singularity run

Run the user-defined default command within a container


This command will launch a Singularity container and execute a runscript if one is defined for that container. The runscript is a metadata file within the container that contains shell commands. If the file is present (and executable) then this command will execute that file within the container automatically. All arguments following the container name will be passed directly to the runscript.

singularity run accepts the following container formats:

*.sif Singularity Image Format (SIF). Native to Singularity 3.0+

*.sqsh SquashFS format. Native to Singularity 2.4+

*.img ext3 format. Native to Singularity versions < 2.4.

directory/ sandbox format. Directory containing a valid root file
system and optionally Singularity meta-data.
instance://* A local running instance of a container. (See the instance
command group.)
library://* A container hosted on a Library (default

docker://* A container hosted on Docker Hub

shub://* A container hosted on Singularity Hub

oras://* A container hosted on a supporting OCI registry

singularity run [run options...] <container>


# Here we see that the runscript prints "Hello world: "
$ singularity exec /tmp/debian.sif cat /singularity
echo "Hello world: "

# It runs with our inputs when we run the image
$ singularity run /tmp/debian.sif one two three
Hello world: one two three

# Note that this does the same thing
$ ./tmp/debian.sif one two three


    --add-caps string        a comma separated capability list to add
    --allow-setuid           allow setuid binaries in container (root only)
    --app string             set an application to run inside a container
    --apply-cgroups string   apply cgroups from file for container processes (root only)
-B, --bind strings           a user-bind path specification.  spec has the format src[:dest[:opts]], where src and dest are outside and inside paths.  If dest is not given, it is set equal to src.  Mount options ('opts') may be specified as 'ro' (read-only) or 'rw' (read/write, which is the default). Multiple bind paths can be given by a comma separated list.
-e, --cleanenv               clean environment before running container
-c, --contain                use minimal /dev and empty other directories (e.g. /tmp and $HOME) instead of sharing filesystems from your host
-C, --containall             contain not only file systems, but also PID, IPC, and environment
    --dns string             list of DNS server separated by commas to add in resolv.conf
    --docker-login           login to a Docker Repository interactively
    --drop-caps string       a comma separated capability list to drop
-f, --fakeroot               run container in new user namespace as uid 0
-h, --help                   help for run
-H, --home string            a home directory specification.  spec can either be a src path or src:dest pair.  src is the source path of the home directory outside the container and dest overrides the home directory within the container. (default "/root")
    --hostname string        set container hostname
-i, --ipc                    run container in a new IPC namespace
    --keep-privs             let root user keep privileges in container (root only)
-n, --net                    run container in a new network namespace (sets up a bridge network interface by default)
    --network string         specify desired network type separated by commas, each network will bring up a dedicated interface inside container (default "bridge")
    --network-args strings   specify network arguments to pass to CNI plugins
    --no-home                do NOT mount users home directory if home is not the current working directory
    --no-init                do NOT start shim process with --pid
    --no-privs               drop all privileges from root user in container)
    --nohttps                do NOT use HTTPS, for communicating with local docker registry
    --nv                     enable experimental Nvidia support
-o, --overlay strings        use an overlayFS image for persistent data storage or as read-only layer of container
-p, --pid                    run container in a new PID namespace
    --pwd string             initial working directory for payload process inside the container
-S, --scratch strings        include a scratch directory within the container that is linked to a temporary dir (use -W to force location)
    --security strings       enable security features (SELinux, Apparmor, Seccomp)
-u, --userns                 run container in a new user namespace, allowing Singularity to run completely unprivileged on recent kernels. This disables some features of Singularity, for example it only works with sandbox images.
    --uts                    run container in a new UTS namespace
    --vm                     enable VM support
    --vm-cpu string          Number of CPU cores to allocate to Virtual Machine (implies --vm) (default "1")
    --vm-err                 enable attaching stderr from VM
    --vm-ram string          Amount of RAM in MiB to allocate to Virtual Machine (implies --vm) (default "1024")
-W, --workdir string         working directory to be used for /tmp, /var/tmp and $HOME (if -c/--contain was also used)
-w, --writable               by default all Singularity containers are available as read only. This option makes the file system accessible as read/write.
    --writable-tmpfs         makes the file system accessible as read-write with non persistent data (with overlay support only)


Linux container platform optimized for High Performance Computing (HPC) and Enterprise Performance Computing (EPC)

Auto generated by spf13/cobra on 26-Jul-2019