Interprocess communication within operating system partitions
First Claim
1. A method comprising:
- in a global operating system environment controlled by a single operating system kernel instance, establishing a non-global zone for isolating processes from processes in other non-global zones, wherein the non-global zone has a unique zone identifier;
receiving from a first process executing in association with the non-global zone a first request to create a communications object;
in response to receiving the first request, creating a communications object, wherein the communications object has the unique zone identifier of the first process associated therewith;
receiving from a second process a second request to initiate communications using the communications object;
in response to receiving the second request, determining if the second process is associated with the non-global zone having the unique zone identifier of the communications object; and
denying the second request if the second process is not associated with the non-global zone having the unique zone identifier of the communications object.
2 Assignments
0 Petitions
Accused Products
Abstract
In some embodiments, techniques for controlling inter-process communications in a single kernel instance operating system partitioned into a global zone and one or more non-global zones. In one embodiment, a method is provided. The method can include establishing a non-global zone for isolating processes from processes in other non-global zones in a global operating system environment controlled by a single kernel instance. The method can include, responsive to a first request, creating a communications object having a unique identifier corresponding to the non-global zone of a process making the first request. The method may include, responsive to a second request, initiating a communications using the communications object for a process making the second request, if the process making the second request is determined to be associated with the non-global zone having a unique identifier matching the unique identifier of the communications object.
124 Citations
27 Claims
-
1. A method comprising:
-
in a global operating system environment controlled by a single operating system kernel instance, establishing a non-global zone for isolating processes from processes in other non-global zones, wherein the non-global zone has a unique zone identifier;
receiving from a first process executing in association with the non-global zone a first request to create a communications object;
in response to receiving the first request, creating a communications object, wherein the communications object has the unique zone identifier of the first process associated therewith;
receiving from a second process a second request to initiate communications using the communications object;
in response to receiving the second request, determining if the second process is associated with the non-global zone having the unique zone identifier of the communications object; and
denying the second request if the second process is not associated with the non-global zone having the unique zone identifier of the communications object. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
in a global operating system environment controlled by a single operating system kernel instance, establishing a non-global zone for isolating processes from processes in other non-global zones;
mounting a file system to a global file system of the global operating system environment at a point accessible by processes in one non-global zone;
establishing a file system location in the file system of the non-global zone;
establishing a communications object within the file system location;
establishing access permissions for the file system locations;
receiving from a first process a request to initiate communications using the communications object;
in response to receiving the request, determining if the first process is authorized to access the file system location of the communications object;
denying the request if the first process is not authorized to access the file system location of the communications object. - View Dependent Claims (9, 10, 11)
-
-
12. A method comprising:
-
establishing a non-global zone for isolating processes from processes in other non-global zones in a global operating system environment;
responsive to a first request, creating a communications object having a unique identifier corresponding to the non-global zone of a process making the first request; and
responsive to a second request, initiating a communications using the communications object for a process making the second request, if the process making the second request is determined to be associated with the non-global zone having a unique identifier matching the unique identifier of the communications object.
-
-
13. A computer readable medium, comprising:
-
instructions for causing one or more processors to establish a non-global zone for isolating processes from processes in other non-global zones in an operating system environment controlled by a single operating system kernel instance, wherein the non-global zone has a unique zone identifier;
instructions for causing one or more processors to receive from a first process executing in association with the non-global zone a first request to create a communications object;
instructions for causing one or more processors to create a communications object, in response to receiving the first request, wherein the communications object has the unique zone identifier of the first process associated therewith;
instructions for causing one or more processors to receive from a second process a second request to initiate communications using the communications object;
instructions for causing one or more processors to determine, in response to receiving the second request, if the second process is associated with the non-global zone having the unique zone identifier of the communications object; and
instructions for causing one or more processors to deny the second request if the second process is not associated with the non-global zone having the unique zone identifier of the communications object. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A computer readable medium, comprising:
-
instructions for causing one or more processors to establish a non-global zone for isolating processes from processes in other non-global zones in a global operating system environment controlled by a single operating system kernel instance;
instructions for causing one or more processors to mount a file system to a global file system of the global operating system environment at a point accessible by processes in one non-global zone;
instructions for causing one or more processors to establish a file system location in the file system of the non-global zone;
instructions for causing one or more processors to establish a communications object within the file system location;
instructions for causing one or more processors to establish access permissions for the file system locations;
instructions for causing one or more processors to receive from a first process a request to initiate communications using the communications object;
instructions for causing one or more processors to determine, in response to receiving the request, if the first process is authorized to access the file system location of the communications object; and
instructions for causing one or more processors to deny the request if the first process is not authorized to access the file system location of the communications object. - View Dependent Claims (21, 22, 23)
-
-
24. A computer readable medium comprising:
-
instructions for causing one or more processors to establish a non-global zone for isolating processes from processes in other non-global zones in a global operating system environment;
instructions for causing one or more processors to create a communications object responsive to a first request, the communications object having a unique identifier corresponding to the non-global zone of a process making the first request; and
instructions for causing one or more processors to initiate a communications using the communications object responsive to a second request, if the process making the second request is determined to be associated with the non-global zone having a unique identifier matching the unique identifier of the communications object.
-
-
25. An apparatus, comprising:
-
means for establishing a non-global zone for isolating processes from processes in other non-global zones in a global operating system environment controlled by a single operating system kernel instance, wherein the non-global zone has a unique zone identifier;
means for receiving from a first process executing in association with the non-global zone a first request to create a communications object;
means for creating a communications object, in response to receiving the first request, wherein the communications object has the unique zone identifier of the first process associated therewith;
means for receiving from a second process a second request to initiate communications using the communications object;
means for determining, in response to receiving the second request, if the second process is associated with the non-global zone having the unique zone identifier of the communications object; and
means for denying the second request if the second process is not associated with the non-global zone having the unique zone identifier of the communications object.
-
-
26. An apparatus, comprising:
-
means for establishing a non-global zone for isolating processes from processes in other non-global zones in a global operating system environment controlled by a single operating system kernel instance;
means for mounting a file system to a global file system of the global operating system environment at a point accessible by processes in one non-global zone;
means for establishing a file system location in the file system of the non-global zone;
means for establishing a communications object within the file system location;
means for establishing access permissions for the file system locations;
means for receiving from a first process a request to initiate communications using the communications object;
means for determining, in response to receiving the request, if the first process is authorized to access the file system location of the communications object; and
means for denying the request if the first process is not authorized to access the file system location of the communications object.
-
-
27. An apparatus, comprising:
-
means for establishing a non-global zone for isolating processes from processes in other non-global zones in a global operating system environment;
means for creating, responsive to a first request, a communications object having a unique identifier corresponding to the non-global zone of a process making the first request; and
means for initiating, responsive to a second request, communications using the communications object for a process making the second request, if the process making the second request is determined to be associated with the non-global zone having a unique identifier matching the unique identifier of the communications object.
-
Specification