github.com/apptainer/singularity@v3.1.1+incompatible/etc/conf/testdata/test_3.in (about) 1 # SINGULARITY.CONF 2 # This is the global configuration file for Singularity. This file controls 3 # what the container is allowed to do on a particular host, and as a result 4 # this file must be owned by root. 5 6 7 # ALLOW SETUID: [BOOL] 8 # DEFAULT: yes 9 # Should we allow users to utilize the setuid program flow within Singularity? 10 # note1: This is the default mode, and to utilize all features, this option 11 # will need to be enabled. 12 # note2: If this option is disabled, it will rely on the user namespace 13 # exclusively which has not been integrated equally between the different 14 # Linux distributions. 15 allow setuid = yes 16 17 18 # MAX LOOP DEVICES: [INT] 19 # DEFAULT: 256 20 # Set the maximum number of loop devices that Singularity should ever attempt 21 # to utilize. 22 max loop devices = 200 23 24 25 # CONFIG PASSWD: [BOOL] 26 # DEFAULT: yes 27 # If /etc/passwd exists within the container, this will automatically append 28 # an entry for the calling user. 29 config passwd = yes 30 31 32 # CONFIG GROUP: [BOOL] 33 # DEFAULT: yes 34 # If /etc/group exists within the container, this will automatically append 35 # group entries for the calling user. 36 config group = yes 37 38 39 # CONFIG RESOLV_CONF: [BOOL] 40 # DEFAULT: yes 41 # If there is a bind point within the container, use the host's 42 # /etc/resolv.conf. 43 config resolv_conf = yes 44 45 46 # MOUNT PROC: [BOOL] 47 # DEFAULT: yes 48 # Should we automatically bind mount /proc within the container? 49 mount proc = yes 50 51 52 # MOUNT SYS: [BOOL] 53 # DEFAULT: yes 54 # Should we automatically bind mount /sys within the container? 55 mount sys = yes 56 57 58 # MOUNT DEV: [yes/no/minimal] 59 # DEFAULT: yes 60 # Should we automatically bind mount /dev within the container? If 'minimal' 61 # is chosen, then only 'null', 'zero', 'random', 'urandom', and 'shm' will 62 # be included (the same effect as the --contain options) 63 mount dev = yes 64 65 66 # MOUNT DEVPTS: [BOOL] 67 # DEFAULT: yes 68 # Should we mount a new instance of devpts if there is a 'minimal' 69 # /dev, or -C is passed? Note, this requires that your kernel was 70 # configured with CONFIG_DEVPTS_MULTIPLE_INSTANCES=y, or that you're 71 # running kernel 4.7 or newer. 72 mount devpts = yes 73 74 75 # MOUNT HOME: [BOOL] 76 # DEFAULT: yes 77 # Should we automatically determine the calling user's home directory and 78 # attempt to mount it's base path into the container? If the --contain option 79 # is used, the home directory will be created within the session directory or 80 # can be overridden with the SINGULARITY_HOME or SINGULARITY_WORKDIR 81 # environment variables (or their corresponding command line options). 82 mount home = yes 83 84 85 # MOUNT TMP: [BOOL] 86 # DEFAULT: yes 87 # Should we automatically bind mount /tmp and /var/tmp into the container? If 88 # the --contain option is used, both tmp locations will be created in the 89 # session directory or can be specified via the SINGULARITY_WORKDIR 90 # environment variable (or the --workingdir command line option). 91 mount tmp = yes 92 93 94 # MOUNT HOSTFS: [BOOL] 95 # DEFAULT: no 96 # Probe for all mounted file systems that are mounted on the host, and bind 97 # those into the container? 98 mount hostfs = no 99 100 101 # BIND PATH: [STRING] 102 # DEFAULT: Undefined 103 # Define a list of files/directories that should be made available from within 104 # the container. The file or directory must exist within the container on 105 # which to attach to. you can specify a different source and destination 106 # path (respectively) with a colon; otherwise source and dest are the same. 107 #bind path = /etc/singularity/default-nsswitch.conf:/etc/nsswitch.conf 108 #bind path = /opt 109 #bind path = /scratch 110 bind path = /etc/localtime 111 bind path = /etc/hosts 112 113 114 # USER BIND CONTROL: [BOOL] 115 # DEFAULT: yes 116 # Allow users to influence and/or define bind points at runtime? This will allow 117 # users to specify bind points, scratch and tmp locations. (note: User bind 118 # control is only allowed if the host also supports PR_SET_NO_NEW_PRIVS) 119 user bind control = yes 120 121 122 # ENABLE OVERLAY: [yes/no/try] 123 # DEFAULT: try 124 # Enabling this option will make it possible to specify bind paths to locations 125 # that do not currently exist within the container. If 'try' is chosen, 126 # overlayfs will be tried but if it is unavailable it will be silently ignored. 127 enable overlay = try 128 129 130 # MOUNT SLAVE: [BOOL] 131 # DEFAULT: yes 132 # Should we automatically propagate file-system changes from the host? 133 # This should be set to 'yes' when autofs mounts in the system should 134 # show up in the container. 135 mount slave = yes 136 137 138 # SESSIONDIR MAXSIZE: [STRING] 139 # DEFAULT: 16 140 # This specifies how large the default sessiondir should be (in MB) and it will 141 # only affect users who use the "--contain" options and don't also specify a 142 # location to do default read/writes to (e.g. "--workdir" or "--home"). 143 sessiondir max size = 16 144 145 146 # LIMIT CONTAINER OWNERS: [STRING] 147 # DEFAULT: NULL 148 # Only allow containers to be used that are owned by a given user. If this 149 # configuration is undefined (commented or set to NULL), all containers are 150 # allowed to be used. This feature only applies when Singularity is running in 151 # SUID mode and the user is non-root. 152 #limit container owners = gmk, singularity, nobody 153 154 155 # LIMIT CONTAINER GROUPS: [STRING] 156 # DEFAULT: @LIMIT_CONTAINER_GROUPS_DEFAULT@ 157 # Only allow containers to be used that are owned by a given group. If this 158 # configuration is undefined (commented or set to NULL), all containers are 159 # allowed to be used. This feature only applies when Singularity is running in 160 # SUID mode and the user is non-root. 161 #limit container groups = group1, singularity, nobody 162 163 164 # LIMIT CONTAINER PATHS: [STRING] 165 # DEFAULT: NULL 166 # Only allow containers to be used that are located within an allowed path 167 # prefix. If this configuration is undefined (commented or set to NULL), 168 # containers will be allowed to run from anywhere on the file system. This 169 # feature only applies when Singularity is running in SUID mode and the user is 170 # non-root. 171 #limit container paths = /scratch, /tmp, /global 172 173 174 # ALLOW CONTAINER ${TYPE}: [BOOL] 175 # DEFAULT: yes 176 # This feature limits what kind of containers that Singularity will allow 177 # users to use (note this does not apply for root). 178 allow container squashfs = yes 179 allow container extfs = yes 180 allow container dir = yes 181 182 183 # AUTOFS BUG PATH: [STRING] 184 # DEFAULT: Undefined 185 # Define list of autofs directories which produces "Too many levels of symbolink links" 186 # errors when accessed from container (typically bind mounts) 187 #autofs bug path = /nfs 188 #autofs bug path = /cifs-share 189 190 191 # ALWAYS USE NV ${TYPE}: [BOOL] 192 # DEFAULT: no 193 # This feature allows an administrator to determine that every action command 194 # should be executed implicitely with the --nv option (useful for GPU only 195 # environments). 196 always use nv = no 197 198 199 # ROOT DEFAULT CAPABILITIES: [full/file/no] 200 # DEFAULT: no 201 # Define default root capability set kept during runtime 202 # - full: keep all capabilities (same as --keep-privs) 203 # - file: keep capabilities configured in ${prefix}/etc/singularity/capabilities/user.root 204 # - no: no capabilities (same as --no-privs) 205 root default capabilities = full 206 207 208 # MEMORY FS TYPE: [tmpfs/ramfs] 209 # DEFAULT: tmpfs 210 # This feature allow to choose temporary filesystem type used by Singularity. 211 # Cray CLE 5 and 6 up to CLE 6.0.UP05 there is an issue (kernel panic) when Singularity 212 # use tmpfs, so on affected version it's recommended to set this value to ramfs to avoid 213 # kernel panic 214 memory fs type = tmpfs