1singularity(1) singularity(1)
2
3
4
6 singularity-exec - Run a command within a container
7
8
9
11 singularity exec [exec options...]
12
13
14
16 singularity exec supports the following formats:
17
18
19 *.sif Singularity Image Format (SIF). Native to Singular‐
20 ity 3.0+
21
22
23 *.sqsh SquashFS format. Native to Singularity 2.4+
24
25
26 *.img ext3 format. Native to Singularity versions < 2.4.
27
28
29 directory/ sandbox format. Directory containing a valid root
30 file
31 system and optionally Singularity meta-data.
32
33
34 instance://* A local running instance of a container. (See the
35 instance
36 command group.)
37
38
39 library://* A SIF container hosted on a Library
40 (default https://cloud.sylabs.io/library)
41
42
43 docker://* A Docker/OCI container hosted on Docker Hub or
44 another
45 OCI registry.
46
47
48 shub://* A container hosted on Singularity Hub.
49
50
51 oras://* A SIF container hosted on an OCI registry that sup‐
52 ports
53 the OCI Registry As Storage (ORAS) specification.
54
55
56
58 --add-caps="" a comma separated capability list to add
59
60
61 --allow-setuid[=false] allow setuid binaries in container (root
62 only)
63
64
65 --app="" set an application to run inside a container
66
67
68 --apply-cgroups="" apply cgroups from file for container processes
69 (root only)
70
71
72 -B, --bind=[] a user-bind path specification. spec has the format
73 src[:dest[:opts]], where src and dest are outside and inside paths. If
74 dest is not given, it is set equal to src. Mount options ('opts') may
75 be specified as 'ro' (read-only) or 'rw' (read/write, which is the
76 default). Multiple bind paths can be given by a comma separated list.
77
78
79 -e, --cleanenv[=false] clean environment before running container
80
81
82 -c, --contain[=false] use minimal /dev and empty other directories
83 (e.g. /tmp and $HOME) instead of sharing filesystems from your host
84
85
86 -C, --containall[=false] contain not only file systems, but also
87 PID, IPC, and environment
88
89
90 --disable-cache[=false] dont use cache, and dont create cache
91
92
93 --dns="" list of DNS server separated by commas to add in
94 resolv.conf
95
96
97 --docker-login[=false] login to a Docker Repository interactively
98
99
100 --drop-caps="" a comma separated capability list to drop
101
102
103 --env=[] pass environment variable to contained process
104
105
106 --env-file="" pass environment variables from file to contained
107 process
108
109
110 -f, --fakeroot[=false] run container in new user namespace as uid
111 0
112
113
114 --fusemount=[] A FUSE filesystem mount specification of the form
115 ': ' - where is 'container' or 'host', specifying where the mount will
116 be performed ('container-daemon' or 'host-daemon' will run the FUSE
117 process detached). is the path to the FUSE executable, plus options
118 for the mount. is the location in the container to which the FUSE
119 mount will be attached. E.g. 'container:sshfs 10.0.0.1:/ /sshfs'.
120 Implies --pid.
121
122
123 -h, --help[=false] help for exec
124
125
126 -H, --home="/builddir" a home directory specification. spec can
127 either be a src path or src:dest pair. src is the source path of the
128 home directory outside the container and dest overrides the home direc‐
129 tory within the container.
130
131
132 --hostname="" set container hostname
133
134
135 -i, --ipc[=false] run container in a new IPC namespace
136
137
138 --keep-privs[=false] let root user keep privileges in container
139 (root only)
140
141
142 -n, --net[=false] run container in a new network namespace (sets
143 up a bridge network interface by default)
144
145
146 --network="bridge" specify desired network type separated by com‐
147 mas, each network will bring up a dedicated interface inside container
148
149
150 --network-args=[] specify network arguments to pass to CNI plugins
151
152
153 --no-home[=false] do NOT mount users home directory if /home is
154 not the current working directory
155
156
157 --no-init[=false] do NOT start shim process with --pid
158
159
160 --no-mount=[] disable one or more mount xxx options set in singu‐
161 larity.conf
162
163
164 --no-privs[=false] drop all privileges from root user in con‐
165 tainer)
166
167
168 --no-umask[=false] do not propagate umask to the container, set
169 default 0022 umask
170
171
172 --nohttps[=false] do NOT use HTTPS with the docker:// transport
173 (useful for local docker registries without a certificate)
174
175
176 --nonet[=false] disable VM network handling
177
178
179 --nv[=false] enable experimental Nvidia support
180
181
182 -o, --overlay=[] use an overlayFS image for persistent data stor‐
183 age or as read-only layer of container
184
185
186 --passphrase[=false] prompt for an encryption passphrase
187
188
189 --pem-path="" enter an path to a PEM formated RSA key for an
190 encrypted container
191
192
193 -p, --pid[=false] run container in a new PID namespace
194
195
196 --pwd="" initial working directory for payload process inside the
197 container
198
199
200 --rocm[=false] enable experimental Rocm support
201
202
203 -S, --scratch=[] include a scratch directory within the container
204 that is linked to a temporary dir (use -W to force location)
205
206
207 --security=[] enable security features (SELinux, Apparmor, Sec‐
208 comp)
209
210
211 -u, --userns[=false] run container in a new user namespace, allow‐
212 ing Singularity to run completely unprivileged on recent kernels. This
213 disables some features of Singularity, for example it only works with
214 sandbox images.
215
216
217 --uts[=false] run container in a new UTS namespace
218
219
220 --vm[=false] enable VM support
221
222
223 --vm-cpu="1" number of CPU cores to allocate to Virtual Machine
224 (implies --vm)
225
226
227 --vm-err[=false] enable attaching stderr from VM
228
229
230 --vm-ip="dhcp" IP Address to assign for container usage. Defaults
231 to DHCP within bridge network.
232
233
234 --vm-ram="1024" amount of RAM in MiB to allocate to Virtual
235 Machine (implies --vm)
236
237
238 -W, --workdir="" working directory to be used for /tmp, /var/tmp
239 and $HOME (if -c/--contain was also used)
240
241
242 -w, --writable[=false] by default all Singularity containers are
243 available as read only. This option makes the file system accessible as
244 read/write.
245
246
247 --writable-tmpfs[=false] makes the file system accessible as
248 read-write with non persistent data (with overlay support only)
249
250
251
253 $ singularity exec /tmp/debian.sif cat /etc/debian_version
254 $ singularity exec /tmp/debian.sif python ./hello_world.py
255 $ cat hello_world.py | singularity exec /tmp/debian.sif python
256 $ sudo singularity exec --writable /tmp/debian.sif apt-get update
257 $ singularity exec instance://my_instance ps -ef
258 $ singularity exec library://centos cat /etc/os-release
259
260
261
262
264 singularity(1)
265
266
267
269 11-Mar-2021 Auto generated by spf13/cobra
270
271
272
273Auto generated by spf13/cobra Mar 2021 singularity(1)