--add-caps string
a comma separated capability list to add
--allow-setuid
allow setuid binaries in container (root only)
--app string
set an application to run inside a container
--apply-cgroups string
apply cgroups from file for container processes (root only)
--authfile string
Docker-style authentication file to use for writing/reading OCI registry credentials
-B, --bind strings
a user-bind path specification. spec has the format src[:dest[:opts]], where src and dest are
outside and inside paths. If dest is not given, it is set equal to src. Mount options ('opts') may
be specified as 'ro' (read-only) or 'rw' (read/write, which is the default). Multiple bind paths
can be given by a comma separated list.
--blkio-weight int
Block IO relative weight in range 10-1000, 0 to disable
--blkio-weight-device strings
Device specific block IO relative weight
--cdi-dirs strings
comma-separated list of directories in which CDI should look for device definition JSON files. If
omitted, default will be: /etc/cdi,/var/run/cdi
-e, --cleanenv
clean environment before running container
--compat
apply settings for increased OCI/Docker compatibility. Infers --containall, --no-init, --no-umask,
--no-eval, --writable-tmpfs.
-c, --contain
use minimal /dev and empty other directories (e.g. /tmp and $HOME) instead of sharing filesystems
from your host
-C, --containall
contain not only file systems, but also PID, IPC, and environment
--cpu-shares int
CPU shares for container (default -1)
--cpus string
Number of CPUs available to container
--cpuset-cpus string
List of host CPUs available to container
--cpuset-mems string
List of host memory nodes available to container
--cwd string
initial working directory for payload process inside the container (synonym for --pwd)
--device strings
fully-qualified CDI device name(s). A fully-qualified CDI device name consists of a VENDOR,
CLASS, and NAME, which are combined as follows: <VENDOR>/<CLASS>=<NAME> (e.g.
vendor.com/device=mydevice). Multiple fully-qualified CDI device names can be given as a comma
separated list.
--disable-cache
dont use cache, and dont create cache
--dns string
list of DNS server separated by commas to add in resolv.conf
--docker-host string
specify a custom Docker daemon host
--docker-login
login to a Docker Repository interactively
--drop-caps string
a comma separated capability list to drop
--env stringToString
pass environment variable to contained process (default [])
--env-file string
pass environment variables from file to contained process
-f, --fakeroot
run container in new user namespace as uid 0
--fusemount strings
A FUSE filesystem mount specification of the form '<type>:<fuse command> <mountpoint>' - where
<type> is 'container' or 'host', specifying where the mount will be performed ('container-daemon'
or 'host-daemon' will run the FUSE process detached). <fuse command> is the path to the FUSE
executable, plus options for the mount. <mountpoint> is the location in the container to which the
FUSE mount will be attached. E.g. 'container:sshfs 10.0.0.1:/ /sshfs'. Implies --pid.
-h, --help
help for run
-H, --home string
a home directory specification. spec can either be a src path or src:dest pair. src is the source
path of the home directory outside the container and dest overrides the home directory within the
container. (default "$HOME")
--hostname string
set container hostname. Infers --uts.
-i, --ipc
run container in a new IPC namespace
--keep-layers
Keep layers when creating an OCI-SIF. Do not squash to a single layer.
--keep-privs
let root user keep privileges in container (root only)
--memory string
Memory limit in bytes
--memory-reservation string
Memory soft limit in bytes
--memory-swap string
Swap limit, use -1 for unlimited swap
--mount stringArray
a mount specification e.g. 'type=bind,source=/opt,destination=/hostopt'.
-n, --net
run container in a new network namespace (sets up a bridge network interface by default)
--network string
specify desired network type separated by commas, each network will bring up a dedicated interface
inside container (default "bridge")
--network-args strings
specify network arguments to pass to CNI plugins
--no-compat
(--oci mode) do not apply settings for increased OCI/Docker compatibility. Emulate native runtime
defaults without --contain etc.
--no-eval
do not shell evaluate env vars or OCI container CMD/ENTRYPOINT/ARGS
--no-home
do NOT mount users home directory if /home is not the current working directory
--no-https
use http instead of https for docker:// oras:// and library://<hostname>/... URIs
--no-init
do NOT start shim process with --pid--no-mount strings
disable one or more 'mount xxx' options set in singularity.conf, specify absolute destination path
to disable a bind path entry, or 'bind-paths' to disable all bind path entries.
--no-oci
Launch container with native runtime
--no-pid
do not run container in a new PID namespace
--no-privs
drop all privileges in container (root only in non-OCI mode)
--no-setgroups
disable setgroups when entering --fakeroot user namespace
--no-tmp-sandbox
Prohibits unpacking of images into temporary sandbox dirs
--no-umask
do not propagate umask to the container, set default 0022 umask
--nv enable Nvidia support
--nvccli
use nvidia-container-cli for GPU setup (experimental)
--oci Launch container with OCI runtime (experimental)
--oom-kill-disable
Disable OOM killer
-o, --overlay strings
use an overlayFS image for persistent data storage or as read-only layer of container
--passphrase
prompt for an encryption passphrase
--pem-path string
enter an path to a PEM formatted RSA key for an encrypted container
-p, --pid
run container in a new PID namespace
--pids-limit int
Limit number of container PIDs, use -1 for unlimited
--rocm enable experimental Rocm support
-S, --scratch strings
include a scratch directory within the container that is linked to a temporary dir (use -W to
force location)
--security strings
enable security features (SELinux, Apparmor, Seccomp)
--tmp-sandbox
Forces unpacking of images into temporary sandbox dirs when a kernel or FUSE mount would otherwise
be used.
-u, --userns
run container in a new user namespace, allowing Singularity to run completely unprivileged on
recent kernels. This disables some features of Singularity, for example it only works with sandbox
images.
--uts run container in a new UTS namespace
-W, --workdir string
working directory to be used for /tmp and /var/tmp (if -c/--contain was also used)
-w, --writable
by default all Singularity containers are available as read only. This option makes the file
system accessible as read/write.
--writable-tmpfs
makes the file system accessible as read-write with non persistent data (with overlay support
only)
Install Now
PNG Icons
