[GH-ISSUE #3738] Feature Request: Support for time namespaces (Linux 5.6) #2359

New issue

Open

opened 2026-05-05 09:02:34 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented

2026-05-05 09:02:34 -06:00

Owner

Originally created by @rhencke on GitHub (Nov 11, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3738

As of Linux 5.6, a new namespace was added for time.

Within each time namespace, you can set:

the offset for monotonic time (in seconds & nanoseconds)
the offset for boot-time (in seconds & nanoseconds)

This allows you to run programs as if they were running in the past or future, without modifying the system clock.

Here are some of the things I would like to do with such a feature, if it existed:

Use firejail to run unit tests at varying points in the future as part of a CI process, to catch time-related problems before they become real. Because so many of our unit tests use the system clock.. grumble grumble.. but.. I digress..
Use firejail to easily test network scenarios where a client has an incorrect system clock.
Use firejail to inspect and explore how software and systems act at various points in the future (e.g. is this software affected by the year 2038 problem?)

Is this an idea that firejail would be open to? (I'd be happy to hack on a PR if so.)

Originally created by @rhencke on GitHub (Nov 11, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3738 As of Linux 5.6, [a new namespace was added for time](https://man7.org/linux/man-pages/man7/time_namespaces.7.html). Within each time namespace, you can set: * the offset for monotonic time (in seconds & nanoseconds) * the offset for boot-time (in seconds & nanoseconds) This allows you to run programs as if they were running in the past or future, without modifying the system clock. Here are some of the things I would like to do with such a feature, if it existed: * Use `firejail` to run unit tests at varying points in the future as part of a CI process, to catch time-related problems before they become real. _Because so many of our unit tests use the system clock.. grumble grumble.. but.. I digress.._ * Use `firejail` to easily test network scenarios where a client has an incorrect system clock. * Use `firejail` to inspect and explore how software and systems act at various points in the future (e.g. is this software affected by the year 2038 problem?) Is this an idea that firejail would be open to? (I'd be happy to hack on a PR if so.)

gitea-mirror added the

enhancement

label 2026-05-05 09:02:34 -06:00

gitea-mirror commented

2026-05-05 09:02:36 -06:00

Author

Owner

@reinerh commented on GitHub (Nov 11, 2020):

I agree, that sounds like a good idea and would be cool to have. :-)

@reinerh commented on GitHub (Nov 11, 2020): I agree, that sounds like a good idea and would be cool to have. :-)

gitea-mirror commented

2026-05-05 09:02:36 -06:00

Author

Owner

@rhencke commented on GitHub (Nov 11, 2020):

My apologies... I did not read the Linux patch close enough...

CLOCK_REALTIME - System-wide clock that measures real (i.e., wall-clock) time.

For many users, the time namespace means the ability to changes date and
time in a container (CLOCK_REALTIME). Providing per namespace notions of
CLOCK_REALTIME would be complex with a massive overhead, but has a dubious
value.

So.. it.. doesn't namespace the one part of time that would have been interesting, currently. Well.. maybe in Linux 7.12 or so.. (sorry for the noise - you can close this as 'currently impossible'.. d'oh)

@rhencke commented on GitHub (Nov 11, 2020): My apologies... I did not read the Linux patch [close enough](https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?h=timers/core&id=769071ac9f20b6a447410c7eaa55d1a5233ef40c)... > CLOCK_REALTIME - System-wide clock that measures real (i.e., wall-clock) time. > For many users, the time namespace means the ability to changes date and time in a container (CLOCK_REALTIME). Providing per namespace notions of CLOCK_REALTIME would be complex with a massive overhead, but has a dubious value. So.. it.. doesn't namespace the one part of time that would have been interesting, currently. Well.. maybe in Linux 7.12 or so.. (sorry for the noise - you can close this as 'currently impossible'.. d'oh)

gitea-mirror referenced this issue

2026-05-05 09:11:18 -06:00

[GH-ISSUE #4006] zoom: cannot save chat logs #2502

gitea-mirror referenced this issue

2026-05-05 09:24:15 -06:00

[GH-ISSUE #4653] Allow specifying paths relative to XDG user dir variables (${DOWNLOADS}/something, ${PICTURES}/something...) #2739

gitea-mirror referenced this issue

2026-05-05 09:47:09 -06:00

[GH-ISSUE #6011] whitelist ${HOME}/Documents is not working #3157

gitea-mirror referenced this issue

2026-05-05 09:47:10 -06:00

[GH-ISSUE #6011] whitelist ${HOME}/Documents is not working #3157