1singularity(1) singularity(1)
2
3
4
6 singularity-run - Run the user-defined default command within a con‐
7 tainer
8
9
10
12 singularity run [run options...]
13
14
15
17 This command will launch a Singularity container and execute a run‐
18 script
19 if one is defined for that container. The runscript is a metadata
20 file within
21 the container that contains shell commands. If the file is present
22 (and
23 executable) then this command will execute that file within the con‐
24 tainer
25 automatically. All arguments following the container name will be
26 passed
27 directly to the runscript.
28
29
30 singularity run accepts the following container formats:
31
32
33 *.sif Singularity Image Format (SIF). Native to Singular‐
34 ity 3.0+
35
36
37 *.sqsh SquashFS format. Native to Singularity 2.4+
38
39
40 *.img ext3 format. Native to Singularity versions < 2.4.
41
42
43 directory/ sandbox format. Directory containing a valid root
44 file
45 system and optionally Singularity meta-data.
46
47
48 instance://* A local running instance of a container. (See the
49 instance
50 command group.)
51
52
53 library://* A SIF container hosted on a Library
54 (default https://cloud.sylabs.io/library)
55
56
57 docker://* A Docker/OCI container hosted on Docker Hub or an‐
58 other
59 OCI registry.
60
61
62 shub://* A container hosted on Singularity Hub.
63
64
65 oras://* A SIF container hosted on an OCI registry that sup‐
66 ports
67 the OCI Registry As Storage (ORAS) specification.
68
69
70
72 --add-caps="" a comma separated capability list to add
73
74
75 --allow-setuid[=false] allow setuid binaries in container (root
76 only)
77
78
79 --app="" set an application to run inside a container
80
81
82 --apply-cgroups="" apply cgroups from file for container processes
83 (root only)
84
85
86 -B, --bind=[] a user-bind path specification. spec has the format
87 src[:dest[:opts]], where src and dest are outside and inside paths. If
88 dest is not given, it is set equal to src. Mount options ('opts') may
89 be specified as 'ro' (read-only) or 'rw' (read/write, which is the de‐
90 fault). Multiple bind paths can be given by a comma separated list.
91
92
93 -e, --cleanenv[=false] clean environment before running container
94
95
96 -c, --contain[=false] use minimal /dev and empty other directories
97 (e.g. /tmp and $HOME) instead of sharing filesystems from your host
98
99
100 -C, --containall[=false] contain not only file systems, but also
101 PID, IPC, and environment
102
103
104 --disable-cache[=false] dont use cache, and dont create cache
105
106
107 --dns="" list of DNS server separated by commas to add in re‐
108 solv.conf
109
110
111 --docker-login[=false] login to a Docker Repository interactively
112
113
114 --drop-caps="" a comma separated capability list to drop
115
116
117 --env=[] pass environment variable to contained process
118
119
120 --env-file="" pass environment variables from file to contained
121 process
122
123
124 -f, --fakeroot[=false] run container in new user namespace as uid
125 0
126
127
128 --fusemount=[] A FUSE filesystem mount specification of the form
129 ': ' - where is 'container' or 'host', specifying where the mount will
130 be performed ('container-daemon' or 'host-daemon' will run the FUSE
131 process detached). is the path to the FUSE executable, plus options
132 for the mount. is the location in the container to which the FUSE
133 mount will be attached. E.g. 'container:sshfs 10.0.0.1:/ /sshfs'. Im‐
134 plies --pid.
135
136
137 -h, --help[=false] help for run
138
139
140 -H, --home="/builddir" a home directory specification. spec can
141 either be a src path or src:dest pair. src is the source path of the
142 home directory outside the container and dest overrides the home direc‐
143 tory within the container.
144
145
146 --hostname="" set container hostname
147
148
149 -i, --ipc[=false] run container in a new IPC namespace
150
151
152 --keep-privs[=false] let root user keep privileges in container
153 (root only)
154
155
156 -n, --net[=false] run container in a new network namespace (sets
157 up a bridge network interface by default)
158
159
160 --network="bridge" specify desired network type separated by com‐
161 mas, each network will bring up a dedicated interface inside container
162
163
164 --network-args=[] specify network arguments to pass to CNI plugins
165
166
167 --no-home[=false] do NOT mount users home directory if /home is
168 not the current working directory
169
170
171 --no-init[=false] do NOT start shim process with --pid
172
173
174 --no-mount=[] disable one or more mount xxx options set in singu‐
175 larity.conf
176
177
178 --no-privs[=false] drop all privileges from root user in con‐
179 tainer)
180
181
182 --no-umask[=false] do not propagate umask to the container, set
183 default 0022 umask
184
185
186 --nohttps[=false] do NOT use HTTPS with the docker:// transport
187 (useful for local docker registries without a certificate)
188
189
190 --nonet[=false] disable VM network handling
191
192
193 --nv[=false] enable experimental Nvidia support
194
195
196 -o, --overlay=[] use an overlayFS image for persistent data stor‐
197 age or as read-only layer of container
198
199
200 --passphrase[=false] prompt for an encryption passphrase
201
202
203 --pem-path="" enter an path to a PEM formated RSA key for an en‐
204 crypted container
205
206
207 -p, --pid[=false] run container in a new PID namespace
208
209
210 --pwd="" initial working directory for payload process inside the
211 container
212
213
214 --rocm[=false] enable experimental Rocm support
215
216
217 -S, --scratch=[] include a scratch directory within the container
218 that is linked to a temporary dir (use -W to force location)
219
220
221 --security=[] enable security features (SELinux, Apparmor, Sec‐
222 comp)
223
224
225 -u, --userns[=false] run container in a new user namespace, allow‐
226 ing Singularity to run completely unprivileged on recent kernels. This
227 disables some features of Singularity, for example it only works with
228 sandbox images.
229
230
231 --uts[=false] run container in a new UTS namespace
232
233
234 --vm[=false] enable VM support
235
236
237 --vm-cpu="1" number of CPU cores to allocate to Virtual Machine
238 (implies --vm)
239
240
241 --vm-err[=false] enable attaching stderr from VM
242
243
244 --vm-ip="dhcp" IP Address to assign for container usage. Defaults
245 to DHCP within bridge network.
246
247
248 --vm-ram="1024" amount of RAM in MiB to allocate to Virtual Ma‐
249 chine (implies --vm)
250
251
252 -W, --workdir="" working directory to be used for /tmp, /var/tmp
253 and $HOME (if -c/--contain was also used)
254
255
256 -w, --writable[=false] by default all Singularity containers are
257 available as read only. This option makes the file system accessible as
258 read/write.
259
260
261 --writable-tmpfs[=false] makes the file system accessible as
262 read-write with non persistent data (with overlay support only)
263
264
265
267 # Here we see that the runscript prints "Hello world: "
268 $ singularity exec /tmp/debian.sif cat /singularity
269 #!/bin/sh
270 echo "Hello world: "
271
272 # It runs with our inputs when we run the image
273 $ singularity run /tmp/debian.sif one two three
274 Hello world: one two three
275
276 # Note that this does the same thing
277 $ ./tmp/debian.sif one two three
278
279
280
281
283 singularity(1)
284
285
286
288 26-May-2021 Auto generated by spf13/cobra
289
290
291
292Auto generated by spf13/cobra May 2021 singularity(1)