-
Notifications
You must be signed in to change notification settings - Fork 424
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Running singularity from within a singularity container #5348
Comments
Privileged singularity is never going to work inside of a singularity container, because singularity prevents it from happening for security reasons. Is enabling unprivileged user namespaces an option for you, and using a sandbox container (that is, unpacked in a directory tree) for the inner singularity invocation? If so you can run singularity unprivileged inside of another singularity container. |
Gosh, I could not follow up for more than 20 days, sorry. May I ask where I can find detailed documentation about |
See: https://sylabs.io/guides/3.5/admin-guide/user_namespace.html |
To be clear, I wasn't suggesting 2 different ways to get around the issue. You need both both unprivileged user namespaces and a sandbox container for the inner invocation. |
Dear all,
I am walking the first steps with singularity, and I have a use case I am not able to handle.
I am supporting a complex Jupyter environment with a Jupyter server and several backend kernels to connect to. Each component is a separate (conda) environment.
The Jupyter server starts one or more backend kernels on demand.
I am evaluating rebuilding the individual parts as containers.
For this to work I wish to run
singularity
from the Jupyter container:Unfortunately I am always having issues with suid when trying to run
singularity exec
from the first containeror
May anyone suggest a configuration to mount / or another directory (/opt, /usr/local) with suid, or any other approach to overcome this problem?
Many thanks
Version of Singularity:
What version of Singularity are you using? Run:
Expected behavior
What did you expect to see when you do...?
I would expect the following command to work from within a container
Actual behavior
What actually happend? Why was it incorrect?
I experience issues with root permissions and SUID
Steps to reproduce this behavior
How can others reproduce this issue/problem?
AFAIK this applies to any image by default. For instance,
What OS/distro are you running
The text was updated successfully, but these errors were encountered: