Run the user-defined default command within a container
This command will launch a Singularity container and execute a runscript if one is defined for that container. The runscript is a metadata file within the container that contains shell commands. If the file is present (and executable) then this command will execute that file within the container automatically. All arguments following the container name will be passed directly to the runscript.
singularity run accepts the following container formats:
*.sif Singularity Image Format (SIF). Native to Singularity 3.0+
*.sqsh SquashFS format. Native to Singularity 2.4+
*.img ext3 format. Native to Singularity versions < 2.4.
- directory/ sandbox format. Directory containing a valid root file
- system and optionally Singularity meta-data.
- instance://* A local running instance of a container. (See the instance
- command group.)
- library://* A container hosted on a Library (default
docker://* A container hosted on Docker Hub
shub://* A container hosted on Singularity Hub
oras://* A container hosted on a supporting OCI registry
singularity run [run options...] <container>
# Here we see that the runscript prints "Hello world: " $ singularity exec /tmp/debian.sif cat /singularity #!/bin/sh echo "Hello world: " # It runs with our inputs when we run the image $ singularity run /tmp/debian.sif one two three Hello world: one two three # Note that this does the same thing $ ./tmp/debian.sif one two three
--add-caps string a comma separated capability list to add --allow-setuid allow setuid binaries in container (root only) --app string set an application to run inside a container --apply-cgroups string apply cgroups from file for container processes (root only) -B, --bind strings a user-bind path specification. spec has the format src[:dest[:opts]], where src and dest are outside and inside paths. If dest is not given, it is set equal to src. Mount options ('opts') may be specified as 'ro' (read-only) or 'rw' (read/write, which is the default). Multiple bind paths can be given by a comma separated list. -e, --cleanenv clean environment before running container -c, --contain use minimal /dev and empty other directories (e.g. /tmp and $HOME) instead of sharing filesystems from your host -C, --containall contain not only file systems, but also PID, IPC, and environment --dns string list of DNS server separated by commas to add in resolv.conf --docker-login login to a Docker Repository interactively --drop-caps string a comma separated capability list to drop -f, --fakeroot run container in new user namespace as uid 0 -h, --help help for run -H, --home string a home directory specification. spec can either be a src path or src:dest pair. src is the source path of the home directory outside the container and dest overrides the home directory within the container. (default "/root") --hostname string set container hostname -i, --ipc run container in a new IPC namespace --keep-privs let root user keep privileges in container (root only) -n, --net run container in a new network namespace (sets up a bridge network interface by default) --network string specify desired network type separated by commas, each network will bring up a dedicated interface inside container (default "bridge") --network-args strings specify network arguments to pass to CNI plugins --no-home do NOT mount users home directory if home is not the current working directory --no-init do NOT start shim process with --pid --no-nv --no-privs drop all privileges from root user in container) --nohttps do NOT use HTTPS, for communicating with local docker registry --nv enable experimental Nvidia support -o, --overlay strings use an overlayFS image for persistent data storage or as read-only layer of container -p, --pid run container in a new PID namespace --pwd string initial working directory for payload process inside the container -S, --scratch strings include a scratch directory within the container that is linked to a temporary dir (use -W to force location) --security strings enable security features (SELinux, Apparmor, Seccomp) -u, --userns run container in a new user namespace, allowing Singularity to run completely unprivileged on recent kernels. This disables some features of Singularity, for example it only works with sandbox images. --uts run container in a new UTS namespace --vm enable VM support --vm-cpu string Number of CPU cores to allocate to Virtual Machine (implies --vm) (default "1") --vm-err enable attaching stderr from VM --vm-ram string Amount of RAM in MiB to allocate to Virtual Machine (implies --vm) (default "1024") -W, --workdir string working directory to be used for /tmp, /var/tmp and $HOME (if -c/--contain was also used) -w, --writable by default all Singularity containers are available as read only. This option makes the file system accessible as read/write. --writable-tmpfs makes the file system accessible as read-write with non persistent data (with overlay support only)