sandbox always writable?

[Tom Cook]

Hi, 

I am currently on singularity 2.4-dist working on a mac through vagrant. 

I've been building some basic images in sandbox mode and I find that when I shell into them, changes are persistent, even though i am not running singularity with the --writable flag. This is contrary to the documentation. Is this new behavior or a bug, or am I just missing something?

Singularity bootstrap file: 

bootstrap:docker

From:ruby:2.4-alpine

%setup 

mkdir -p ${SINGULARITY_ROOTFS}/work

cp Gemfile ${SINGULARITY_ROOTFS}/work/Gemfile

%files

landing/Gemfile /work

%post

apk add --update alpine-sdk

cd /work

chmod -R ugo+rwx /work

%runscript

BACK=$PWD

export BACK

cd /work

rake deploy local

echo 'deployed'

Steps to reproduce:

1. build with `singularity build --sandbox singularity.img Singularity`

2. access this image with `singularity shell singularity.img`

3. make changes (for example `touch /working/aaa', or 'touch /aaa')

4. exit the image with 'exit'

5. re-enter the image and check to see if the changed files persist

[Gregory M. Kurtzer]

Hi Tom,

I am not able to reproduce, can anyone else?

BTW, this might make better sense as a GitHub issue so we can track it better.

Thanks!

Greg

--
You received this message because you are subscribed to the Google Groups "singularity" group.
To unsubscribe from this group and stop receiving emails from it, send an email to singularity+unsubscribe@lbl.gov.

--

Gregory M. Kurtzer

CEO, Sylabs Inc.

[Sylvain Robitaille]

On Wed, 29 Nov 2017, Tom Cook wrote:

> I've been building some basic images in sandbox mode and I find that
> when I shell into them, changes are persistent, even though i am not
> running singularity with the --writable flag. This is contrary to the
> documentation. Is this new behavior or a bug, or am I just missing
> something?

> ...

> Steps to reproduce:
> 1. build with `singularity build --sandbox singularity.img Singularity`

> ...

I might be missing something, as I'm still very new to Singularity, but
http://singularity.lbl.gov/docs-build-container tells us:

Formats types can be specified by passing the following options to
build.
...
* writable (ch)root directory called a sandbox for interactive
development (--sandbox option)

As I understand it, the behaviour you're seeing is consistent with
the documentation.

I hope that helps ...

--
----------------------------------------------------------------------
Sylvain Robitaille s...@encs.concordia.ca

Systems analyst / AITS Concordia University
Faculty of Engineering and Computer Science Montreal, Quebec, Canada
----------------------------------------------------------------------

[Jeff Kriske]

This is the exact behavior I experienced as well previously but after removing /usr/local/libexec/singularity and reinstalling I couldn't reproduce the behavior. 

To unsubscribe from this group and stop receiving emails from it, send an email to singularity...@lbl.gov.

[Tom Cook]

I do not think this is expected. As mentioned further down that same docs page: 

 If you wanted to create a container within a writable directory (called a sandbox) you could do so with the --sandboxoption. [...] The resulting directory operates just like a container in an image file. You are permitted to make changes and write files within the directory, but those changes will not persist when you are finished using the container. 

My understanding is that, for changes to be persistent, the `--writable` flag must be used when executing `singularity shell`.

-- 

tom cook 

[Jeff Kriske]

Yes, that's right.

Did you by any chance install over an older version or forget to run make clean before compiling a new version? 

If you remove the version you have, clean, and rebuild it, do you still get the behavior? Like I mentioned it happened to me but at the time I was switching between dev and release-2.4 branches quite often so I might not have been diligent. 

I prefer when bugs are reproducible so I wish I knew the exact conditions which had caused the behavior in the first place.

[Tom Cook]

So, here is the vagrant script I use to build the vm that hosts singularity on my laptop:

```

# -*- mode: ruby -*-

# vi: set ft=ruby :

VAGRANTFILE_API_VERSION = "2"

$script = <<SCRIPT

SINGULARITY_VERSION=2.4

FILE=/usr/local/bin/singularity

if [ ! -f $FILE ]; then

sudo apt-get update

sudo apt-get install -y squashfs-tools

sudo apt-get install -y  gcc build-essential python

wget https://github.com/singularityware/singularity/releases/download/$SINGULARITY_VERSION/singularity-$SINGULARITY_VERSION.tar.gz

tar xvf singularity-$SINGULARITY_VERSION.tar.gz

cd singularity-$SINGULARITY_VERSION

./configure --prefix=/usr/local

sudo make

sudo make install

fi

SCRIPT

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|

  config.vm.box = "ubuntu/trusty64"

  config.vm.provision 'second',  type:'shell', inline: $script, preserve_order:true

  config.vm.provider "virtualbox" do |vb|

    vb.customize ["modifyvm", :id, "--memory", "2048"]

  end

end

```

From what I gather, the base box (trusty) does not have singularity pre-installed, and the install of singularity from git seems pretty vanilla to me. 

I've destroyed the box and rebuilt it and I still get the same persistence in changes as described above...

-- 

tom cook

[Jeff Kriske]

Wow, I tried this while explicitly installing libtool, autoconf, and automake plus making sure to run ./autogen.sh before the configure step and I was able to recreate the behavior you're seeing 100% of the time with 2.4 and 2.4.2

However, when I used the newer Xenial64 image it worked as it should...

[Gregory M. Kurtzer]

If this is a bug, can we get it posted to our GitHub issue tracker and tagged as a bug?

Thanks!

--

You received this message because you are subscribed to the Google Groups "singularity" group.

To unsubscribe from this group and stop receiving emails from it, send an email to singularity+unsubscribe@lbl.gov.

[Jeff Kriske]

Hey Greg, I've opened an issue and documented it at https://github.com/singularityware/singularity/issues/1225

To unsubscribe from this group and stop receiving emails from it, send an email to singularity...@lbl.gov.