disable network connection when running

[tomeichlersmith]

Is your feature request related to a problem? Please describe. HPS's slic falls-back to downloading GDML and LCDD schemas from the internet if they are not found locally. This has caused me issues when running on SLAC's cluster since sometimes this internet connection is disrupted. The reason these schemas are not found locally is simply due to a mis-configuration of the container environment (the actual files were there), and the most direct way for me to quickly test slic is to prevent it from connecting to the internet at all so I can see if it fails at this fallback or continues successfully.

Describe the solution you'd like apptainer can be given --net --network none^1 which puts the container into a network-less environment. I expect the other runners have something similar.

Describe alternatives you've considered From the denv side, there isn't really an alternative. I think keeping the network connected is a sensible default but it is helpful to run without it occasionally.

[tomeichlersmith]

Since this --net --network none flag for apptainer was setup in the pre-schism singularity, I suspect it will function for all flavours of singularity (apptainer, original recipe, and sylabs).

docker/podman require a --network host flag to enable network connection. The podman run docs suggest trying --network none to disable all connections.