How to run Isaac Sim in Singularity without sudo?

Hi everyone,
I’m trying to run Isaac inside similarity container but I can only run the Web Browser client only if I run the similarity command under sudo. Having to use the image on an HPC how can I solve the problem?

This is the command that I use to launch the sandbox container without sudo :

singularity run --network=host --env “ACCEPT_EULA=Y” isaac_test3

After 10 minutes I can launch from web browser but this is the result

trial1638×805 19 KB

While if I run with the command:

 **sudo** singularity run --network=host --env "ACCEPT_EULA=Y" isaac_test3

test_isaac31841×1038 182 KB

I can immediately open the simulator from web browser

I also try to add some capability to the singularity user but the result not change

singularity run --network=host --env “ACCEPT_EULA=Y” --add-caps=CAP_NET_RAW --add-caps=CAP_NET_ADMIN --add-caps=CAP_NET_BIND_SERVICE --add-caps=CAP_NET_BROADCAST isaac_test3

I also tried add --verbose in runheadless.websocket.sh but no useful information appears from the terminal.

What am I doing wrong ?

I have exactly the same issue…is there someone that can resolve it? If Nvidia Developers can’t help us, all the common developer, including me, are lost in the hyperuranion…

Hi, I was thinking that you just need the --allow-root flag when running the script since our container runs in root. However, I am not familiar with Singularity. Please provide more details on how you set this up (logs too please) and I can try reproduce this issue and will try to get a fix for the next version. Thanks!

Thanks for the reply,
checking the script that contaiener execute (runheadless.websocket.sh) seems that –allow-root is already used:

#! /bin/sh
/isaac-sim/license.sh && /isaac-sim/start_nucleus.sh &
sleep 5 && /isaac-sim/license.sh && /isaac-sim/isaac-sim.headless.websocket.sh
–/isaac/nucleus/default=“omniverse://$OMNI_SERVER”
–allow-root

However this is how to set up the environment to reproduce the issue:

• Ubuntu 18.04
• go version 1.17.6
• singularity version 3.9.4 (GitHub - sylabs/singularity: SingularityCE is the Community Edition of Singularity, an open source container platform designed to be simple, fast, and secure. installation instruction)
• set environment variables for ngc credentials
  export SINGULARITY_DOCKER_USERNAME=‘$oauthtoken’
  export SINGULARITY_DOCKER_PASSWORD=
• create a container with sandbox flag

singularity build  --sandbox NameOfSandboxContainer  docker://nvcr.io/nvidia/isaac-sim:2021.2.1

• execute container

singularity run --network=host --env “ACCEPT_EULA=Y” --nv NameOfSandboxContainer

• From WebBrowser go to http://127.0.0.1:8211/streaming/client

Is there any news about this? When will the new version be available to fix the problem? Thanks in advance

@r.rovella91
there is some reference https://github.com/apptainer/singularity/issues/5488#issuecomment-670618147

ou are in the container here as the Singularity> prompt shows. Singularity has a different model to other container runtimes. Without sudo you are the same user in the container as outside, and Singularity will mount your home directory into the container, and drop you into the current working directory if it exists in the container.

Wen you run without sudo you are not root in the container. The /root directory is usually set with permissions so that only the /root user can access it. You need to install software into a place that is not /home or /root in the container for it to be easy to access and use with Singularity's security model.

Thanks but anyway I can’t figure out how to solve the problem. In the HPC I can’t use sudo.