Skip to content

Use sandbox mode which is more robust in singularity cleanup phase#193

Open
julianmorillo wants to merge 5 commits intoEESSI:mainfrom
julianmorillo:build-sandbox
Open

Use sandbox mode which is more robust in singularity cleanup phase#193
julianmorillo wants to merge 5 commits intoEESSI:mainfrom
julianmorillo:build-sandbox

Conversation

@julianmorillo
Copy link
Copy Markdown

@julianmorillo julianmorillo commented Mar 26, 2026

No description provided.

@julianmorillo julianmorillo mentioned this pull request Mar 27, 2026
Open
@boegel
Copy link
Copy Markdown
Contributor

boegel commented Mar 30, 2026

@julianmorillo Is there any documentation that would explain why this works better?

No strong objections as long as it works, I just don't see why this would work better (though it seems to based on EESSI/dev.eessi.io-riscv#35 (comment))

@trz42
Copy link
Copy Markdown
Contributor

trz42 commented Mar 31, 2026

Could we use this optionally? It's been tested on RISC-V, but we haven't seen this on other systems. So, to not cause problems on the other systems, maybe the safest way forward would be to add an option and use that where needed.

@julianmorillo
Copy link
Copy Markdown
Author

julianmorillo commented Mar 31, 2026
edited
Loading

@boegel
SingularityCE User Guide (runtime behavior changes)
SingularityCE 4.1 Admin/User notes (FUSE + sandbox fallback)

The critical mechanism here (from the documentation above) is that SIF images require mounting (via FUSE). In the documentation above it can be read: "SIF/SquashFS container images will now be mounted with squashfuse… when kernel mounts are not available."
In an unprivileged HPC environment this becomes:

The documentation above also explains that if mounting fails or is unsuitable --> Singularity uses a sandbox: “If the FUSE mount fails, Singularity will fall back to extracting the container to a temporary sandbox.” and “fallback to extraction to a temporary sandbox directory”.
The key insight is that:

  • Sandbox = extracted directory
  • No mount needed
  • No FUSE
  • No teardown/cleanup complexity

@bedroge
Copy link
Copy Markdown
Contributor

bedroge commented Mar 31, 2026

Could we use this optionally? It's been tested on RISC-V, but we haven't seen this on other systems. So, to not cause problems on the other systems, maybe the safest way forward would be to add an option and use that where needed.

This makes sense to me. The sandbox mode is probably (much) slower, especially when multiple jobs are extracting that image to a shared filesystem at the same time.

@julianmorillo
Copy link
Copy Markdown
Author

julianmorillo commented Mar 31, 2026

Could we use this optionally? It's been tested on RISC-V, but we haven't seen this on other systems. So, to not cause problems on the other systems, maybe the safest way forward would be to add an option and use that where needed.

This makes sense to me. The sandbox mode is probably (much) slower, especially when multiple jobs are extracting that image to a shared filesystem at the same time.

I already made it optional through an environment variable that should be defined in site_config.sh. Would that work?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@julianmorillo @boegel @trz42 @bedroge