feat: 支持user容器

Close #I6EC0A
Signed-off-by: zhushengle <zhushengle@huawei.com>
Change-Id: I5314959e66090b0614ad8d2058dc9dff4f0031b0

testsuites/unittest/container/BUILD.gn

@@ -47,6 +47,9 @@ config("container_config") {
   if (defined(LOSCFG_USER_TEST_TIME_CONTAINER)) {
     cflags += [ "-DLOSCFG_USER_TEST_TIME_CONTAINER" ]
   }
+  if (defined(LOSCFG_USER_TEST_USER_CONTAINER)) {
+    cflags += [ "-DLOSCFG_USER_TEST_USER_CONTAINER" ]
+  }
   cflags_cc = cflags
 }
 

testsuites/unittest/container/It_container_test.cpp

@@ -589,6 +589,55 @@ HWTEST_F(ContainerTest, ItTimeContainer010, TestSize.Level0)
     ItTimeContainer010();
 }
 #endif
+#if defined(LOSCFG_USER_TEST_USER_CONTAINER)
+/**
+* @tc.name: Container_UTS_Test_001
+* @tc.desc: uts container function test case
+* @tc.type: FUNC
+* @tc.require: issueI6EC0A
+* @tc.author:
+*/
+HWTEST_F(ContainerTest, ItUserContainer001, TestSize.Level0)
+{
+    ItUserContainer001();
+}
+
+/**
+* @tc.name: Container_UTS_Test_002
+* @tc.desc: uts container function test case
+* @tc.type: FUNC
+* @tc.require: issueI6EC0A
+* @tc.author:
+*/
+HWTEST_F(ContainerTest, ItUserContainer002, TestSize.Level0)
+{
+    ItUserContainer002();
+}
+
+/**
+* @tc.name: Container_UTS_Test_003
+* @tc.desc: uts container function test case
+* @tc.type: FUNC
+* @tc.require: issueI6EC0A
+* @tc.author:
+*/
+HWTEST_F(ContainerTest, ItUserContainer003, TestSize.Level0)
+{
+    ItUserContainer003();
+}
+
+/**
+* @tc.name: Container_UTS_Test_004
+* @tc.desc: uts container function test case
+* @tc.type: FUNC
+* @tc.require: issueI6EC0A
+* @tc.author:
+*/
+HWTEST_F(ContainerTest, ItUserContainer004, TestSize.Level0)
+{
+    ItUserContainer004();
+}
+#endif
 #endif /* LOSCFG_USER_TEST_SMOKE */
 
 #if defined(LOSCFG_USER_TEST_FULL)
@@ -884,6 +933,19 @@ HWTEST_F(ContainerTest, ItUtsContainer003, TestSize.Level0)
     ItUtsContainer003();
 }
 #endif
+#if defined(LOSCFG_USER_TEST_USER_CONTAINER)
+/**
+* @tc.name: Container_UTS_Test_005
+* @tc.desc: uts container function test case
+* @tc.type: FUNC
+* @tc.require: issueI6EC0A
+* @tc.author:
+*/
+HWTEST_F(ContainerTest, ItUserContainer005, TestSize.Level0)
+{
+    ItUserContainer005();
+}
+#endif
 #endif
 } // namespace OHOS
 

testsuites/unittest/container/It_container_test.h

@@ -137,6 +137,11 @@ private:
     int m_shmid;
 };
 
+void ItUserContainer001(void);
+void ItUserContainer002(void);
+void ItUserContainer003(void);
+void ItUserContainer004(void);
+void ItUserContainer005(void);
 #if defined(LOSCFG_USER_TEST_SMOKE)
 void ItContainer001(void);
 void ItContainerChroot001(void);

testsuites/unittest/container/config.gni

@@ -128,3 +128,14 @@ if (defined(LOSCFG_USER_TEST_TIME_CONTAINER)) {
     "$TEST_UNITTEST_DIR/container/smoke/It_time_container_010.cpp",
   ]
 }
+
+if (defined(LOSCFG_USER_TEST_USER_CONTAINER)) {
+  sources_smoke += [
+    "$TEST_UNITTEST_DIR/container/smoke/It_user_container_001.cpp",
+    "$TEST_UNITTEST_DIR/container/smoke/It_user_container_002.cpp",
+    "$TEST_UNITTEST_DIR/container/smoke/It_user_container_003.cpp",
+    "$TEST_UNITTEST_DIR/container/smoke/It_user_container_004.cpp",
+  ]
+  sources_full +=
+      [ "$TEST_UNITTEST_DIR/container/full/It_user_container_005.cpp" ]
+}

testsuites/unittest/container/full/It_user_container_005.cpp

@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2023-2023 Huawei Device Co., Ltd. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice, this list of
+ * conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice, this list
+ * of conditions and the following disclaimer in the documentation and/or other materials
+ * provided with the distribution.
+ *
+ * 3. Neither the name of the copyright holder nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "It_container_test.h"
+#include "sys/resource.h"
+#include "sys/wait.h"
+#include "pthread.h"
+#include "sched.h"
+
+const int EXIT_TRUE_CODE = 255;
+const int MAX_PID_RANGE = 100000;
+const int SLEEP_TIME_US = 1000;
+const int LOOP_NUM = 1000;
+
+static int childFunc(void *arg)
+{
+    (void)arg;
+    usleep(SLEEP_TIME_US);
+    exit(EXIT_TRUE_CODE);
+}
+
+static int GroupProcess(void *arg)
+{
+    (void)arg;
+    int ret;
+    int status = 0;
+
+    for (int i = 0; i < LOOP_NUM; i++) {
+        int arg_child = CHILD_FUNC_ARG;
+        auto pid = CloneWrapper(childFunc, CLONE_NEWUSER, &arg_child);
+        if (pid == -1) {
+            return EXIT_CODE_ERRNO_1;
+        }
+
+        ret = waitpid(pid, &status, 0);
+        if (ret != pid) {
+            return EXIT_CODE_ERRNO_2;
+        }
+
+        status = WEXITSTATUS(status);
+        if (status != EXIT_TRUE_CODE) {
+            return EXIT_CODE_ERRNO_3;
+        }
+    }
+
+    exit(EXIT_TRUE_CODE);
+}
+
+void ItUserContainer005(void)
+{
+    int ret;
+    int status = 0;
+    int arg = CHILD_FUNC_ARG;
+    auto pid = CloneWrapper(GroupProcess, CLONE_NEWUSER, &arg);
+    ASSERT_NE(pid, -1);
+
+    ret = waitpid(pid, &status, 0);
+    ASSERT_EQ(ret, pid);
+
+    status = WEXITSTATUS(status);
+    ASSERT_EQ(status, EXIT_TRUE_CODE);
+}

testsuites/unittest/container/smoke/It_user_container_001.cpp

@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2023-2023 Huawei Device Co., Ltd. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice, this list of
+ * conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice, this list
+ * of conditions and the following disclaimer in the documentation and/or other materials
+ * provided with the distribution.
+ *
+ * 3. Neither the name of the copyright holder nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "It_container_test.h"
+using namespace std;
+
+const int RETURN_CODE = 2;
+
+static int childFunc(void *arg)
+{
+    int value = *((int*)arg);
+    if (value != CHILD_FUNC_ARG) {
+        return EXIT_CODE_ERRNO_1;
+    }
+
+    sleep(1);
+    return RETURN_CODE;
+}
+
+void ItUserContainer001(void)
+{
+    int ret;
+    int arg = CHILD_FUNC_ARG;
+    auto pid = CloneWrapper(childFunc, CLONE_NEWUSER, &arg);
+    ASSERT_NE(pid, -1);
+
+    int status;
+    ret = waitpid(pid, &status, 0);
+    ASSERT_EQ(ret, pid);
+
+    ret = WIFEXITED(status);
+    ASSERT_NE(ret, 0);
+
+    int exitCode = WEXITSTATUS(status);
+    ASSERT_EQ(exitCode, RETURN_CODE);
+}
+

testsuites/unittest/container/smoke/It_user_container_002.cpp

@@ -0,0 +1,154 @@
+/*
+ * Copyright (c) 2023-2023 Huawei Device Co., Ltd. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice, this list of
+ * conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice, this list
+ * of conditions and the following disclaimer in the documentation and/or other materials
+ * provided with the distribution.
+ *
+ * 3. Neither the name of the copyright holder nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "It_container_test.h"
+#include "sys/utsname.h"
+
+const int EXIT_TRUE_CODE = 255;
+const int TEST_SET_OLD_ID = 1001;
+const int TEST_SET_NEW_ID = 4;
+static const int SLEEP_TIME = 3;
+
+std::string GetIdMapPath(int pid, const std::string& mapType)
+{
+    std::ostringstream buf;
+    buf << "/proc/" << pid << "/" << mapType;
+    return buf.str();
+}
+
+int WriteIdMap(int pid)
+{
+    std::string uidMapPath = GetIdMapPath(pid, "uid_map");
+    std::string gidMapPath = GetIdMapPath(pid, "gid_map");
+
+    const char* idMapStr = "0 1000 1\n1 1001 1\n2 1002 1\n3 1003 1\n4 1004 1\n";
+    int strLen = strlen(idMapStr);
+    int uidMap = open(uidMapPath.c_str(), O_WRONLY);
+    if (uidMap == -1) {
+        return EXIT_CODE_ERRNO_1;
+    }
+
+    int ret = write(uidMap, idMapStr, strLen);
+    if (ret != strLen) {
+        close(uidMap);
+        return EXIT_CODE_ERRNO_2;
+    }
+    close(uidMap);
+
+    int gidMap = open(gidMapPath.c_str(), O_WRONLY);
+    if (gidMap == -1) {
+        close(gidMap);
+        return EXIT_CODE_ERRNO_3;
+    }
+
+    ret = write(gidMap, idMapStr, strLen);
+    if (ret != strLen) {
+        close(gidMap);
+        return EXIT_CODE_ERRNO_4;
+    }
+
+    close(gidMap);
+    return 0;
+}
+
+static int childFunc(void *arg)
+{
+    (void)arg;
+    sleep(SLEEP_TIME);
+
+    int newUid = getuid();
+    if (newUid != 1) {
+        return EXIT_CODE_ERRNO_1;
+    }
+
+    int newGid = getgid();
+    if (newGid != 1) {
+        return EXIT_CODE_ERRNO_2;
+    }
+
+    int ret = setuid(TEST_SET_NEW_ID);
+    if (ret != 0) {
+        return EXIT_CODE_ERRNO_3;
+    }
+
+    ret = setgid(TEST_SET_NEW_ID);
+    if (ret != 0) {
+        return EXIT_CODE_ERRNO_4;
+    }
+
+    newUid = getuid();
+    if (newUid != TEST_SET_NEW_ID) {
+        return EXIT_CODE_ERRNO_5;
+    }
+
+    newGid = getgid();
+    if (newGid != TEST_SET_NEW_ID) {
+        return EXIT_CODE_ERRNO_6;
+    }
+
+    exit(EXIT_TRUE_CODE);
+}
+
+void ItUserContainer002(void)
+{
+    int ret = setuid(TEST_SET_OLD_ID);
+    ASSERT_EQ(ret, 0);
+
+    int oldUid = getuid();
+    ASSERT_EQ(oldUid, TEST_SET_OLD_ID);
+
+    ret = setgid(TEST_SET_OLD_ID);
+    ASSERT_EQ(ret, 0);
+
+    int oldGid = getgid();
+    ASSERT_EQ(oldGid, TEST_SET_OLD_ID);
+
+    int arg = CHILD_FUNC_ARG;
+    auto pid = CloneWrapper(childFunc, CLONE_NEWUSER, &arg);
+    ASSERT_NE(pid, -1);
+
+    ret = WriteIdMap(pid);
+    ASSERT_EQ(ret, 0);
+
+    int status;
+    ret = waitpid(pid, &status, 0);
+    ASSERT_EQ(ret, pid);
+
+    status = WEXITSTATUS(status);
+    ASSERT_EQ(status, EXIT_TRUE_CODE);
+
+    int oldUid1 = getuid();
+    ASSERT_EQ(oldUid1, TEST_SET_OLD_ID);
+
+    int oldGid1 = getgid();
+    ASSERT_EQ(oldGid1, TEST_SET_OLD_ID);
+
+    ASSERT_EQ(oldUid, oldUid1);
+    ASSERT_EQ(oldGid, oldGid1);
+}

testsuites/unittest/container/smoke/It_user_container_003.cpp

@@ -0,0 +1,142 @@
+/*
+ * Copyright (c) 2023-2023 Huawei Device Co., Ltd. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice, this list of
+ * conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice, this list
+ * of conditions and the following disclaimer in the documentation and/or other materials
+ * provided with the distribution.
+ *
+ * 3. Neither the name of the copyright holder nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "It_container_test.h"
+#include "sys/utsname.h"
+
+const int EXIT_TRUE_CODE = 255;
+const int MAX_PID_RANGE = 100000;
+const int TEST_SET_OLD_ID = 1001;
+const int TEST_SET_NEW_ID = 4;
+
+std::string GetIdMapPath(int pid, const std::string& mapType);
+int WriteIdMap(int pid);
+
+static int TestMap(int oldUid, int oldGid)
+{
+    pid_t pid = getpid();
+    int ret = WriteIdMap(pid);
+    if (ret != 0) {
+        return EXIT_CODE_ERRNO_6;
+    }
+
+    int newUid = getuid();
+    if (newUid != 1) {
+        return EXIT_CODE_ERRNO_7;
+    }
+
+    int newGid = getgid();
+    if (newGid != 1) {
+        return EXIT_CODE_ERRNO_8;
+    }
+
+    ret = setuid(TEST_SET_NEW_ID);
+    if (ret != 0) {
+        return EXIT_CODE_ERRNO_9;
+    }
+
+    ret = setgid(TEST_SET_NEW_ID);
+    if (ret != 0) {
+        return EXIT_CODE_ERRNO_10;
+    }
+
+    newUid = getuid();
+    if (newUid != TEST_SET_NEW_ID) {
+        return EXIT_CODE_ERRNO_11;
+    }
+
+    newGid = getgid();
+    if (newGid != TEST_SET_NEW_ID) {
+        exit(1);
+    }
+
+    if (oldUid == newUid) {
+        return EXIT_CODE_ERRNO_12;
+    }
+
+    if (oldGid == newGid) {
+        return EXIT_CODE_ERRNO_13;
+    }
+    return 0;
+}
+
+static int childFunc(void *arg)
+{
+    (void)arg;
+    int ret;
+    int oldUid;
+    int oldGid;
+
+    ret = setuid(TEST_SET_OLD_ID);
+    if (ret != 0) {
+        return EXIT_CODE_ERRNO_1;
+    }
+
+    oldUid = getuid();
+    if (oldUid != TEST_SET_OLD_ID) {
+        return EXIT_CODE_ERRNO_2;
+    }
+
+    ret = setgid(TEST_SET_OLD_ID);
+    if (ret != 0) {
+        return EXIT_CODE_ERRNO_3;
+    }
+
+    oldGid = getgid();
+    if (oldGid != TEST_SET_OLD_ID) {
+        return EXIT_CODE_ERRNO_4;
+    }
+
+    ret = unshare(CLONE_NEWUSER);
+    if (ret == -1) {
+        return EXIT_CODE_ERRNO_5;
+    }
+
+    ret = TestMap(oldUid, oldGid);
+    if (ret != 0) {
+        return ret;
+    }
+
+    exit(EXIT_TRUE_CODE);
+}
+
+void ItUserContainer003(void)
+{
+    int ret;
+    int status = 0;
+    int arg = CHILD_FUNC_ARG;
+    auto pid = CloneWrapper(childFunc, SIGCHLD, &arg);
+    ASSERT_NE(pid, -1);
+
+    ret = waitpid(pid, &status, 0);
+    ASSERT_EQ(ret, pid);
+
+    status = WEXITSTATUS(status);
+    ASSERT_EQ(status, EXIT_TRUE_CODE);
+}

testsuites/unittest/container/smoke/It_user_container_004.cpp

@@ -0,0 +1,107 @@
+/*
+ * Copyright (c) 2023-2023 Huawei Device Co., Ltd. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice, this list of
+ * conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice, this list
+ * of conditions and the following disclaimer in the documentation and/or other materials
+ * provided with the distribution.
+ *
+ * 3. Neither the name of the copyright holder nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sched.h>
+#include <unistd.h>
+#include <string>
+#include <iostream>
+#include "It_container_test.h"
+
+const int EXIT_TRUE_CODE = 255;
+const int MAX_PID_RANGE = 100000;
+
+static int childFunc(void *arg)
+{
+    (void)arg;
+    std::string containerType = "user";
+    std::string childlink;
+    std::string filePath;
+    std::string parentlink1;
+    int fd;
+    int ret;
+    int status;
+    int parentPid = getpid();
+
+    auto parentlink = ReadlinkContainer(parentPid, containerType);
+    int childsPid = CloneWrapper(ChildFunction, CLONE_NEWUSER, NULL);
+    if (childsPid == -1) {
+        return EXIT_CODE_ERRNO_1;
+    }
+
+    childlink = ReadlinkContainer(childsPid, containerType);
+    filePath = GenContainerLinkPath(childsPid, containerType);
+    fd = open(filePath.c_str(), O_RDONLY);
+    if (fd == -1) {
+        return EXIT_CODE_ERRNO_2;
+    }
+
+    ret = setns(fd, CLONE_NEWUSER);
+    if (ret == -1) {
+        close(fd);
+        return EXIT_CODE_ERRNO_3;
+    }
+
+    parentlink1 = ReadlinkContainer(parentPid, containerType);
+
+    close(fd);
+
+    ret = waitpid(childsPid, &status, 0);
+    if (ret != childsPid) {
+        return EXIT_CODE_ERRNO_4;
+    }
+
+    ret = parentlink.compare(parentlink1);
+    if (ret == 0) {
+        return EXIT_CODE_ERRNO_5;
+    }
+
+    ret = parentlink1.compare(childlink);
+    if (ret != 0) {
+        return EXIT_CODE_ERRNO_6;
+    }
+
+    exit(EXIT_TRUE_CODE);
+}
+
+void ItUserContainer004(void)
+{
+
+    int ret;
+    int status = 0;
+    int arg = CHILD_FUNC_ARG;
+    auto pid = CloneWrapper(childFunc, SIGCHLD, &arg);
+    ASSERT_NE(pid, -1);
+
+    ret = waitpid(pid, &status, 0);
+    ASSERT_EQ(ret, pid);
+
+    status = WEXITSTATUS(status);
+    ASSERT_EQ(status, EXIT_TRUE_CODE);
+}