Package native implements a Launcher that will configure and launch a container with Singularity's own (native) runtime.

Package oci implements a Launcher that will configure and launch a container with an OCI runtime.

HidepidProc checks if hidepid is set on the /proc mount point.

OptAllowSUID permits setuid executables inside a container started by the root user.

OptAppName sets a SCIF application name to run.

OptBoot enables execution of /sbin/init on startup of an instance container.

OptCacheDisabled indicates caching of images was disabled in the CLI.

OptCaps sets capabilities to add and drop.

OptCdiDirs sets CDI spec search-directories to apply.

OptCgroupsJSON sets a Cgroups resource limit configuration to apply to the container.

OptConfigFile specifies an alternate singularity.conf that will be used by unprivileged installations only.

OptContain starts the container with minimal /dev and empty home/tmp mounts.

OptContainAll infers Contain, and adds PID, IPC namespaces, and CleanEnv.

OptContainLibs mounts specified libraries into the container .singularity.d/libs dir.

OptCwdPath specifies the initial working directory in the container.

OptDevice sets CDI device mappings to apply.

OptDNS sets a DNS entry for the container resolv.conf.

OptEnv sets container environment envFiles is a slice of paths to files container environment variables to set.

OptFakeroot enables the fake root mode, using user namespaces and subuid / subgid mapping.

OptHome sets the home directory configuration for the container.

OptHostname sets a hostname for the container (infers/requires UTS namespace).

OptKeepPrivs keeps all privileges inside a container started by the root user.

OptKeyInfo sets encryption key material to use when accessing an encrypted container image.

OptMounts sets user-requested mounts to propagate into the container.

OptNamespaces enable the individual kernel-support namespaces for the container.

OptJoinNetNamespace sets the network namespace to join, if permitted.

OptNetwork enables CNI networking.

OptNoCompat disable OCI compatible mode, for singularity native mode default behaviors.

OptNoEval disables shell evaluation of args and env vars.

OptNoInit disables shim process when PID namespace is used.

OptNoMount disables the specified bind mounts.

OptNoNvidia disables NVIDIA GPU support, even if enabled via singularity.conf.

OptNoPrivs drops all privileges inside a container.

OptNoRocm disables Rocm GPU support, even if enabled via singularity.conf.

OptNoSetgroups disables calling setgroups for the fakeroot user namespace.

OptNoTmpSandbox prohibits unpacking of images into temporary sandbox dirs.

OptNoUmask disables propagation of the host umask into the container, using a default 0022.

OptNvidia enables NVIDIA GPU support.

OptOverlayPaths sets overlay images and directories to apply to the container.

OptProot mounts specified proot executable into the container .singularity.d/libs dir.

OptRocm enable Rocm GPU support.

OptScratchDirs sets temporary host directories to create and bind into the container.

OptSecurity supplies a list of security options (selinux, apparmor, seccomp) to apply.

OptShellPath specifies a custom shell executable to be launched in the container.

OptSIFFuse enables FUSE mounting of a SIF image, if possible.

TmpSandbox forces unpacking of images into temporary sandbox dirs when a kernel or FUSE mount would otherwise be used.

OptTransportOptions sets Docker/OCI image transport options (auth etc.).

OptWorkDir sets the parent path for scratch directories, and contained home/tmp on the host.

OptWritable sets the container image to be writable.

OptWritableTmpFs applies an ephemeral writable overlay to the container.

WithPrivilege calls fn if cond is satisfied, and we are uid 0.

ExecParams specifies the image and process for a launcher to Exec.

MountSpecs holds the various kinds of mount specifications that can be a applied to a container.

Namespaces holds flags for the optional (non-mount) namespaces that can be requested for a container launch.

Options accumulates launch configuration from passed functional options.

Launcher is responsible for configuring and launching a container image.