mirror of https://github.com/mkerrisk/man-pages
time_namespaces.7: New page documenting time namespaces
Reviewed-by: Dmitry Safonov <dima@arista.com> Reviewed-by: Andrei Vagin <avagin@gmail.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
efbd39dfd8
commit
5bed06a99a
|
@ -0,0 +1,299 @@
|
|||
.\" Copyright (c) 2020 by Michael Kerrisk <mtk.manpages@gmail.com>
|
||||
.\"
|
||||
.\" %%%LICENSE_START(VERBATIM)
|
||||
.\" Permission is granted to make and distribute verbatim copies of this
|
||||
.\" manual provided the copyright notice and this permission notice are
|
||||
.\" preserved on all copies.
|
||||
.\"
|
||||
.\" Permission is granted to copy and distribute modified versions of this
|
||||
.\" manual under the conditions for verbatim copying, provided that the
|
||||
.\" entire resulting derived work is distributed under the terms of a
|
||||
.\" permission notice identical to this one.
|
||||
.\"
|
||||
.\" Since the Linux kernel and libraries are constantly changing, this
|
||||
.\" manual page may be incorrect or out-of-date. The author(s) assume no
|
||||
.\" responsibility for errors or omissions, or for damages resulting from
|
||||
.\" the use of the information contained herein. The author(s) may not
|
||||
.\" have taken the same level of care in the production of this manual,
|
||||
.\" which is licensed free of charge, as they might when working
|
||||
.\" professionally.
|
||||
.\"
|
||||
.\" Formatted or processed versions of this manual, if unaccompanied by
|
||||
.\" the source, must acknowledge the copyright and authors of this work.
|
||||
.\" %%%LICENSE_END
|
||||
.\"
|
||||
.\"
|
||||
.TH TIME_NAMESPACES 7 2020-04-01 "Linux" "Linux Programmer's Manual"
|
||||
.SH NAME
|
||||
time_namespaces \- overview of Linux time namespaces
|
||||
.SH DESCRIPTION
|
||||
Time namespaces virtualize the values of two system clocks:
|
||||
.IP \(bu 2
|
||||
.BR CLOCK_MONOTONIC
|
||||
(and likewise
|
||||
.BR CLOCK_MONOTONIC_COARSE
|
||||
and
|
||||
.BR CLOCK_MONOTONIC_RAW ),
|
||||
a nonsettable clock that represents monotonic time since\(emas
|
||||
described by POSIX\(em"some unspecified point in the past".
|
||||
.IP \(bu
|
||||
.BR CLOCK_BOOTTIME
|
||||
(and likewise
|
||||
.BR CLOCK_BOOTTIME_ALARM ),
|
||||
a clock that is identical to
|
||||
.BR CLOCK_MONOTONIC ,
|
||||
except that it also includes any time that the system is suspended.
|
||||
.PP
|
||||
Thus, the processes in a time namespace share per-namespace values
|
||||
for these clocks.
|
||||
This affects various APIs that measure against these clocks, including:
|
||||
.BR clock_nanosleep (2),
|
||||
.BR nanosleep (2),
|
||||
.BR clock_gettime (2),
|
||||
and
|
||||
.IR /proc/uptime .
|
||||
.PP
|
||||
Currently, the only way to create a time namespace is by calling
|
||||
.BR unshare (2)
|
||||
with the
|
||||
.BR CLONE_NEWTIME
|
||||
flag.
|
||||
This call creates a new time namespace but does
|
||||
.I not
|
||||
place the calling process in the new namespace.
|
||||
Instead, the calling process's
|
||||
subsequently created children are placed in the new namespace.
|
||||
This allows clock offsets (see below) for the new namespace
|
||||
to be set before the first process is placed in the namespace.
|
||||
The
|
||||
.IR /proc/[pid]/ns/time_for_children
|
||||
symbolic link shows the time namespace in which
|
||||
the children of a process will be created.
|
||||
.\"
|
||||
.SS /proc/PID/timens_offsets
|
||||
Associated with each time namespace are offsets,
|
||||
expressed with respect to the initial time namespace,
|
||||
that define the values of the monotonic and boot clocks in that namespace.
|
||||
These offsets are exposed via the file
|
||||
.IR /proc/PID/timens_offsets .
|
||||
Within this file,
|
||||
the offsets are expressed as lines consisting of
|
||||
three space-delimited fields:
|
||||
.PP
|
||||
.in +4n
|
||||
.EX
|
||||
<clock-id> <offset-secs> <offset-nanosecs>
|
||||
.EE
|
||||
.in
|
||||
.PP
|
||||
The
|
||||
.I clock-id
|
||||
identifies the clock whose offsets are being shown.
|
||||
This field is either 1, for
|
||||
.BR CLOCK_MONOTONIC ,
|
||||
or 7, for
|
||||
.BR CLOCK_BOOTTIME .
|
||||
The remaining fields express the offset (seconds plus nanoseconds) for the
|
||||
clock in this time namespace.
|
||||
These offsets are expressed relative to the clock values in
|
||||
the initial time namespace.
|
||||
In the initial time namespace, the contents of this file are as follows:
|
||||
.PP
|
||||
.in +4n
|
||||
.EX
|
||||
$ \fBcat /proc/self/timens_offsets\fP
|
||||
1 0 0
|
||||
7 0 0
|
||||
.EE
|
||||
.in
|
||||
.PP
|
||||
In a new time namespace that has had no member processes,
|
||||
the clock offsets can be modified by writing newline-terminated
|
||||
records of the same form to the file.
|
||||
The file can be written to multiple times,
|
||||
but after the first process has been created in or has entered the namespace,
|
||||
.BR write (2)s
|
||||
on this file fail with the error
|
||||
.BR EACCES .
|
||||
In order to write to the
|
||||
.IR timens_offsets
|
||||
file, a process must have the
|
||||
.BR CAP_SYS_TIME
|
||||
capability in the user namespace that owns the time namespace.
|
||||
.PP
|
||||
In a new time namespace created by
|
||||
.BR unshare (2),
|
||||
the contents of the
|
||||
.I timens_offsets
|
||||
file are inherited from the time namespace of the creating process.
|
||||
.SH NOTES
|
||||
.PP
|
||||
Use of time namespaces requires a kernel that is configured with the
|
||||
.B CONFIG_TIME_NS
|
||||
option.
|
||||
.PP
|
||||
Note that time namespaces do not virtualize the
|
||||
.BR CLOCK_REALTIME
|
||||
clock.
|
||||
Virtualization of this clock was avoided for reasons of complexity
|
||||
and overhead within the kernel.
|
||||
.PP
|
||||
The motivation for adding time namespaces was to allow
|
||||
the monotonic and boot-time clocks to maintain consistent values
|
||||
during container migration and checkpoint/restore.
|
||||
.SH EXAMPLE
|
||||
.PP
|
||||
The following shell session demonstrates the operation of time namespaces.
|
||||
We begin by displaying the inode number of the time namespace
|
||||
of a shell in the initial time namespace:
|
||||
.PP
|
||||
.in +4n
|
||||
.EX
|
||||
$ \fBreadlink /proc/$$/ns/time\fP
|
||||
time:[4026531834]
|
||||
.EE
|
||||
.in
|
||||
.PP
|
||||
Continuing in the initial time namespace, we display the system uptime using
|
||||
.BR uptime (1)
|
||||
and use the
|
||||
.I clock_times
|
||||
example program shown in
|
||||
.BR clock_getres (2)
|
||||
to display the values of various clocks:
|
||||
.PP
|
||||
.in +4n
|
||||
.EX
|
||||
$ \fBuptime \-\-pretty\fP
|
||||
up 21 hours, 17 minutes
|
||||
$ \fB./clock_times\fP
|
||||
CLOCK_REALTIME : 1585989401.971 (18356 days + 8h 36m 41s)
|
||||
CLOCK_TAI : 1585989438.972 (18356 days + 8h 37m 18s)
|
||||
CLOCK_MONOTONIC: 56338.247 (15h 38m 58s)
|
||||
CLOCK_BOOTTIME : 76633.544 (21h 17m 13s)
|
||||
.EE
|
||||
.in
|
||||
.PP
|
||||
We then use
|
||||
.BR unshare (1)
|
||||
to create a time namespace and execute a
|
||||
.BR bash (1)
|
||||
shell.
|
||||
From the new shell, we use the built-in
|
||||
.B echo
|
||||
command to write records to the
|
||||
.I timens_offsets
|
||||
file adjusting the offset for the
|
||||
.B CLOCK_MONOTONIC
|
||||
clock forward 2 days
|
||||
and the offset for the
|
||||
.B CLOCK_BOOTTIME
|
||||
clock forward 7 days:
|
||||
.PP
|
||||
.in +4n
|
||||
.EX
|
||||
$ \fBPS1="ns2# " sudo unshare \-T \-\- bash \-\-norc\fP
|
||||
ns2# \fBecho "1 $((2*24*60*60)) 0" > /proc/$$/timens_offsets\fP
|
||||
ns2# \fBecho "7 $((7*24*60*60)) 0" > /proc/$$/timens_offsets\fP
|
||||
.EE
|
||||
.in
|
||||
.PP
|
||||
Above, we started the
|
||||
.BR bash (1)
|
||||
shell with the
|
||||
.B \-\-norc
|
||||
options so that no start-up scripts were executed.
|
||||
This ensures that no child processes are created from the
|
||||
shell before we have a chance to update the
|
||||
.I timens_offsets
|
||||
file.
|
||||
.PP
|
||||
We then use
|
||||
.BR cat (1)
|
||||
to display the contents of the
|
||||
.I timens_offsets
|
||||
file.
|
||||
The execution of
|
||||
.BR cat (1)
|
||||
creates the first process in the new time namespace,
|
||||
after which further attempts to update the
|
||||
.I timens_offsets
|
||||
file produce an error.
|
||||
.PP
|
||||
.in +4n
|
||||
.EX
|
||||
ns2# \fBcat /proc/$$/timens_offsets\fP
|
||||
1 172800 0
|
||||
7 604800 0
|
||||
ns2# \fBecho "7 $((9*24*60*60)) 0" > /proc/$$/timens_offsets\fP
|
||||
bash: echo: write error: Permission denied
|
||||
.EE
|
||||
.in
|
||||
.PP
|
||||
Continuing in the new namespace, we execute
|
||||
.BR uptime (1)
|
||||
and the
|
||||
.I clock_times
|
||||
example program:
|
||||
.PP
|
||||
.in +4n
|
||||
.EX
|
||||
ns2# \fBuptime \-\-pretty\fP
|
||||
up 1 week, 21 hours, 18 minutes
|
||||
ns2# \fB./clock_times\fP
|
||||
CLOCK_REALTIME : 1585989457.056 (18356 days + 8h 37m 37s)
|
||||
CLOCK_TAI : 1585989494.057 (18356 days + 8h 38m 14s)
|
||||
CLOCK_MONOTONIC: 229193.332 (2 days + 15h 39m 53s)
|
||||
CLOCK_BOOTTIME : 681488.629 (7 days + 21h 18m 8s)
|
||||
.EE
|
||||
.in
|
||||
.PP
|
||||
From the above output, we can see that the monotonic
|
||||
and boot-time clocks have new values in the new time namespace.
|
||||
.PP
|
||||
Examining the
|
||||
.I /proc/[pid]/ns/time
|
||||
and
|
||||
.I /proc/[pid]/ns/time_for_children
|
||||
symbolic links, we see that the shell is a member of the initial time
|
||||
namespace, but its children are created in a different namespace.
|
||||
|
||||
.PP
|
||||
.in +4n
|
||||
.EX
|
||||
ns2# \fBreadlink /proc/$$/ns/time\fP
|
||||
time:[4026531834]
|
||||
ns2# \fBreadlink /proc/$$/ns/time_for_children\fP
|
||||
time:[4026532900]
|
||||
ns2# \fBreadlink /proc/self/ns/time\fP # Creates a child process
|
||||
time:[4026532900]
|
||||
.EE
|
||||
.in
|
||||
.PP
|
||||
Returning to the shell in the initial time namespace,
|
||||
we see that the monotonic and boot-time clocks
|
||||
are unaffected by the
|
||||
.I timens_offsets
|
||||
changes that were made in the other time namespace:
|
||||
.PP
|
||||
.in +4n
|
||||
.EX
|
||||
$ \fBuptime \-\-pretty\fP
|
||||
up 21 hours, 19 minutes
|
||||
$ \fB./clock_times\fP
|
||||
CLOCK_REALTIME : 1585989401.971 (18356 days + 8h 38m 51s)
|
||||
CLOCK_TAI : 1585989438.972 (18356 days + 8h 39m 28s)
|
||||
CLOCK_MONOTONIC: 56338.247 (15h 41m 8s)
|
||||
CLOCK_BOOTTIME : 76633.544 (21h 19m 23s)
|
||||
.EE
|
||||
.in
|
||||
.SH SEE ALSO
|
||||
.BR nsenter (1),
|
||||
.BR unshare (1),
|
||||
.BR clock_settime (2).
|
||||
.\" clone3() support for time namespaces is a work in progress
|
||||
.\" .BR clone3 (2),
|
||||
.BR setns (2),
|
||||
.BR unshare (2),
|
||||
.BR namespaces (7),
|
||||
.BR time (7)
|
Loading…
Reference in New Issue