Apptainer (formerly known as Singularity)
Apptainer/Singularity [1][2] is a container framework, that aims for reproducibility and portability. It has been comingly known as "Singularity" but has been renamed to Apptainer in 2022 due to legal constraints. In general, just the name changed and all options are the same.
A Apptainer / Singularity container can be a single local image file (or as unpacked directory tree), thus the image can be moved around and started into a container instance depending on some remote repository.
With Apptainer/Singularity installed on a somewhat recent Linux distribution/kernel like CentOS 7 and newer, a 'normal' user can run Singularity containers without the need for some running daemon process or for additional permissions/groups, .e.,
your user > apptainer shell /cvmfs/atlas.cern.ch/repo/containers/fs/singularity/x86_64-centos6
your user > singularity shell /cvmfs/atlas.cern.ch/repo/containers/fs/singularity/x86_64-centos6
To build an own container, one can write a Apptainer/Singularity recipe (the recipe file get's normally named just 'Singularity') to start from an existing container either from Singularity or from Docker images and extend it as you wish
> sudo apptainer build MyContainerFile.img Singularity
> sudo singularity build MyContainerFile.img Singularity
as more abilities are needed to build a new container than for running a container, the build needs root permissions → thus, you should be able to run an existing container out-of-the-box on an somehwat recent Linux machine with Apptainer/Singularity installed but you will need a machine with sudo/wheel rights, if you want to build your own container.
For more details check the sub-pages on Apptainer/Singularity / Building / Isolation / Bootstrapping...