three
278
279
280
281

SEE ALSO

283       singularity(1)
284
285
286

HISTORY

288       22-Jun-2022 Auto generated by spf13/cobra
289
290
291
292Auto generated by spf13/cobra      Jun 2022                     singularity(1)
Impressum