Official Web Site: https://sylabs.io/singularity/
Documentation: https://sylabs.io/guides/3.4/user-guide/
Singularity container is for running Linux OS and the security model is mainly targeted for users running applications in high-performance computing environment. The version we examined is 3.4.1, which is the latest version during the testing time, October 2019. Requirement for testing is only a laptop running Linux OS. The installation is tested on a Ubuntu 18.04 host. Singular security model is to allow untrusted users to run untrusted containers. Singularity does not need sudo privileges to run a container, but in order to build a container with writeable images you do need sudo privileges. This means an existing container from Docker will run as it is, but if you want to build a container yourself then you need sudo privilege.
1. Install Dependencies
sudo yum update -y && \sudo yum groupinstall -y 'Development Tools' && \ sudo yum install -y \openssl-devel \libuuid-devel \libseccomp-devel \wget \squashfs-tools2. Install Go
export VERSION=1.12 OS=linux ARCH=amd64 && \ wget https://dl.google.com/go/go$VERSION.$OS-$ARCH.tar.gz && \ sudo tar -C /usr/local -xzvf go$VERSION.$OS-$ARCH.tar.gz && \ rm go$VERSION.$OS-$ARCH.tar.gz3. Add Go to the PATH
echo 'export GOPATH=${HOME}/go' >> ~/.bashrc && \ echo 'export PATH=/usr/local/go/bin:${PATH}:${GOPATH}/bin' >> ~/.bashrc && \ source ~/.bashrc4. Download Singularity latest release:
export VERSION=3.4.2 && # adjust this as necessary \ wget https://github.com/sylabs/singularity/releases/download/v${VERSION}/singularity-${VERSION}.tar.gz && \ tar -xzf singularity-${VERSION}.tar.gz && \ cd singularity5. Install any missing packages
sudo yum -y install cryptsetup6. Compile Singularity
./mconfig && make -C ./builddir && sudo make -C ./builddir installWhen the singularity containers are built the builder can add default run commands using runscripts as shown below in the def file.
%runscript echo "Hello World!" echo "Arguments received: $*" exec echo "$@"Put the container in a directory in your home directory. This is done with --sandbox option.
Now you are inside the container
You can see that apt-get upgrade command failing. Now let us do the same commands with sudo option after removing the previous directory.
Now you can see that apt-get upgrade command works. If you do an ls -ltR / then you can see some files are owned by root and some file are owned by the user. Now you can build a new sif file using the build command for the files in the ubuntu directory.
If you try apt-get update here the command will fail. This is to demonstrate the difference between a privileged creating the container as opposed to regular user creating the container.
Save the text below as my_ubuntu.def in a file
-----------------------------------------------------------------------------
Bootstrap: libraryFrom: ubuntu:18.04Stage: build-----------------------------------------------------------------------------------------------------
1. sudo /usr/local/bin/singularity build --notest my_ubuntu.sif my_ubuntu.def2. singularity test my_ubuntu.sif3. singularity exec my_ubuntu.sif env | grep -E 'LISTEN_PORT|LC_ALL'4. singularity instance start my_ubuntu.sif instance15. lsof | grep LISTEN6. ./my_ubuntu.sif7. ./my_ubuntu.sif this that and the other8. singularity inspect my_ubuntu.sif9. singularity run-help my_ubuntu.sif