1apptainer(1)                                                      apptainer(1)
2
3
4

NAME

6       apptainer-run - Run the user-defined default command within a container
7
8
9

SYNOPSIS

11       apptainer run [run options...]
12
13
14

DESCRIPTION

16       This command will launch an Apptainer container and execute a runscript
17         if  one  is  defined  for that container. The runscript is a metadata
18       file within
19         the container that contains shell commands. If the  file  is  present
20       (and
21         executable)  then this command will execute that file within the con‐
22       tainer
23         automatically. All arguments following the  container  name  will  be
24       passed
25         directly to the runscript.
26
27
28       apptainer run accepts the following container formats:
29
30
31       *.sif               Singularity Image Format (SIF). Native to Singular‐
32       ity (3.0+) and Apptainer (v1.0.0+)
33
34
35       *.sqsh              SquashFS format.  Native to Singularity 2.4+
36
37
38       *.img               ext3 format. Native to Singularity versions < 2.4.
39
40
41       directory/          sandbox format. Directory containing a  valid  root
42       file
43                             system and optionally Apptainer meta-data.
44
45
46       instance://*         A  local running instance of a container. (See the
47       instance
48                             command group.)
49
50
51       library://*         A SIF container hosted on a Library (no default)
52
53
54       docker://*          A Docker/OCI container hosted on Docker Hub or  an‐
55       other
56                             OCI registry.
57
58
59       shub://*            A container hosted on Singularity Hub.
60
61
62       oras://*            A SIF container hosted on an OCI registry that sup‐
63       ports
64                             the OCI Registry As Storage (ORAS) specification.
65
66
67

OPTIONS

69       --add-caps=""      a comma separated capability list to add
70
71
72       --allow-setuid[=false]      allow setuid binaries  in  container  (root
73       only)
74
75
76       --app=""      set an application to run inside a container
77
78
79       --apply-cgroups=""      apply cgroups from file for container processes
80       (root only)
81
82
83       -B, --bind=[]      a user-bind path specification.  spec has the format
84       src[:dest[:opts]], where src and dest are outside and inside paths.  If
85       dest is not given, it is set equal to src.  Mount options ('opts')  may
86       be  specified as 'ro' (read-only) or 'rw' (read/write, which is the de‐
87       fault). Multiple bind paths can be given by a comma separated list.
88
89
90       -e, --cleanenv[=false]      clean environment before running container
91
92
93       --compat[=false]      apply settings for increased OCI/Docker  compati‐
94       bility. Infers --containall, --no-init, --no-umask, --writable-tmpfs.
95
96
97       -c, --contain[=false]      use minimal /dev and empty other directories
98       (e.g. /tmp and $HOME) instead of sharing filesystems from your host
99
100
101       -C, --containall[=false]      contain not only file systems,  but  also
102       PID, IPC, and environment
103
104
105       --disable-cache[=false]      dont use cache, and dont create cache
106
107
108       --dns=""       list  of  DNS  server  separated by commas to add in re‐
109       solv.conf
110
111
112       --docker-login[=false]      login to a Docker Repository interactively
113
114
115       --drop-caps=""      a comma separated capability list to drop
116
117
118       --env=[]      pass environment variable to contained process
119
120
121       --env-file=""      pass environment variables from  file  to  contained
122       process
123
124
125       -f,  --fakeroot[=false]      run container in new user namespace as uid
126       0
127
128
129       --fusemount=[]      A FUSE filesystem mount specification of  the  form
130       ': ' - where  is 'container' or 'host', specifying where the mount will
131       be performed ('container-daemon' or 'host-daemon'  will  run  the  FUSE
132       process  detached).   is  the path to the FUSE executable, plus options
133       for the mount.  is the location in the  container  to  which  the  FUSE
134       mount  will  be attached. E.g. 'container:sshfs 10.0.0.1:/ /sshfs'. Im‐
135       plies --pid.
136
137
138       -h, --help[=false]      help for run
139
140
141       -H, --home="/builddir"      a home directory specification.   spec  can
142       either  be  a src path or src:dest pair.  src is the source path of the
143       home directory outside the container and dest overrides the home direc‐
144       tory within the container.
145
146
147       --hostname=""      set container hostname
148
149
150       -i, --ipc[=false]      run container in a new IPC namespace
151
152
153       --keep-privs[=false]       let  root  user keep privileges in container
154       (root only)
155
156
157       --mount=[]      a mount specification e.g.  'type=bind,source=/opt,des‐
158       tination=/hostopt'.
159
160
161       -n,  --net[=false]       run container in a new network namespace (sets
162       up a bridge network interface by default)
163
164
165       --network="bridge"      specify desired network type separated by  com‐
166       mas, each network will bring up a dedicated interface inside container
167
168
169       --network-args=[]      specify network arguments to pass to CNI plugins
170
171
172       --no-home[=false]       do  NOT  mount users home directory if /home is
173       not the current working directory
174
175
176       --no-https[=false]      use http instead of https for docker:// oras://
177       and library:///... URIs
178
179
180       --no-init[=false]      do NOT start shim process with --pid
181
182
183       --no-mount=[]       disable  one  or more mount xxx options set in app‐
184       tainer.conf
185
186
187       --no-privs[=false]      drop all privileges  from  root  user  in  con‐
188       tainer)
189
190
191       --no-umask[=false]       do  not  propagate umask to the container, set
192       default 0022 umask
193
194
195       --nv[=false]      enable Nvidia support
196
197
198       --nvccli[=false]      use nvidia-container-cli for GPU  setup  (experi‐
199       mental)
200
201
202       -o,  --overlay=[]      use an overlayFS image for persistent data stor‐
203       age or as read-only layer of container
204
205
206       --passphrase[=false]      prompt for an encryption passphrase
207
208
209       --pem-path=""      enter an path to a PEM formatted RSA key for an  en‐
210       crypted container
211
212
213       -p, --pid[=false]      run container in a new PID namespace
214
215
216       --pwd=""       initial working directory for payload process inside the
217       container
218
219
220       --rocm[=false]      enable experimental Rocm support
221
222
223       -S, --scratch=[]      include a scratch directory within the  container
224       that is linked to a temporary dir (use -W to force location)
225
226
227       --security=[]       enable  security  features (SELinux, Apparmor, Sec‐
228       comp)
229
230
231       -u, --userns[=false]      run container in a new user namespace, allow‐
232       ing  Apptainer  to  run completely unprivileged on recent kernels. This
233       disables some features of Apptainer, for example  it  only  works  with
234       sandbox images.
235
236
237       --uts[=false]      run container in a new UTS namespace
238
239
240       --vm[=false]      enable VM support
241
242
243       --vm-cpu="1"       number  of  CPU cores to allocate to Virtual Machine
244       (implies --vm)
245
246
247       --vm-err[=false]      enable attaching stderr from VM
248
249
250       --vm-ip="dhcp"      IP Address to assign for container usage.  Defaults
251       to DHCP within bridge network.
252
253
254       --vm-ram="1024"       amount  of  RAM in MiB to allocate to Virtual Ma‐
255       chine (implies --vm)
256
257
258       -W, --workdir=""      working directory to be used for  /tmp,  /var/tmp
259       and $HOME (if -c/--contain was also used)
260
261
262       -w,  --writable[=false]       by  default  all Apptainer containers are
263       available as read only. This option makes the file system accessible as
264       read/write.
265
266
267       --writable-tmpfs[=false]      makes the file system accessible as read-
268       write with non persistent data (with overlay support only)
269
270
271

EXAMPLE

273                # Here we see that the runscript prints "Hello world: "
274                $ apptainer exec /tmp/debian.sif cat /apptainer
275                #!/bin/sh
276                echo "Hello world: "
277
278                # It runs with our inputs when we run the image
279                $ apptainer run /tmp/debian.sif one two three
280                Hello world: one two three
281
282                # Note that this does the same thing
283                $ ./tmp/debian.sif one two three
284
285
286
287

SEE ALSO

289       apptainer(1)
290
291
292

HISTORY

294       22-Jun-2022 Auto generated by spf13/cobra
295
296
297
298Auto generated by spf13/cobra      Jun 2022                       apptainer(1)
Impressum