我正在尝试通过以下Dockerfile
(构建命令:docker build -f ./Dockerfile -t rocker-singularity .
)在Docker容器内运行奇点容器:
FROM rocker/rstudio-stable:3.5.1
RUN apt-get update && apt-get install -y \
gcc \
make \
file \
sudo \
squashfs-tools \
sshpass \
libarchive-dev \
vim
RUN VERSION=2.5.2 \
&& wget https://github.com/singularityware/singularity/releases/download/$VERSION/singularity-$VERSION.tar.gz \
&& tar xvf singularity-$VERSION.tar.gz \
&& cd singularity-$VERSION \
&& ./configure --prefix=/usr/local \
&& make \
&& sudo make install \
&& cd - \
&& rm -rf singularity-${VERSION}*
RUN singularity pull --name ./hello-world.simg shub://vsoch/hello-world
使用命令:
docker run -it rocker-singularity:latest sudo singularity shell hello-world.simg
但我收到错误消息:
$ docker run -it rocker-singularity:latest sudo singularity --debug shell hello-world.simg
Enabling debugging
Ending argument loop
Singularity version: 2.5.2-dist
Exec'ing: /usr/local/libexec/singularity/cli/shell.exec
Evaluating args: 'hello-world.simg'
VERBOSE [U=0,P=1] message_init() Set messagelevel to: 5
VERBOSE [U=0,P=1] singularity_config_parse() Initialize configuration file: /usr/local/etc/singularity/singularity.conf
DEBUG [U=0,P=1] singularity_config_parse() Starting parse of configuration file /usr/local/etc/singularity/singularity.conf
VERBOSE [U=0,P=1] singularity_config_parse() Got config key allow setuid = 'yes'
VERBOSE [U=0,P=1] singularity_config_parse() Got config key max loop devices = '256'
VERBOSE [U=0,P=1] singularity_config_parse() Got config key allow pid ns = 'yes'
VERBOSE [U=0,P=1] singularity_config_parse() Got config key config passwd = 'yes'
VERBOSE [U=0,P=1] singularity_config_parse() Got config key config group = 'yes'
VERBOSE [U=0,P=1] singularity_config_parse() Got config key config resolv_conf = 'yes'
VERBOSE [U=0,P=1] singularity_config_parse() Got config key mount proc = 'yes'
VERBOSE [U=0,P=1] singularity_config_parse() Got config key mount sys = 'yes'
VERBOSE [U=0,P=1] singularity_config_parse() Got config key mount dev = 'yes'
VERBOSE [U=0,P=1] singularity_config_parse() Got config key mount devpts = 'yes'
VERBOSE [U=0,P=1] singularity_config_parse() Got config key mount home = 'yes'
VERBOSE [U=0,P=1] singularity_config_parse() Got config key mount tmp = 'yes'
VERBOSE [U=0,P=1] singularity_config_parse() Got config key mount hostfs = 'no'
VERBOSE [U=0,P=1] singularity_config_parse() Got config key bind path = '/etc/localtime'
VERBOSE [U=0,P=1] singularity_config_parse() Got config key bind path = '/etc/hosts'
VERBOSE [U=0,P=1] singularity_config_parse() Got config key user bind control = 'yes'
VERBOSE [U=0,P=1] singularity_config_parse() Got config key enable overlay = 'try'
VERBOSE [U=0,P=1] singularity_config_parse() Got config key mount slave = 'yes'
VERBOSE [U=0,P=1] singularity_config_parse() Got config key sessiondir max size = '16'
VERBOSE [U=0,P=1] singularity_config_parse() Got config key allow container squashfs = 'yes'
VERBOSE [U=0,P=1] singularity_config_parse() Got config key allow container extfs = 'yes'
VERBOSE [U=0,P=1] singularity_config_parse() Got config key allow container dir = 'yes'
DEBUG [U=0,P=1] singularity_config_parse() Finished parsing configuration file '/usr/local/etc/singularity/singularity.conf'
VERBOSE [U=0,P=1] singularity_registry_init() Initializing Singularity Registry
VERBOSE [U=0,P=1] singularity_registry_set() Adding value to registry: 'COMMAND' = 'shell'
DEBUG [U=0,P=1] singularity_registry_set() Returning singularity_registry_set(COMMAND, shell) = 0
VERBOSE [U=0,P=1] singularity_registry_set() Adding value to registry: 'SYSCONFDIR' = '/usr/local/etc'
DEBUG [U=0,P=1] singularity_registry_set() Returning singularity_registry_set(sysconfdir, /usr/local/etc) = 0
VERBOSE [U=0,P=1] singularity_registry_set() Adding value to registry: 'VERSION' = '2.5.2-dist'
DEBUG [U=0,P=1] singularity_registry_set() Returning singularity_registry_set(version, 2.5.2-dist) = 0
VERBOSE [U=0,P=1] singularity_registry_set() Adding value to registry: 'IMAGE' = 'hello-world.simg'
DEBUG [U=0,P=1] singularity_registry_set() Returning singularity_registry_set(IMAGE, hello-world.simg) = 0
VERBOSE [U=0,P=1] singularity_registry_set() Adding value to registry: 'MESSAGELEVEL' = '5'
DEBUG [U=0,P=1] singularity_registry_set() Returning singularity_registry_set(MESSAGELEVEL, 5) = 0
VERBOSE [U=0,P=1] singularity_registry_set() Adding value to registry: 'BINDIR' = '/usr/local/bin'
DEBUG [U=0,P=1] singularity_registry_set() Returning singularity_registry_set(bindir, /usr/local/bin) = 0
VERBOSE [U=0,P=1] singularity_registry_set() Adding value to registry: 'LOCALSTATEDIR' = '/usr/local/var'
DEBUG [U=0,P=1] singularity_registry_set() Returning singularity_registry_set(localstatedir, /usr/local/var) = 0
VERBOSE [U=0,P=1] singularity_registry_set() Adding value to registry: 'LIBEXECDIR' = '/usr/local/libexec'
DEBUG [U=0,P=1] singularity_registry_set() Returning singularity_registry_set(libexecdir, /usr/local/libexec) = 0
DEBUG [U=0,P=1] singularity_registry_get() Returning NULL on 'HOME'
DEBUG [U=0,P=1] singularity_registry_get() Returning NULL on 'TARGET_UID'
DEBUG [U=0,P=1] singularity_registry_get() Returning NULL on 'TARGET_GID'
DEBUG [U=0,P=1] singularity_priv_init() Initializing user info
DEBUG [U=0,P=1] singularity_priv_init() Set the calling user's username to: root
DEBUG [U=0,P=1] singularity_priv_init() Marking uinfo structure as ready
DEBUG [U=0,P=1] singularity_priv_init() Obtaining home directory
VERBOSE [U=0,P=1] singularity_priv_init() Set home (via getpwuid()) to: /root
VERBOSE [U=0,P=1] singularity_suid_init() Running SUID program workflow
VERBOSE [U=0,P=1] singularity_suid_init() Checking program has appropriate permissions
VERBOSE [U=0,P=1] singularity_suid_init() Checking configuration file is properly owned by root
VERBOSE [U=0,P=1] singularity_suid_init() Checking if singularity.conf allows us to run as suid
DEBUG [U=0,P=1] singularity_config_get_bool_char_impl() Called singularity_config_get_bool(allow setuid, yes)
DEBUG [U=0,P=1] singularity_config_get_value_impl() Returning configuration value allow setuid='yes'
DEBUG [U=0,P=1] singularity_config_get_bool_char_impl() Return singularity_config_get_bool(allow setuid, yes) = 1
DEBUG [U=0,P=1] singularity_registry_get() Returning NULL on 'NOSUID'
VERBOSE [U=0,P=1] singularity_priv_userns() Invoking the user namespace
DEBUG [U=0,P=1] singularity_config_get_bool_char_impl() Called singularity_config_get_bool(allow user ns, yes)
DEBUG [U=0,P=1] singularity_config_get_value_impl() No configuration entry found for 'allow user ns'; returning default value 'yes'
DEBUG [U=0,P=1] singularity_config_get_bool_char_impl() Return singularity_config_get_bool(allow user ns, yes) = 1
VERBOSE [U=0,P=1] singularity_priv_userns() Not virtualizing USER namespace: running as root
DEBUG [U=0,P=1] singularity_priv_userns() Returning singularity_priv_init(void)
DEBUG [U=0,P=1] singularity_priv_drop() Running as root, not changing privileges
DEBUG [U=0,P=1] singularity_config_get_value_multi_impl() No configuration entry found for 'autofs bug path'; returning default value ''
VERBOSE [U=0,P=1] singularity_runtime_autofs() No autofs bug path in configuration, skipping
DEBUG [U=0,P=1] singularity_registry_get() Returning NULL on 'DAEMON_START'
DEBUG [U=0,P=1] singularity_registry_get() Returning NULL on 'DAEMON_JOIN'
DEBUG [U=0,P=1] singularity_daemon_init() Not joining a daemon, daemon join not set
DEBUG [U=0,P=1] singularity_registry_get() Returning NULL on 'WRITABLE'
VERBOSE [U=0,P=1] main() Instantiating read only container image object
DEBUG [U=0,P=1] singularity_registry_get() Returning value from registry: 'IMAGE' = 'hello-world.simg'
DEBUG [U=0,P=1] singularity_image_init() Calling image_init for each file system module
DEBUG [U=0,P=1] singularity_image_dir_init() Opening file descriptor to directory: /hello-world.simg
DEBUG [U=0,P=1] singularity_image_dir_init() This is not a directory based image
DEBUG [U=0,P=1] singularity_image_squashfs_init() Checking if writable image requested
DEBUG [U=0,P=1] singularity_image_squashfs_init() Opening file descriptor to image: /hello-world.simg
VERBOSE [U=0,P=1] singularity_image_squashfs_init() Checking that file pointer is a Singularity image
DEBUG [U=0,P=1] singularity_image_squashfs_init() Checking for magic in the top of the file
VERBOSE [U=0,P=1] singularity_image_squashfs_init() File is a valid SquashFS image
DEBUG [U=0,P=1] singularity_image_init() got image_init type for squashfs
DEBUG [U=0,P=1] singularity_config_get_bool_char_impl() Called singularity_config_get_bool(allow container squashfs, yes)
DEBUG [U=0,P=1] singularity_config_get_value_impl() Returning configuration value allow container squashfs='yes'
DEBUG [U=0,P=1] singularity_config_get_bool_char_impl() Return singularity_config_get_bool(allow container squashfs, yes) = 1
DEBUG [U=0,P=1] singularity_registry_get() Returning NULL on 'DAEMON_JOIN'
DEBUG [U=0,P=1] singularity_registry_get() Returning NULL on 'CLEANUPDIR'
VERBOSE [U=0,P=1] singularity_registry_set() Adding value to registry: 'CLEANUPD_FD' = '-1'
DEBUG [U=0,P=1] singularity_registry_set() Returning singularity_registry_set(CLEANUPD_FD, -1) = 0
DEBUG [U=0,P=1] singularity_registry_get() Returning NULL on 'DAEMON_JOIN'
DEBUG [U=0,P=1] singularity_registry_get() Returning NULL on 'NOSESSIONCLEANUP'
DEBUG [U=0,P=1] singularity_registry_get() Returning NULL on 'NOCLEANUP'
DEBUG [U=0,P=1] singularity_cleanupd() Not running a cleanup thread, no 'SINGULARITY_CLEANUPDIR' defined
DEBUG [U=0,P=1] singularity_registry_get() Returning NULL on 'DAEMON_JOIN'
DEBUG [U=0,P=1] singularity_runtime_ns() Calling: _singularity_runtime_ns_ipc()
DEBUG [U=0,P=1] singularity_config_get_bool_char_impl() Called singularity_config_get_bool(allow ipc ns, yes)
DEBUG [U=0,P=1] singularity_config_get_value_impl() No configuration entry found for 'allow ipc ns'; returning default value 'yes'
DEBUG [U=0,P=1] singularity_config_get_bool_char_impl() Return singularity_config_get_bool(allow ipc ns, yes) = 1
DEBUG [U=0,P=1] singularity_registry_get() Returning NULL on 'UNSHARE_IPC'
VERBOSE [U=0,P=1] singularity_runtime_ns_ipc() Not virtualizing IPC namespace on user request
DEBUG [U=0,P=1] singularity_runtime_ns() Calling: _singularity_runtime_ns_pid()
DEBUG [U=0,P=1] singularity_config_get_bool_char_impl() Called singularity_config_get_bool(allow pid ns, yes)
DEBUG [U=0,P=1] singularity_config_get_value_impl() Returning configuration value allow pid ns='yes'
DEBUG [U=0,P=1] singularity_config_get_bool_char_impl() Return singularity_config_get_bool(allow pid ns, yes) = 1
DEBUG [U=0,P=1] singularity_registry_get() Returning NULL on 'UNSHARE_PID'
VERBOSE [U=0,P=1] singularity_runtime_ns_pid() Not virtualizing PID namespace on user request
DEBUG [U=0,P=1] singularity_runtime_ns() Calling: _singularity_runtime_ns_net()
DEBUG [U=0,P=1] singularity_registry_get() Returning NULL on 'UNSHARE_NET'
VERBOSE [U=0,P=1] singularity_runtime_ns_net() Not virtualizing network namespace on user request
DEBUG [U=0,P=1] singularity_runtime_ns() Calling: _singularity_runtime_ns_mnt()
DEBUG [U=0,P=1] singularity_config_get_bool_char_impl() Called singularity_config_get_bool(mount slave, yes)
DEBUG [U=0,P=1] singularity_config_get_value_impl() Returning configuration value mount slave='yes'
DEBUG [U=0,P=1] singularity_config_get_bool_char_impl() Return singularity_config_get_bool(mount slave, yes) = 1
DEBUG [U=0,P=1] singularity_priv_escalate() Running as root, not changing privileges
DEBUG [U=0,P=1] singularity_runtime_ns_mnt() Virtualizing FS namespace
Singularity: action-suid (U=0,P=1)> Could not virtualize file system namespace: Operation not permitted
ERROR [U=0,P=1] singularity_runtime_ns_mnt() Could not virtualize file system namespace: Operation not permitted
Singularity: action-suid (U=0,P=1)> Retval = 255
ABORT [U=0,P=1] singularity_runtime_ns_mnt() Retval = 255
我在Google上搜索了很多,发现this issue,但是建议的解决方案不起作用。你能帮忙吗?
答案 0 :(得分:1)
基于您提供的Dockerfile构建Docker映像后,我能够通过链接的解决方案运行奇异映像。 Docker Engine v19.03.4。
$ docker run --privileged -it rocker-singularity:latest sudo singularity shell hello-world.simg
Singularity: action-suid (U=0,P=6)> USER=root, IMAGE='hello-world.simg', COMMAND='shell'
Singularity: Invoking an interactive shell within container...
bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
Singularity hello-world.simg:/>
和
$ docker run --privileged -it rocker-singularity:latest sudo singularity run hello-world.simg
Singularity: action-suid (U=0,P=6)> USER=root, IMAGE='hello-world.simg', COMMAND='run'
/bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
RaawwWWWWWRRRR!! Avocado!