Run sudo command in container instance (Singularity 2.4)

[C. Sauvanaud]

Hi all,

I am currently unsuccessfully trying to start a service as root in a container instance I created from a docker image. 

The docker image actually contains a cloudera service that needs to be run as root.

I created and used the instance the following way, using Singularity 2.4:

$ singularity instance.start singularity_images/cloudera-manager-sudo.img manager
$ singularity instance.list
DAEMON NAME      PID      CONTAINER IMAGE
manager          51564    /home/xcsauvanaud/singularity_images/manager.img

$ singularity exec instance://manager su
Password: 
setgid: Operation not permitted

$ singularity exec instance://manager sudo service cloudera-scm-server start
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?

The same error as above is obtained while running: 

$ singularity run instance://manager

> sudo service cloudera-scm-server start

sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?

Note that I could not start the instance using sudo:

$ sudo singularity instance.start singularity_images/cloudera-manager-sudo.img manager
ERROR: Unknown command 'instance.start'

Also, I cannot run the instance in sudo:

$ sudo singularity run instance://manager
ABORT: Container image path is invalid: instance://manager

Is it possible to run command a command as root using instances in Singularity 2.4?

Thank you for your help!

Cheers,

Carla

[Rémy Dernat]

Hi,

FYI singularity matches users between the container and the host. If you run a container that needs to be root, you also need to be roor outside the container. This is due to security reasons.

Best regards,
Rémy

--
You received this message because you are subscribed to the Google Groups "singularity" group.
To unsubscribe from this group and stop receiving emails from it, send an email to singularity+unsubscribe@lbl.gov.

[Carla Sauvanaud]

Dear Rémy

Thank you for your prompt reply.

I was not clear because actually I tried to run it as root and the error is that the commands do not exist. 

As an example as gave in my last message:

$ sudo singularity instance.start singularity_images/cloudera-manager-sudo.img manager
ERROR: Unknown command 'instance.start'

A different example from the one I gave:

$ sudo su

$ singularity run instance://manager

ABORT: Container image path is invalid: instance://manager

Thank you,

Carla

To unsubscribe from this group and stop receiving emails from it, send an email to singularity...@lbl.gov.

[David Godlove]

Hi Carla,

I'm sorry that you ran into this, but I hope the fix is easy.  On some Linux distros (like Centos) the $PATH is sanitized when you run sudo as a security measure.  Can you locate the singularity binary like so:

which singularity

And then provide the full path to Singularity when you execute the instance.start command?

sudo /path/to/singularity instance.start singularity_images/cloudera-manager-sudo.img manager

To unsubscribe from this group and stop receiving emails from it, send an email to singularity...@lbl.gov.

--
You received this message because you are subscribed to the Google Groups "singularity" group.
To unsubscribe from this group and stop receiving emails from it, send an email to singularity+unsubscribe@lbl.gov.

--
You received this message because you are subscribed to the Google Groups "singularity" group.

To unsubscribe from this group and stop receiving emails from it, send an email to singularity+unsubscribe@lbl.gov.