initial integration test for time namespace

Signed-off-by: Carson Weeks <[email protected]>

Author: CheatCodeSam

crates/libcontainer/src/container/builder_impl.rs

@@ -145,11 +145,29 @@ impl ContainerBuilderImpl {
         }
 
         // Extract time namespace offsets from spec
+        // Only set time_offsets if we're creating a NEW time namespace (not joining an existing one)
         let time_offsets = self
             .spec
             .linux()
             .as_ref()
-            .and_then(|linux| linux.time_offsets().as_ref())
+            .and_then(|linux| {
+                let creating_new_time_ns = linux
+                    .namespaces()
+                    .as_ref()
+                    .and_then(|namespaces| {
+                        namespaces
+                            .iter()
+                            .find(|ns| ns.typ() == oci_spec::runtime::LinuxNamespaceType::Time)
+                    })
+                    .map(|time_ns| time_ns.path().is_none())
+                    .unwrap_or(false);
+
+                if creating_new_time_ns {
+                    linux.time_offsets().as_ref()
+                } else {
+                    None
+                }
+            })
             .map(|offsets| {
                 offsets
                     .iter()

tests/contest/contest/src/main.rs

@@ -41,6 +41,7 @@ use crate::tests::scheduler::get_scheduler_test;
 use crate::tests::seccomp::get_seccomp_test;
 use crate::tests::seccomp_notify::get_seccomp_notify_test;
 use crate::tests::sysctl::get_sysctl_test;
+use crate::tests::time_ns::get_time_ns_test;
 use crate::tests::tlb::get_tlb_test;
 use crate::tests::uid_mappings::get_uid_mappings_test;
 use crate::utils::support::{set_runtime_path, set_runtimetest_path};
@@ -148,6 +149,7 @@ fn main() -> Result<()> {
     let exec_cpu_affinity = get_exec_cpu_affinity_test();
     let personality = get_personality_test();
     let prohibit_symlink = get_prohibit_symlink_test();
+    let time_ns = get_time_ns_test();
 
     tm.add_test_group(Box::new(cl));
     tm.add_test_group(Box::new(cc));
@@ -190,6 +192,7 @@ fn main() -> Result<()> {
     tm.add_test_group(Box::new(personality));
     tm.add_test_group(Box::new(prohibit_symlink));
     tm.add_test_group(Box::new(io_priority_test));
+    tm.add_test_group(Box::new(time_ns));
     tm.add_cleanup(Box::new(cgroups::cleanup_v1));
     tm.add_cleanup(Box::new(cgroups::cleanup_v2));
 

tests/contest/contest/src/tests/mod.rs

@@ -31,5 +31,6 @@ pub mod scheduler;
 pub mod seccomp;
 pub mod seccomp_notify;
 pub mod sysctl;
+pub mod time_ns;
 pub mod tlb;
 pub mod uid_mappings;

tests/contest/contest/src/tests/time_ns/mod.rs

@@ -0,0 +1,62 @@
+use std::collections::HashMap;
+
+use anyhow::{Context, Ok, Result};
+use oci_spec::runtime::{
+    LinuxBuilder, LinuxNamespace, LinuxNamespaceType, LinuxTimeOffset, ProcessBuilder, Spec,
+    SpecBuilder,
+};
+use test_framework::{Test, TestGroup, TestResult, test_result};
+
+use crate::utils::test_inside_container;
+use crate::utils::test_utils::CreateOptions;
+
+fn create_spec() -> Result<Spec> {
+    let mut default_namespaces: Vec<LinuxNamespace> = oci_spec::runtime::get_default_namespaces();
+    default_namespaces.push(
+        LinuxNamespace::default()
+            .set_typ(LinuxNamespaceType::Time)
+            .to_owned(),
+    );
+
+    let boottime: HashMap<_, _> = [(
+        "boottime".to_owned(),
+        LinuxTimeOffset::default()
+            .set_secs(Some(9999999))
+            .to_owned(),
+    )]
+    .into_iter()
+    .collect();
+
+    SpecBuilder::default()
+        .process(
+            ProcessBuilder::default()
+                .args(
+                    ["runtimetest", "hello_world"]
+                        .iter()
+                        .map(|s| s.to_string())
+                        .collect::<Vec<String>>(),
+                )
+                .build()?,
+        )
+        .linux(
+            LinuxBuilder::default()
+                .time_offsets(boottime)
+                .namespaces(default_namespaces)
+                .build()?,
+        )
+        .build()
+        .context("failed to create spec")
+}
+
+fn time_ns_test() -> TestResult {
+    let spec = test_result!(create_spec());
+    test_inside_container(&spec, &CreateOptions::default(), &|_| Ok(()))
+}
+
+pub fn get_time_ns_test() -> TestGroup {
+    let mut test_group = TestGroup::new("time_ns");
+    let test1 = Test::new("set boottime to 9999999", Box::new(time_ns_test));
+    test_group.add(vec![Box::new(test1)]);
+
+    test_group
+}