1apptainer(1) apptainer(1)
2
3
4
6 apptainer-run - Run the user-defined default command within a container
7
8
9
11 apptainer run [run options...]
12
13
14
16 This command will launch an Apptainer container and execute a runscript
17 if one is defined for that container. The runscript is a metadata
18 file within
19 the container that contains shell commands. If the file is present
20 (and
21 executable) then this command will execute that file within the con‐
22 tainer
23 automatically. All arguments following the container name will be
24 passed
25 directly to the runscript.
26
27
28 apptainer run accepts the following container formats:
29
30
31 *.sif Singularity Image Format (SIF). Native to Singular‐
32 ity (3.0+) and Apptainer (v1.0.0+)
33
34
35 *.sqsh SquashFS format. Native to Singularity 2.4+
36
37
38 *.img ext3 format. Native to Singularity versions < 2.4.
39
40
41 directory/ sandbox format. Directory containing a valid root
42 file
43 system and optionally Apptainer meta-data.
44
45
46 instance://* A local running instance of a container. (See the
47 instance
48 command group.)
49
50
51 library://* A SIF container hosted on a Library (no default)
52
53
54 docker://* A Docker/OCI container hosted on Docker Hub or an‐
55 other
56 OCI registry.
57
58
59 shub://* A container hosted on Singularity Hub.
60
61
62 oras://* A SIF container hosted on an OCI registry that sup‐
63 ports
64 the OCI Registry As Storage (ORAS) specification.
65
66
67
69 --add-caps="" a comma separated capability list to add
70
71
72 --allow-setuid[=false] allow setuid binaries in container (root
73 only)
74
75
76 --app="" set an application to run inside a container
77
78
79 --apply-cgroups="" apply cgroups from file for container processes
80 (root only)
81
82
83 -B, --bind=[] a user-bind path specification. spec has the format
84 src[:dest[:opts]], where src and dest are outside and inside paths. If
85 dest is not given, it is set equal to src. Mount options ('opts') may
86 be specified as 'ro' (read-only) or 'rw' (read/write, which is the de‐
87 fault). Multiple bind paths can be given by a comma separated list.
88
89
90 -e, --cleanenv[=false] clean environment before running container
91
92
93 --compat[=false] apply settings for increased OCI/Docker compati‐
94 bility. Infers --containall, --no-init, --no-umask, --writable-tmpfs.
95
96
97 -c, --contain[=false] use minimal /dev and empty other directories
98 (e.g. /tmp and $HOME) instead of sharing filesystems from your host
99
100
101 -C, --containall[=false] contain not only file systems, but also
102 PID, IPC, and environment
103
104
105 --disable-cache[=false] dont use cache, and dont create cache
106
107
108 --dns="" list of DNS server separated by commas to add in re‐
109 solv.conf
110
111
112 --docker-login[=false] login to a Docker Repository interactively
113
114
115 --drop-caps="" a comma separated capability list to drop
116
117
118 --env=[] pass environment variable to contained process
119
120
121 --env-file="" pass environment variables from file to contained
122 process
123
124
125 -f, --fakeroot[=false] run container in new user namespace as uid
126 0
127
128
129 --fusemount=[] A FUSE filesystem mount specification of the form
130 ': ' - where is 'container' or 'host', specifying where the mount will
131 be performed ('container-daemon' or 'host-daemon' will run the FUSE
132 process detached). is the path to the FUSE executable, plus options
133 for the mount. is the location in the container to which the FUSE
134 mount will be attached. E.g. 'container:sshfs 10.0.0.1:/ /sshfs'. Im‐
135 plies --pid.
136
137
138 -h, --help[=false] help for run
139
140
141 -H, --home="/builddir" a home directory specification. spec can
142 either be a src path or src:dest pair. src is the source path of the
143 home directory outside the container and dest overrides the home direc‐
144 tory within the container.
145
146
147 --hostname="" set container hostname
148
149
150 -i, --ipc[=false] run container in a new IPC namespace
151
152
153 --keep-privs[=false] let root user keep privileges in container
154 (root only)
155
156
157 --mount=[] a mount specification e.g. 'type=bind,source=/opt,des‐
158 tination=/hostopt'.
159
160
161 -n, --net[=false] run container in a new network namespace (sets
162 up a bridge network interface by default)
163
164
165 --network="bridge" specify desired network type separated by com‐
166 mas, each network will bring up a dedicated interface inside container
167
168
169 --network-args=[] specify network arguments to pass to CNI plugins
170
171
172 --no-home[=false] do NOT mount users home directory if /home is
173 not the current working directory
174
175
176 --no-https[=false] use http instead of https for docker:// oras://
177 and library:///... URIs
178
179
180 --no-init[=false] do NOT start shim process with --pid
181
182
183 --no-mount=[] disable one or more mount xxx options set in app‐
184 tainer.conf
185
186
187 --no-privs[=false] drop all privileges from root user in con‐
188 tainer)
189
190
191 --no-umask[=false] do not propagate umask to the container, set
192 default 0022 umask
193
194
195 --nv[=false] enable Nvidia support
196
197
198 --nvccli[=false] use nvidia-container-cli for GPU setup (experi‐
199 mental)
200
201
202 -o, --overlay=[] use an overlayFS image for persistent data stor‐
203 age or as read-only layer of container
204
205
206 --passphrase[=false] prompt for an encryption passphrase
207
208
209 --pem-path="" enter an path to a PEM formatted RSA key for an en‐
210 crypted container
211
212
213 -p, --pid[=false] run container in a new PID namespace
214
215
216 --pwd="" initial working directory for payload process inside the
217 container
218
219
220 --rocm[=false] enable experimental Rocm support
221
222
223 -S, --scratch=[] include a scratch directory within the container
224 that is linked to a temporary dir (use -W to force location)
225
226
227 --security=[] enable security features (SELinux, Apparmor, Sec‐
228 comp)
229
230
231 -u, --userns[=false] run container in a new user namespace, allow‐
232 ing Apptainer to run completely unprivileged on recent kernels. This
233 disables some features of Apptainer, for example it only works with
234 sandbox images.
235
236
237 --uts[=false] run container in a new UTS namespace
238
239
240 --vm[=false] enable VM support
241
242
243 --vm-cpu="1" number of CPU cores to allocate to Virtual Machine
244 (implies --vm)
245
246
247 --vm-err[=false] enable attaching stderr from VM
248
249
250 --vm-ip="dhcp" IP Address to assign for container usage. Defaults
251 to DHCP within bridge network.
252
253
254 --vm-ram="1024" amount of RAM in MiB to allocate to Virtual Ma‐
255 chine (implies --vm)
256
257
258 -W, --workdir="" working directory to be used for /tmp, /var/tmp
259 and $HOME (if -c/--contain was also used)
260
261
262 -w, --writable[=false] by default all Apptainer containers are
263 available as read only. This option makes the file system accessible as
264 read/write.
265
266
267 --writable-tmpfs[=false] makes the file system accessible as read-
268 write with non persistent data (with overlay support only)
269
270
271
273 # Here we see that the runscript prints "Hello world: "
274 $ apptainer exec /tmp/debian.sif cat /apptainer
275 #!/bin/sh
276 echo "Hello world: "
277
278 # It runs with our inputs when we run the image
279 $ apptainer run /tmp/debian.sif one two three
280 Hello world: one two three
281
282 # Note that this does the same thing
283 $ ./tmp/debian.sif one two three
284
285
286
287
289 apptainer(1)
290
291
292
294 22-Jun-2022 Auto generated by spf13/cobra
295
296
297
298Auto generated by spf13/cobra Jun 2022 apptainer(1)