Hello,
I need to run a docker container with a Singularity and pass the option --add-caps CAP_NET_BIND_SERVICE to singularity exec. The command outside CWL looks like:
singularity exec --add-caps CAP_NET_BIND_SERVICE docker://registry/image:tag my_command
Is it possible to do it?
Welcome @PhCS !
Such a configuration isn’t part of the CWL standards. So the answer depends on which workflow platform or engine you are using.
For example, there is currently no option to add custom Singularity command line options in the CWL reference runner, cwltool.
We use toil-cwl-runner to execute our workflows.
I’m a bit confused as to why you need permission to bind to a privileged port (or any port for that matter). The CWL standards were designed for batch processing using command line tools; not for orchestrating services.
It might sound cumbersome but we need to integrate a Dask workflow with PBS into a CWL workflow 
It seems that qsub needs some privileged ports.
To answer you original question: you should be able to fork the codebase for cwltool (which toil-cwl-runner uses) to add the desired Singularity options. As one of the maintainers of cwltool I would likely accept a code contribution that makes the desired changes to toil-cwl-runner possible; however I would not want to expose that to regular users of cwltool.
Reading about Dask reminds me of the proposed CWL extension for supporting MPI: GitHub - common-workflow-language/cwltool: Common Workflow Language reference implementation
A similar extension for abstracting out the local configuration of the Dask distributed scheduler would be interesting!