1apptainer(1) apptainer(1)
2
6 apptainer-run - Run the user-defined default command within a container
7
11 apptainer run [run options...] [args...]
12
16 This command will launch an Apptainer container and execute a runscript
17 if one is defined for that container. The runscript is a metadata
18 file within
19 the container that contains shell commands. If the file is present
20 (and
21 executable) then this command will execute that file within the con‐
22 tainer
23 automatically. All arguments following the container name will be
24 passed
25 directly to the runscript.
26 apptainer run accepts the following container formats:
29 *.sif Singularity Image Format (SIF). Native to Singular‐
32 ity
33 (3.0+) and Apptainer (v1.0.0+)
34 *.sqsh SquashFS format. Native to Singularity 2.4+
37 *.img ext3 format. Native to Singularity versions < 2.4.
40 directory/ sandbox format. Directory containing a valid root
43 file
44 system and optionally Apptainer meta-data.
45 instance://* A local running instance of a container. (See the
48 instance
49 command group.)
50 library://* A SIF container hosted on a Library (no default)
53 docker://* A Docker/OCI container hosted on Docker Hub or an‐
56 other
57 OCI registry.
58 shub://* A container hosted on Singularity Hub.
61 oras://* A SIF container hosted on an OCI registry that sup‐
64 ports
65 the OCI Registry As Storage (ORAS) specification.
66
70 --add-caps="" a comma separated capability list to add
71 --allow-setuid[=false] allow setuid binaries in container (root
74 only)
75 --app="" set an application to run inside a container
78 --apply-cgroups="" apply cgroups from file for container processes
81 (root only)
82 -B, --bind=[] a user-bind path specification. spec has the format
85 src[:dest[:opts]], where src and dest are outside and inside paths. If
86 dest is not given, it is set equal to src. Mount options ('opts') may
87 be specified as 'ro' (read-only) or 'rw' (read/write, which is the de‐
88 fault). Multiple bind paths can be given by a comma separated list.
89 --blkio-weight=0 Block IO relative weight in range 10-1000, 0 to
92 disable
93 --blkio-weight-device=[] Device specific block IO relative weight
96 -e, --cleanenv[=false] clean environment before running container
99 --compat[=false] apply settings for increased OCI/Docker compati‐
102 bility. Infers --containall, --no-init, --no-umask, --no-eval,
103 --writable-tmpfs.
104 -c, --contain[=false] use minimal /dev and empty other directories
107 (e.g. /tmp and $HOME) instead of sharing filesystems from your host
108 -C, --containall[=false] contain not only file systems, but also
111 PID, IPC, and environment
112 --cpu-shares=-1 CPU shares for container
115 --cpus="" Number of CPUs available to container
118 --cpuset-cpus="" List of host CPUs available to container
121 --cpuset-mems="" List of host memory nodes available to container
124 --disable-cache[=false] do not use or create cache
127 --dns="" list of DNS server separated by commas to add in re‐
130 solv.conf
131 --docker-host="" specify a custom Docker daemon host
134 --docker-login[=false] login to a Docker Repository interactively
137 --drop-caps="" a comma separated capability list to drop
140 --env=[] pass environment variable to contained process
143 --env-file="" pass environment variables from file to contained
146 process
147 -f, --fakeroot[=false] run container with the appearance of run‐
150 ning as root
151 --fusemount=[] A FUSE filesystem mount specification of the form
154 ': ' - where is 'container' or 'host', specifying where the mount will
155 be performed ('container-daemon' or 'host-daemon' will run the FUSE
156 process detached). is the path to the FUSE executable, plus options
157 for the mount. is the location in the container to which the FUSE
158 mount will be attached. E.g. 'container:sshfs 10.0.0.1:/ /sshfs'. Im‐
159 plies --pid.
160 -h, --help[=false] help for run
163 -H, --home="/builddir" a home directory specification. spec can
166 either be a src path or src:dest pair. src is the source path of the
167 home directory outside the container and dest overrides the home direc‐
168 tory within the container.
169 --hostname="" set container hostname
172 -i, --ipc[=false] run container in a new IPC namespace
175 --keep-privs[=false] let root user keep privileges in container
178 (root only)
179 --memory="" Memory limit in bytes
182 --memory-reservation="" Memory soft limit in bytes
185 --memory-swap="" Swap limit, use -1 for unlimited swap
188 --mount=[] a mount specification e.g. 'type=bind,source=/opt,des‐
191 tination=/hostopt'.
192 -n, --net[=false] run container in a new network namespace (sets
195 up a bridge network interface by default)
196 --network="" specify desired network type separated by commas,
199 each network will bring up a dedicated interface inside container
200 --network-args=[] specify network arguments to pass to CNI plugins
203 --no-eval[=false] do not shell evaluate env vars or OCI container
206 CMD/ENTRYPOINT/ARGS
207 --no-home[=false] do NOT mount users home directory if /home is
210 not the current working directory
211 --no-https[=false] use http instead of https for docker:// oras://
214 and library:///... URIs
215 --no-init[=false] do NOT start shim process with --pid
218 --no-mount=[] disable one or more 'mount xxx' options set in app‐
221 tainer.conf and/or specify absolute destination path to disable a bind
222 path entry, or 'bind-paths' to disable all bind path entries.
223 --no-privs[=false] drop all privileges from root user in con‐
226 tainer)
227 --no-umask[=false] do not propagate umask to the container, set
230 default 0022 umask
231 --nv[=false] enable Nvidia support
234 --nvccli[=false] use nvidia-container-cli for GPU setup (experi‐
237 mental)
238 --oom-kill-disable[=false] Disable OOM killer
241 -o, --overlay=[] use an overlayFS image for persistent data stor‐
244 age or as read-only layer of container
245 --passphrase[=false] prompt for an encryption passphrase
248 --pem-path="" enter an path to a PEM formatted RSA key for an en‐
251 crypted container
252 -p, --pid[=false] run container in a new PID namespace
255 --pids-limit=0 Limit number of container PIDs, use -1 for unlim‐
258 ited
259 --pwd="" initial working directory for payload process inside the
262 container
263 --rocm[=false] enable experimental Rocm support
266 -S, --scratch=[] include a scratch directory within the container
269 that is linked to a temporary dir (use -W to force location)
270 --security=[] enable security features (SELinux, Apparmor, Sec‐
273 comp)
274 --underlay[=false] use underlay
277 --unsquash[=false] Convert SIF file to temporary sandbox before
280 running
281 -u, --userns[=false] run container in a new user namespace
284 --uts[=false] run container in a new UTS namespace
287 --vm[=false] enable VM support
290 --vm-cpu="1" number of CPU cores to allocate to Virtual Machine
293 (implies --vm)
294 --vm-err[=false] enable attaching stderr from VM
297 --vm-ip="dhcp" IP Address to assign for container usage. Defaults
300 to DHCP within bridge network.
301 --vm-ram="1024" amount of RAM in MiB to allocate to Virtual Ma‐
304 chine (implies --vm)
305 -W, --workdir="" working directory to be used for /tmp, /var/tmp
308 and $HOME (if -c/--contain was also used)
309 -w, --writable[=false] by default all Apptainer containers are
312 available as read only. This option makes the file system accessible as
313 read/write.
314 --writable-tmpfs[=false] makes the file system accessible as read-
317 write with non persistent data (with overlay support only)
318
322 # Here we see that the runscript prints "Hello world: "
323 $ apptainer exec /tmp/debian.sif cat /apptainer
324 #!/bin/sh
325 echo "Hello world: "
326 # It runs with our inputs when we run the image
328 $ apptainer run /tmp/debian.sif one two three
329 Hello world: one two three
330 # Note that this does the same thing
332 $ ./tmp/debian.sif one two three
333
338 apptainer(1)
339
343 22-Nov-2023 Auto generated by spf13/cobra
344Auto generated by spf13/cobra Nov 2023 apptainer(1)