singularity-compose icon indicating copy to clipboard operation
singularity-compose copied to clipboard
verified publisher icon singularityhub

BUG: Unwanted volume binds and network configuration added automatically

Open Likqez opened this issue 6 months ago • 1 comments

Hi team,

Hi team, I'm facing an issue when trying to use scompose. My application requires specific network namespace configuration, but scompose appears to be automatically adding network parameters and volume binds that aren't defined in my compose file. These additional configurations seem to be interfering with my application's expected networking behavior. I believe this might be affecting other users who need precise control over their container environment as well.

Version

singularity-compose: 0.1.19

Expected Behavior

The compose file should generate a singularity instance command that only includes the configurations explicitly specified in the YAML file.

Current Behavior

singularity-compose is automatically adding extra volume binds and network configurations that are not defined in the compose file.

Compose File

version: "2.0"

instances:
  cache-manager:
    image: /lustre/llanzner/images/cache-manager-v1.0.sif

    volumes:
      - /var/run/daos_agent:/var/run/daos_agent
      - ./start.sh:/workspace/start.sh
      - ./env_file.sh:/.singularity.d/env/env_file.sh

    start:
      options:
        - no-home
        - writable-tmpfs
        - workdir=/workspace
    run: []

Expected Command

singularity instance start \
    --no-home \
    --writable-tmpfs \
    --workdir=/workspace \
    --bind /var/run/daos_agent:/var/run/daos_agent \
    --bind ./start.sh:/workspace/start.sh \
    --bind ./env_file.sh:/.singularity.d/env/env_file.sh \
    /lustre/llanzner/images/cache-manager-v1.0.sif \
    cache-manager

Actual Command Generated

singularity instance start \
    --bind /var/run/daos_agent:/var/run/daos_agent \
    --bind /lustre/llanzner/Git-Repos/TR-Cache-Network-Tests/NEW/start.sh:/workspace/start.sh \
    --bind /lustre/llanzner/Git-Repos/TR-Cache-Network-Tests/NEW/env_file.sh:/.singularity.d/env/env_file.sh \
    --bind /lustre/llanzner/Git-Repos/TR-Cache-Network-Tests/NEW/resolv.conf:/etc/resolv.conf \
    --bind /lustre/llanzner/Git-Repos/TR-Cache-Network-Tests/NEW/etc.hosts:/etc/hosts \
    --net \
    --network none \
    --network-args "IP=10.22.0.2" \
    --no-home \
    --writable-tmpfs \
    --workdir=/workspace \
    --hostname cache-manager1 \
    --writable-tmpfs \
    /lustre/llanzner/images/cache-manager-v1.0.sif \
    cache-manager1

Issues Identified

  1. Unwanted volume binds: resolv.conf and etc.hosts are automatically added without being specified
  2. Network configuration: --net, --network none, and --network-args are added despite no network configuration in the compose file
  3. Duplicate options: --writable-tmpfs appears twice, because of some undocumented default
  4. Hostname: --hostname cache-manager1 is added automatically, which i believe is reasonable functionality.

Expected Behavior

singularity-compose should only include configurations explicitly defined in the compose file and not add default binds or network settings unless specified by the user.

Likqez avatar Aug 12 '25 16:08 Likqez

Workaround for network-related interference:

Adding the following configuration to your singularity-compose.yml file resolves the unwanted network parameter injection:

network:
  enable: false

This prevents scompose from automatically adding --net, --network none, and --network-args which interfere with applications requiring specific network namespace control.

[!TIP] This should arguably be the default behavior, as automatic network configuration can break applications that depend on precise networking setups. Users should have explicit control over when network isolation is applied.

Likqez avatar Aug 12 '25 16:08 Likqez