1apptainer(1) apptainer(1)
2
6 apptainer-shell - Run a shell within a container
7
11 apptainer shell [shell options...]
12
16 apptainer shell supports the following formats:
17 *.sif Singularity Image Format (SIF). Native to Singular‐
20 ity
21 (3.0+) and Apptainer (v1.0.0+)
22 *.sqsh SquashFS format. Native to Singularity 2.4+
25 *.img ext3 format. Native to Singularity versions < 2.4.
28 directory/ sandbox format. Directory containing a valid root
31 file
32 system and optionally Apptainer meta-data.
33 instance://* A local running instance of a container. (See the
36 instance
37 command group.)
38 library://* A SIF container hosted on a Library (no default)
41 docker://* A Docker/OCI container hosted on Docker Hub or an‐
44 other
45 OCI registry.
46 shub://* A container hosted on Singularity Hub.
49 oras://* A SIF container hosted on an OCI registry that sup‐
52 ports
53 the OCI Registry As Storage (ORAS) specification.
54
58 --add-caps="" a comma separated capability list to add
59 --allow-setuid[=false] allow setuid binaries in container (root
62 only)
63 --app="" set an application to run inside a container
66 --apply-cgroups="" apply cgroups from file for container processes
69 (root only)
70 -B, --bind=[] a user-bind path specification. spec has the format
73 src[:dest[:opts]], where src and dest are outside and inside paths. If
74 dest is not given, it is set equal to src. Mount options ('opts') may
75 be specified as 'ro' (read-only) or 'rw' (read/write, which is the de‐
76 fault). Multiple bind paths can be given by a comma separated list.
77 --blkio-weight=0 Block IO relative weight in range 10-1000, 0 to
80 disable
81 --blkio-weight-device=[] Device specific block IO relative weight
84 -e, --cleanenv[=false] clean environment before running container
87 --compat[=false] apply settings for increased OCI/Docker compati‐
90 bility. Infers --containall, --no-init, --no-umask, --no-eval,
91 --writable-tmpfs.
92 -c, --contain[=false] use minimal /dev and empty other directories
95 (e.g. /tmp and $HOME) instead of sharing filesystems from your host
96 -C, --containall[=false] contain not only file systems, but also
99 PID, IPC, and environment
100 --cpu-shares=-1 CPU shares for container
103 --cpus="" Number of CPUs available to container
106 --cpuset-cpus="" List of host CPUs available to container
109 --cpuset-mems="" List of host memory nodes available to container
112 --disable-cache[=false] do not use or create cache
115 --dns="" list of DNS server separated by commas to add in re‐
118 solv.conf
119 --docker-host="" specify a custom Docker daemon host
122 --docker-login[=false] login to a Docker Repository interactively
125 --drop-caps="" a comma separated capability list to drop
128 --env=[] pass environment variable to contained process
131 --env-file="" pass environment variables from file to contained
134 process
135 -f, --fakeroot[=false] run container with the appearance of run‐
138 ning as root
139 --fusemount=[] A FUSE filesystem mount specification of the form
142 ': ' - where is 'container' or 'host', specifying where the mount will
143 be performed ('container-daemon' or 'host-daemon' will run the FUSE
144 process detached). is the path to the FUSE executable, plus options
145 for the mount. is the location in the container to which the FUSE
146 mount will be attached. E.g. 'container:sshfs 10.0.0.1:/ /sshfs'. Im‐
147 plies --pid.
148 -h, --help[=false] help for shell
151 -H, --home="/builddir" a home directory specification. spec can
154 either be a src path or src:dest pair. src is the source path of the
155 home directory outside the container and dest overrides the home direc‐
156 tory within the container.
157 --hostname="" set container hostname
160 -i, --ipc[=false] run container in a new IPC namespace
163 --keep-privs[=false] let root user keep privileges in container
166 (root only)
167 --memory="" Memory limit in bytes
170 --memory-reservation="" Memory soft limit in bytes
173 --memory-swap="" Swap limit, use -1 for unlimited swap
176 --mount=[] a mount specification e.g. 'type=bind,source=/opt,des‐
179 tination=/hostopt'.
180 -n, --net[=false] run container in a new network namespace (sets
183 up a bridge network interface by default)
184 --network="" specify desired network type separated by commas,
187 each network will bring up a dedicated interface inside container
188 --network-args=[] specify network arguments to pass to CNI plugins
191 --no-eval[=false] do not shell evaluate env vars or OCI container
194 CMD/ENTRYPOINT/ARGS
195 --no-home[=false] do NOT mount users home directory if /home is
198 not the current working directory
199 --no-https[=false] use http instead of https for docker:// oras://
202 and library:///... URIs
203 --no-init[=false] do NOT start shim process with --pid
206 --no-mount=[] disable one or more 'mount xxx' options set in app‐
209 tainer.conf and/or specify absolute destination path to disable a bind
210 path entry, or 'bind-paths' to disable all bind path entries.
211 --no-privs[=false] drop all privileges from root user in con‐
214 tainer)
215 --no-umask[=false] do not propagate umask to the container, set
218 default 0022 umask
219 --nv[=false] enable Nvidia support
222 --nvccli[=false] use nvidia-container-cli for GPU setup (experi‐
225 mental)
226 --oom-kill-disable[=false] Disable OOM killer
229 -o, --overlay=[] use an overlayFS image for persistent data stor‐
232 age or as read-only layer of container
233 --passphrase[=false] prompt for an encryption passphrase
236 --pem-path="" enter an path to a PEM formatted RSA key for an en‐
239 crypted container
240 -p, --pid[=false] run container in a new PID namespace
243 --pids-limit=0 Limit number of container PIDs, use -1 for unlim‐
246 ited
247 --pwd="" initial working directory for payload process inside the
250 container
251 --rocm[=false] enable experimental Rocm support
254 -S, --scratch=[] include a scratch directory within the container
257 that is linked to a temporary dir (use -W to force location)
258 --security=[] enable security features (SELinux, Apparmor, Sec‐
261 comp)
262 -s, --shell="" path to program to use for interactive shell
265 --syos[=false] execute SyOS shell
268 --underlay[=false] use underlay
271 --unsquash[=false] Convert SIF file to temporary sandbox before
274 running
275 -u, --userns[=false] run container in a new user namespace
278 --uts[=false] run container in a new UTS namespace
281 --vm[=false] enable VM support
284 --vm-cpu="1" number of CPU cores to allocate to Virtual Machine
287 (implies --vm)
288 --vm-err[=false] enable attaching stderr from VM
291 --vm-ip="dhcp" IP Address to assign for container usage. Defaults
294 to DHCP within bridge network.
295 --vm-ram="1024" amount of RAM in MiB to allocate to Virtual Ma‐
298 chine (implies --vm)
299 -W, --workdir="" working directory to be used for /tmp, /var/tmp
302 and $HOME (if -c/--contain was also used)
303 -w, --writable[=false] by default all Apptainer containers are
306 available as read only. This option makes the file system accessible as
307 read/write.
308 --writable-tmpfs[=false] makes the file system accessible as read-
311 write with non persistent data (with overlay support only)
312
316 $ apptainer shell /tmp/Debian.sif
317 Apptainer/Debian.sif> pwd
318 /home/gmk/test
319 Apptainer/Debian.sif> exit
320 $ apptainer shell -C /tmp/Debian.sif
322 Apptainer/Debian.sif> pwd
323 /home/gmk
324 Apptainer/Debian.sif> ls -l
325 total 0
326 Apptainer/Debian.sif> exit
327 $ sudo apptainer shell -w /tmp/Debian.sif
329 $ sudo apptainer shell --writable /tmp/Debian.sif
330 $ apptainer shell instance://my_instance
332 $ apptainer shell instance://my_instance
334 Apptainer: Invoking an interactive shell within container...
335 Apptainer container:~> ps -ef
336 UID PID PPID C STIME TTY TIME CMD
337 ubuntu 1 0 0 20:00 ? 00:00:00 /usr/local/bin/apptainer/bin/appinit
338 ubuntu 2 0 0 20:01 pts/8 00:00:00 /bin/bash --norc
339 ubuntu 3 2 0 20:02 pts/8 00:00:00 ps -ef
340
345 apptainer(1)
346
350 22-Nov-2023 Auto generated by spf13/cobra
351Auto generated by spf13/cobra Nov 2023 apptainer(1)