singularity

Download a remote image from Sylabs Cloud

$ singularity pull --name [image.sif] [library://godlovedc/funny/lolcow:latest]

$ singularity build [image.sif] [docker://godlovedc/lolcow]

$ singularity shell [image.sif]

$ singularity exec [image.sif] [command]

$ singularity run [image.sif]

$ sudo singularity build [image.sif] [recipe]

singularity [global options] <command> [command options] [arguments...]

Common commands include:
singularity run <container> [args...] — Executes the primary runscript within a container.
singularity exec <container> <command> [args...] — Executes a specific command inside a container.
singularity shell <container> — Spawns an interactive shell within a container.
singularity build [build options] <output_file> <definition_file|uri> — Builds a container image.
singularity pull [pull options] <output_path> <URI> — Pulls an image from a container registry.

--debug
    Enable verbose debugging output.

--json
    Print output in JSON format.

--silent
    Only print errors.

--verbose
    Print more information to standard output.

--version
    Show version information and exit.

--help
    Show help for global options or a specific command.

-B, --bind <src>[:<dest>]
    Bind a file or directory from the host into the container (common for run, exec, shell).

--nv, --gpu
    Enable NVIDIA GPU support inside the container (common for run, exec, shell).

--writable
    Create a writable container (for run, exec, shell on SIF images, or during build).

--fakeroot
    Execute the container with 'fake' root privileges within the user namespace.

Singularity is a powerful container platform tailored for scientific and high-performance computing (HPC) environments. It enables users to package entire software stacks—applications, libraries, and data—into a single, portable file called a Singularity Image Format (SIF) file. This ensures consistent, reproducible execution across diverse computing infrastructures.

A core design principle of Singularity is its focus on security and unprivileged execution. Users can run containers without requiring root privileges on the host system, making it ideal for multi-user environments like HPC clusters. It seamlessly integrates with host resources such as GPUs, network interfaces, and file systems, providing native performance.

Singularity images can be built from various sources, including Docker images, OCI images, or custom definitions. This flexibility, combined with its emphasis on reproducibility and security, has made Singularity an indispensable tool for researchers and engineers sharing complex computational workflows.

While Singularity prioritizes security with its unprivileged execution model, it's important to understand its nuances. Images (especially SIF files) are typically read-only, which enhances reproducibility but means changes inside a running container are not persistent unless specific bind mounts or writable overlays are used. Building new images or modifying existing ones often still requires root privileges or a fakeroot environment. Furthermore, the performance of I/O operations can sometimes be impacted when running through the container layer compared to native execution, although this is generally minimal for CPU-bound tasks.

SIF is Singularity's default and recommended container image format. It is a single, cryptographically signed, read-only file that bundles the container filesystem and metadata. This format ensures immutability and simplifies distribution and verification, making it ideal for long-term reproducibility and secure sharing of computational environments.

A cornerstone of Singularity's design is its ability to allow users to run containers as themselves, without requiring root privileges. This is achieved through user namespaces and other Linux kernel features. This model significantly enhances security in multi-user HPC environments by preventing privilege escalation and maintaining host system integrity.

Singularity was initially developed by Gregory Kurtzer at the Lawrence Berkeley National Laboratory (LBNL) in 2015. Its primary motivation was to address the specific needs of scientific computing and HPC environments, focusing on security, reproducibility, and integration with existing cluster infrastructure. A key differentiator was its unprivileged execution model, allowing users to run containers without elevated permissions.

The project gained significant traction within the academic and research communities. In 2017, Kurtzer founded Sylabs to further develop and commercialize Singularity. In 2021, the core technology and open-source project were transitioned to the Linux Foundation and rebranded as Apptainer, with Singularity remaining a widely recognized name and the command often still aliased to it. This transition aimed to foster broader community collaboration and adoption.

docker(1) — Popular containerization platform, often used for development and web services., podman(1) — Daemonless container engine for developing, managing, and running OCI containers., chroot(1) — Changes the root directory for the current running process and its children, a fundamental concept underlying containerization.