--contain, --containall, and --cleanenv

535 views
Skip to first unread message

Ben Fulton

unread,
Sep 20, 2018, 9:14:12 AM9/20/18
to singularity
One of our systems has a default PYTHONPATH set, which causes problems with containers being able to run Python scripts correctly. I assume the correct solution is to use one of these flags, but could I get some details on exactly what each one does? The documentation states

  • –contain: Contain suggests that we want to better isolate the container runtime from the host. Adding the --contain flag will use minimal /dev and empty other directories (e.g., /tmp).
  • –containall: In addition to what is provided with --contain (filesystems) also contain PID, IPC, and environment.
  • –cleanenv: Clean the environment before running the container.
What does it mean to "clean the environment"? What are "empty other directories"? Does containall actually clear all environment variables?

Thanks,

--

Ben Fulton

Research Technologies

Scientific Applications and Performance Tuning

Indiana University

Tyler Trafford

unread,
Sep 20, 2018, 1:56:27 PM9/20/18
to singu...@lbl.gov
This doesn't answer your question, but you can run python with "python -Es" if you want it to ignore all PYTHON* variables and the user's site packages (~/.local/lib/python*, usually).

-Tyler


--
You received this message because you are subscribed to the Google Groups "singularity" group.
To unsubscribe from this group and stop receiving emails from it, send an email to singularity...@lbl.gov.


--
Tyler Trafford

Dave Godlove

unread,
Sep 20, 2018, 4:46:17 PM9/20/18
to singu...@lbl.gov
Hi Ben,

Empty other directories means that Singularity will create new empty directories and bind them overtop of the directories that would normally be automatically bind mounted into the container.  For instance /tmp is normally bind mounted into the container by default.  If you use ls /tmp inside of a container you will normally see everything that is in there from the host.  If you use the --contain flag it will be empty.

The --cleanenv will set up a minimal environment for your container to run in.  Check the output of env inside the container with and without that flag.   

Dave

To unsubscribe from this group and stop receiving emails from it, send an email to singularity+unsubscribe@lbl.gov.


--
Tyler Trafford

--
You received this message because you are subscribed to the Google Groups "singularity" group.
To unsubscribe from this group and stop receiving emails from it, send an email to singularity+unsubscribe@lbl.gov.



--
Dave Godlove
Engineering Coordinator, Sylabs Inc.
Reply all
Reply to author
Forward
0 new messages