singularity icon indicating copy to clipboard operation
singularity copied to clipboard
verified publisher icon sylabs

Allow OCI launcher to run image that is in on-disk OCI bundle format.

Open dtrudg opened this issue 3 years ago • 0 comments

Extend the OCI launcher so that it can run an OCI bundle that is on-disk in a specified location. I.E.

singularity run oci-bundle:ubuntu-bundle

Should work roughly the same as...

singularity oci run -b ubuntu-bundle mycontainer

This will require:

  • Adding an oci-bundle image type, that is recognized and supported for execution by the OCI CLI / launcher flow only.
  • Having the OCI launcher create a default config in the bundle (overwriting any existing config is ok at this stage.
  • Having the OCI launcher run the container interactively, similar to the existing OCI command group code, which may be refactored to support this from a more generic location in the codebase:

https://github.com/sylabs/singularity/blob/21c48367a9f5956765ad1c16ee88f9a12441beef/internal/app/singularity/oci_run_linux.go#L20

The launcher does not need to handle any options, environment, etc. at this stage. Just run the container, entering it with a default minimal OCI runtime config.

The target UID in the container must be the host user, as with singularity. For unprivileged users, this means a rootless configuration, uid / gid mappings, and setting a User in the spec.

The container image should be read only, as is Singularity's default. No writable overlay, tempfs support is required at this stage.

dtrudg avatar Oct 10 '22 09:10 dtrudg