singularity exec

Run a command within a container

Synopsis

singularity exec supports the following formats:

*.sif Singularity Image Format (SIF). Native to Singularity 3.0+

*.sqsh SquashFS format. Native to Singularity 2.4+

*.img ext3 format. Native to Singularity versions < 2.4.

directory/ sandbox format. Directory containing a valid root file
system and optionally Singularity meta-data.
instance://* A local running instance of a container. (See the instance
command group.)
library://* A container hosted on a Library (default
https://cloud.sylabs.io/library)

docker://* A container hosted on Docker Hub

shub://* A container hosted on Singularity Hub

oras://* A container hosted on a supporting OCI registry

singularity exec [exec options...] <container> <command>

Examples

$ singularity exec /tmp/debian.sif cat /etc/debian_version
$ singularity exec /tmp/debian.sif python ./hello_world.py
$ cat hello_world.py | singularity exec /tmp/debian.sif python
$ sudo singularity exec --writable /tmp/debian.sif apt-get update
$ singularity exec instance://my_instance ps -ef
$ singularity exec library://centos cat /etc/os-release

Options

    --add-caps string        a comma separated capability list to add
    --allow-setuid           allow setuid binaries in container (root only)
    --app string             set an application to run inside a container
    --apply-cgroups string   apply cgroups from file for container processes (root only)
-B, --bind strings           a user-bind path specification.  spec has the format src[:dest[:opts]], where src and dest are outside and inside paths.  If dest is not given, it is set equal to src.  Mount options ('opts') may be specified as 'ro' (read-only) or 'rw' (read/write, which is the default). Multiple bind paths can be given by a comma separated list.
-e, --cleanenv               clean environment before running container
-c, --contain                use minimal /dev and empty other directories (e.g. /tmp and $HOME) instead of sharing filesystems from your host
-C, --containall             contain not only file systems, but also PID, IPC, and environment
    --disable-cache          dont use cache, and dont create cache
    --dns string             list of DNS server separated by commas to add in resolv.conf
    --docker-login           login to a Docker Repository interactively
    --drop-caps string       a comma separated capability list to drop
-f, --fakeroot               run container in new user namespace as uid 0
-h, --help                   help for exec
-H, --home string            a home directory specification.  spec can either be a src path or src:dest pair.  src is the source path of the home directory outside the container and dest overrides the home directory within the container. (default "/home/dave")
    --hostname string        set container hostname
-i, --ipc                    run container in a new IPC namespace
    --keep-privs             let root user keep privileges in container (root only)
-n, --net                    run container in a new network namespace (sets up a bridge network interface by default)
    --network string         specify desired network type separated by commas, each network will bring up a dedicated interface inside container (default "bridge")
    --network-args strings   specify network arguments to pass to CNI plugins
    --no-home                do NOT mount users home directory if home is not the current working directory
    --no-init                do NOT start shim process with --pid
    --no-nv
    --no-privs               drop all privileges from root user in container)
    --nohttps                do NOT use HTTPS, for communicating with local docker registry
    --nonet                  Disable VM network handling
    --nv                     enable experimental Nvidia support
-o, --overlay strings        use an overlayFS image for persistent data storage or as read-only layer of container
    --passphrase             Enter a passphrase for an encrypted contaner
    --pem-path string        Enter an path to a PEM formated RSA key for an encrypted container
-p, --pid                    run container in a new PID namespace
    --pwd string             initial working directory for payload process inside the container
-S, --scratch strings        include a scratch directory within the container that is linked to a temporary dir (use -W to force location)
    --security strings       enable security features (SELinux, Apparmor, Seccomp)
-u, --userns                 run container in a new user namespace, allowing Singularity to run completely unprivileged on recent kernels. This disables some features of Singularity, for example it only works with sandbox images.
    --uts                    run container in a new UTS namespace
    --vm                     enable VM support
    --vm-cpu string          Number of CPU cores to allocate to Virtual Machine (implies --vm) (default "1")
    --vm-err                 enable attaching stderr from VM
    --vm-ip string           IP Address to assign for container usage. Defaults to DHCP within bridge network. (default "dhcp")
    --vm-ram string          Amount of RAM in MiB to allocate to Virtual Machine (implies --vm) (default "1024")
-W, --workdir string         working directory to be used for /tmp, /var/tmp and $HOME (if -c/--contain was also used)
-w, --writable               by default all Singularity containers are available as read only. This option makes the file system accessible as read/write.
    --writable-tmpfs         makes the file system accessible as read-write with non persistent data (with overlay support only)

SEE ALSO

Linux container platform optimized for High Performance Computing (HPC) and Enterprise Performance Computing (EPC)

Auto generated by spf13/cobra on 15-Nov-2019