why singularity can't save files in the /root/ directory inside images?

720 views
Skip to first unread message

zhenjin zhang

unread,
May 2, 2017, 10:59:25 AM5/2/17
to singularity
why singularity can't save files in the /root/ directory inside images?

Singularity.centos7.2-openmpi2.0.2-hpl.img> vi hpl
Singularity.centos7.2-openmpi2.0.2-hpl.img> exit
exit
[root@compute01 local]# singularity  shell -w -c  /opt/singularity-hpl-definitionfile/centos7.2-openmpi2.0.2-hpl.img
Singularity: Invoking an interactive shell within container...

Singularity.centos7.2-openmpi2.0.2-hpl.img> cd /root
Singularity.centos7.2-openmpi2.0.2-hpl.img> ls
Singularity.centos7.2-openmpi2.0.2-hpl.img> ls

fabio grasso

unread,
May 2, 2017, 11:28:35 AM5/2/17
to singularity
maybe "Singularity blocks privilege escalation within the container so if you want to be root inside the container, you first must be root outside the container."

zhenjin zhang

unread,
May 2, 2017, 11:39:51 AM5/2/17
to singularity
i already used root account on the host side. 
[root@compute01 local]# singularity  shell -w -c  /opt/singularity-hpl-definitionfile/centos7.2-openmpi2.0.2-hpl.img

在 2017年5月3日星期三 UTC+9上午12:28:35,fabio grasso写道:

Thomas Maier

unread,
May 2, 2017, 11:41:26 AM5/2/17
to singularity
Hi,

I think the problem is that you're using the --contain (or -c) option. It says here that changes with this option will not be persistent:


I think what you probably want to do is omitting -c, but you have to make sure that your singularity config doesn't bind mount home directories by default (I guess that's what you wanted to avoid). Otherwise you'll make changes in the /root directory of your host machine.

Cheers,

Thomas

zhenjin zhang

unread,
May 2, 2017, 11:56:29 AM5/2/17
to singularity
if i omit -c,the file will be saved to host side. but i want saved file to /root/ directory inside the singularity image.

在 2017年5月3日星期三 UTC+9上午12:41:26,Thomas Maier写道:

Thomas Maier

unread,
May 2, 2017, 12:20:24 PM5/2/17
to singularity
Hi,

that's what I meant when I said that you'd have to (temporarily) change the singularity config on your host machine. In "/etc/singularity/singularity.conf", change the line

  mount home = yes

to

  mount home = no

then /root inside the singularity session should not point to the directory on your host machine anymore.

I don't know if there is a more convenient way to circumvent the default bind mounting of the home directory, maybe somebody else has a better solution here.

Cheers,

Thomas

Chris Hines

unread,
May 2, 2017, 10:56:25 PM5/2/17
to singu...@lbl.gov
Hi,
Just though I would chime in,
with recent builds its also possible to use the -H flag to change the home directory bindings without editing the global config file.

I came across the need for this when converting a docker container to singularity where some clever devil had put all the interesting bits of code in /home (which was immediately hidden by the default singularity homedir bind). (Which I should turn into a feature request, that singularity import throw a warning message if the import stream contains files on /home, not to be a good citizen and find out where to submit feature requests ;-)

Cheers,
--
Chris.

--
You received this message because you are subscribed to the Google Groups "singularity" group.
To unsubscribe from this group and stop receiving emails from it, send an email to singularity+unsubscribe@lbl.gov.

Reply all
Reply to author
Forward
0 new messages