1apptainer(1)                                                      apptainer(1)
2
3
4

NAME

6       apptainer-shell - Run a shell within a container
7
8
9

SYNOPSIS

11       apptainer shell [shell options...]
12
13
14

DESCRIPTION

16       apptainer shell supports the following formats:
17
18
19       *.sif               Singularity Image Format (SIF). Native to Singular‐
20       ity (3.0+) and Apptainer (v1.0.0+)
21
22
23       *.sqsh              SquashFS format.  Native to Singularity 2.4+
24
25
26       *.img               ext3 format. Native to Singularity versions < 2.4.
27
28
29       directory/          sandbox format. Directory containing a  valid  root
30       file
31                             system and optionally Apptainer meta-data.
32
33
34       instance://*         A  local running instance of a container. (See the
35       instance
36                             command group.)
37
38
39       library://*         A SIF container hosted on a Library (no default)
40
41
42       docker://*          A Docker/OCI container hosted on Docker Hub or  an‐
43       other
44                             OCI registry.
45
46
47       shub://*            A container hosted on Singularity Hub.
48
49
50       oras://*            A SIF container hosted on an OCI registry that sup‐
51       ports
52                             the OCI Registry As Storage (ORAS) specification.
53
54
55

OPTIONS

57       --add-caps=""      a comma separated capability list to add
58
59
60       --allow-setuid[=false]      allow setuid binaries  in  container  (root
61       only)
62
63
64       --app=""      set an application to run inside a container
65
66
67       --apply-cgroups=""      apply cgroups from file for container processes
68       (root only)
69
70
71       -B, --bind=[]      a user-bind path specification.  spec has the format
72       src[:dest[:opts]], where src and dest are outside and inside paths.  If
73       dest is not given, it is set equal to src.  Mount options ('opts')  may
74       be  specified as 'ro' (read-only) or 'rw' (read/write, which is the de‐
75       fault). Multiple bind paths can be given by a comma separated list.
76
77
78       -e, --cleanenv[=false]      clean environment before running container
79
80
81       --compat[=false]      apply settings for increased OCI/Docker  compati‐
82       bility. Infers --containall, --no-init, --no-umask, --writable-tmpfs.
83
84
85       -c, --contain[=false]      use minimal /dev and empty other directories
86       (e.g. /tmp and $HOME) instead of sharing filesystems from your host
87
88
89       -C, --containall[=false]      contain not only file systems,  but  also
90       PID, IPC, and environment
91
92
93       --disable-cache[=false]      dont use cache, and dont create cache
94
95
96       --dns=""       list  of  DNS  server  separated by commas to add in re‐
97       solv.conf
98
99
100       --docker-login[=false]      login to a Docker Repository interactively
101
102
103       --drop-caps=""      a comma separated capability list to drop
104
105
106       --env=[]      pass environment variable to contained process
107
108
109       --env-file=""      pass environment variables from  file  to  contained
110       process
111
112
113       -f,  --fakeroot[=false]      run container in new user namespace as uid
114       0
115
116
117       --fusemount=[]      A FUSE filesystem mount specification of  the  form
118       ': ' - where  is 'container' or 'host', specifying where the mount will
119       be performed ('container-daemon' or 'host-daemon'  will  run  the  FUSE
120       process  detached).   is  the path to the FUSE executable, plus options
121       for the mount.  is the location in the  container  to  which  the  FUSE
122       mount  will  be attached. E.g. 'container:sshfs 10.0.0.1:/ /sshfs'. Im‐
123       plies --pid.
124
125
126       -h, --help[=false]      help for shell
127
128
129       -H, --home="/builddir"      a home directory specification.   spec  can
130       either  be  a src path or src:dest pair.  src is the source path of the
131       home directory outside the container and dest overrides the home direc‐
132       tory within the container.
133
134
135       --hostname=""      set container hostname
136
137
138       -i, --ipc[=false]      run container in a new IPC namespace
139
140
141       --keep-privs[=false]       let  root  user keep privileges in container
142       (root only)
143
144
145       --mount=[]      a mount specification e.g.  'type=bind,source=/opt,des‐
146       tination=/hostopt'.
147
148
149       -n,  --net[=false]       run container in a new network namespace (sets
150       up a bridge network interface by default)
151
152
153       --network="bridge"      specify desired network type separated by  com‐
154       mas, each network will bring up a dedicated interface inside container
155
156
157       --network-args=[]      specify network arguments to pass to CNI plugins
158
159
160       --no-home[=false]       do  NOT  mount users home directory if /home is
161       not the current working directory
162
163
164       --no-https[=false]      use http instead of https for docker:// oras://
165       and library:///... URIs
166
167
168       --no-init[=false]      do NOT start shim process with --pid
169
170
171       --no-mount=[]       disable  one  or more mount xxx options set in app‐
172       tainer.conf
173
174
175       --no-privs[=false]      drop all privileges  from  root  user  in  con‐
176       tainer)
177
178
179       --no-umask[=false]       do  not  propagate umask to the container, set
180       default 0022 umask
181
182
183       --nv[=false]      enable Nvidia support
184
185
186       --nvccli[=false]      use nvidia-container-cli for GPU  setup  (experi‐
187       mental)
188
189
190       -o,  --overlay=[]      use an overlayFS image for persistent data stor‐
191       age or as read-only layer of container
192
193
194       --passphrase[=false]      prompt for an encryption passphrase
195
196
197       --pem-path=""      enter an path to a PEM formatted RSA key for an  en‐
198       crypted container
199
200
201       -p, --pid[=false]      run container in a new PID namespace
202
203
204       --pwd=""       initial working directory for payload process inside the
205       container
206
207
208       --rocm[=false]      enable experimental Rocm support
209
210
211       -S, --scratch=[]      include a scratch directory within the  container
212       that is linked to a temporary dir (use -W to force location)
213
214
215       --security=[]       enable  security  features (SELinux, Apparmor, Sec‐
216       comp)
217
218
219       -s, --shell=""      path to program to use for interactive shell
220
221
222       --syos[=false]      execute SyOS shell
223
224
225       -u, --userns[=false]      run container in a new user namespace, allow‐
226       ing  Apptainer  to  run completely unprivileged on recent kernels. This
227       disables some features of Apptainer, for example  it  only  works  with
228       sandbox images.
229
230
231       --uts[=false]      run container in a new UTS namespace
232
233
234       --vm[=false]      enable VM support
235
236
237       --vm-cpu="1"       number  of  CPU cores to allocate to Virtual Machine
238       (implies --vm)
239
240
241       --vm-err[=false]      enable attaching stderr from VM
242
243
244       --vm-ip="dhcp"      IP Address to assign for container usage.  Defaults
245       to DHCP within bridge network.
246
247
248       --vm-ram="1024"       amount  of  RAM in MiB to allocate to Virtual Ma‐
249       chine (implies --vm)
250
251
252       -W, --workdir=""      working directory to be used for  /tmp,  /var/tmp
253       and $HOME (if -c/--contain was also used)
254
255
256       -w,  --writable[=false]       by  default  all Apptainer containers are
257       available as read only. This option makes the file system accessible as
258       read/write.
259
260
261       --writable-tmpfs[=false]      makes the file system accessible as read-
262       write with non persistent data (with overlay support only)
263
264
265

EXAMPLE

267                $ apptainer shell /tmp/Debian.sif
268                Apptainer/Debian.sif> pwd
269                /home/gmk/test
270                Apptainer/Debian.sif> exit
271
272                $ apptainer shell -C /tmp/Debian.sif
273                Apptainer/Debian.sif> pwd
274                /home/gmk
275                Apptainer/Debian.sif> ls -l
276                total 0
277                Apptainer/Debian.sif> exit
278
279                $ sudo apptainer shell -w /tmp/Debian.sif
280                $ sudo apptainer shell --writable /tmp/Debian.sif
281
282                $ apptainer shell instance://my_instance
283
284                $ apptainer shell instance://my_instance
285                Apptainer: Invoking an interactive shell within container...
286                Apptainer container:~> ps -ef
287                UID        PID  PPID  C STIME TTY          TIME CMD
288                ubuntu       1     0  0 20:00 ?        00:00:00 /usr/local/bin/apptainer/bin/sinit
289                ubuntu       2     0  0 20:01 pts/8    00:00:00 /bin/bash --norc
290                ubuntu       3     2  0 20:02 pts/8    00:00:00 ps -ef
291
292
293
294

SEE ALSO

296       apptainer(1)
297
298
299

HISTORY

301       22-Jun-2022 Auto generated by spf13/cobra
302
303
304
305Auto generated by spf13/cobra      Jun 2022                       apptainer(1)
Impressum