Interprocess communication within operating system partitions

US 20040226023A1
Filed: 01/27/2004
Published: 11/11/2004
Est. Priority Date: 05/09/2003
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

in a global operating system environment controlled by a single operating system kernel instance, establishing a non-global zone for isolating processes from processes in other non-global zones, wherein the non-global zone has a unique zone identifier;

receiving from a first process executing in association with the non-global zone a first request to create a communications object;

in response to receiving the first request, creating a communications object, wherein the communications object has the unique zone identifier of the first process associated therewith;

receiving from a second process a second request to initiate communications using the communications object;

in response to receiving the second request, determining if the second process is associated with the non-global zone having the unique zone identifier of the communications object; and

denying the second request if the second process is not associated with the non-global zone having the unique zone identifier of the communications object.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some embodiments, techniques for controlling inter-process communications in a single kernel instance operating system partitioned into a global zone and one or more non-global zones. In one embodiment, a method is provided. The method can include establishing a non-global zone for isolating processes from processes in other non-global zones in a global operating system environment controlled by a single kernel instance. The method can include, responsive to a first request, creating a communications object having a unique identifier corresponding to the non-global zone of a process making the first request. The method may include, responsive to a second request, initiating a communications using the communications object for a process making the second request, if the process making the second request is determined to be associated with the non-global zone having a unique identifier matching the unique identifier of the communications object.

124 Citations

View as Search Results

27 Claims

1. A method comprising:
- in a global operating system environment controlled by a single operating system kernel instance, establishing a non-global zone for isolating processes from processes in other non-global zones, wherein the non-global zone has a unique zone identifier;
  
  receiving from a first process executing in association with the non-global zone a first request to create a communications object;
  
  in response to receiving the first request, creating a communications object, wherein the communications object has the unique zone identifier of the first process associated therewith;
  
  receiving from a second process a second request to initiate communications using the communications object;
  
  in response to receiving the second request, determining if the second process is associated with the non-global zone having the unique zone identifier of the communications object; and
  
  denying the second request if the second process is not associated with the non-global zone having the unique zone identifier of the communications object.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - permitting the second request if the second process is associated with the non-global zone having the same unique zone identifier of the communications object.
  - 3. The method of claim 1, wherein the communications object has an object identifier, and wherein creating a communications object further comprises:
    - creating a communications object having a communications object identifier;
      
      associating a zone identifier of the requesting process with the communications object;
      
      storing the communications object identifier and the zone identifier in a structure for managing communications objects in the non-global zone comprising the first process;
      
      thereby enabling a first communications object in a first non-global zone and a second communications object in a second non-global zone to use identical communications object identifiers.
  - 4. The method of claim 3, wherein the communications object identifier comprises at least one of an address, a socket identifier, a port, a flex address, a semaphore identifier, a message queue identifier, a shared memory segment identifier, a pipe and a stream identifier.
  - 5. The method of claim 1, wherein establishing a non-global zone for isolating processes from processes in other non-global zones further comprises:
    - creating a non-global zone;
      
      associating a unique identifier with the non-global zone; and
      
      creating a data structure for managing information about communications objects associated with the non-global zone.
  - 6. The method of claim 1, wherein receiving from a second process a request to initiate communications using the communications object comprises receiving a request from a requestor process in a first non-global zone to communicate with a recipient process in a second non-global zone, the method further comprising:
    - retrieving credentials for the requestor process, the credentials comprising a zone identifier indicating a non-global zone to which the requester process is bound;
      
      verifying that the requestor process is authorized to communicate with the recipient process across a non-global zone boundary based upon the credentials; and
      
      establishing a communication path between the requestor process and the recipient process via the global operating system environment if the requestor process is authorized.
  - 7. The method of claim 1, wherein the communications object comprises at least one of a loopback transport provider, a semaphore, a shared memory segment, a message queue and an event channel.

8. A method comprising:
- in a global operating system environment controlled by a single operating system kernel instance, establishing a non-global zone for isolating processes from processes in other non-global zones;
  
  mounting a file system to a global file system of the global operating system environment at a point accessible by processes in one non-global zone;
  
  establishing a file system location in the file system of the non-global zone;
  
  establishing a communications object within the file system location;
  
  establishing access permissions for the file system locations;
  
  receiving from a first process a request to initiate communications using the communications object;
  
  in response to receiving the request, determining if the first process is authorized to access the file system location of the communications object;
  
  denying the request if the first process is not authorized to access the file system location of the communications object.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8, wherein the first communication object and the second communications object employ at least one of a pipe, a stream, a socket, a POSIX inter-process communications and a doors interface.
  - 10. The method of claim 8, wherein receiving from a first process a request to initiate communications using the communications object comprises receiving a request from a first processes in a first non-global zone to communicate with a second processes in a second non-global zone, the method further comprising:
    - retrieving credentials for the first process, the credentials comprising a zone identifier indicating a non-global zone to which the first process is bound;
      
      verifying that the first process is authorized to communicate with the second process across a non-global zone boundary based upon the credentials; and
      
      establishing a communication path between the first process and the second process if the first process is authorized.
  - 11. The method of claim 10, wherein the first process in the first non-global zone communicates with the second process in the second non-global zone using at least one of an event channel and a doors interface.

12. A method comprising:
- establishing a non-global zone for isolating processes from processes in other non-global zones in a global operating system environment;
  
  responsive to a first request, creating a communications object having a unique identifier corresponding to the non-global zone of a process making the first request; and
  
  responsive to a second request, initiating a communications using the communications object for a process making the second request, if the process making the second request is determined to be associated with the non-global zone having a unique identifier matching the unique identifier of the communications object.

13. A computer readable medium, comprising:
- instructions for causing one or more processors to establish a non-global zone for isolating processes from processes in other non-global zones in an operating system environment controlled by a single operating system kernel instance, wherein the non-global zone has a unique zone identifier;
  
  instructions for causing one or more processors to receive from a first process executing in association with the non-global zone a first request to create a communications object;
  
  instructions for causing one or more processors to create a communications object, in response to receiving the first request, wherein the communications object has the unique zone identifier of the first process associated therewith;
  
  instructions for causing one or more processors to receive from a second process a second request to initiate communications using the communications object;
  
  instructions for causing one or more processors to determine, in response to receiving the second request, if the second process is associated with the non-global zone having the unique zone identifier of the communications object; and
  
  instructions for causing one or more processors to deny the second request if the second process is not associated with the non-global zone having the unique zone identifier of the communications object.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The computer readable medium of claim 13, further comprising:
    - instructions for causing one or more processors to permit the second request if the second process is associated with the non-global zone having the same unique zone identifier of the communications object.
  - 15. The computer readable medium of claim 13, wherein the communications object has an object identifier, and wherein instructions for causing one or more processors to create a communications object further comprise:
    - instructions for causing one or more processors to create a communications object having a communications object identifier;
      
      instructions for causing one or more processors to associate a zone identifier of the requesting process with the communications object; and
      
      instructions for causing one or more processors to store the communications object identifier and the zone identifier in a structure for managing communications objects in the non-global zone comprising the first process;
      
      thereby enabling a first communications object in a first non-global zone and a second communications object in a second non-global zone to use identical communications object identifiers.
  - 16. The computer readable medium of claim 15, wherein a communications object identifier comprises at least one of an address, a socket identifier, a port, a flex address, a semaphore identifier, a message queue identifier, a shared memory segment identifier, a pipe and a stream identifier.
  - 17. A computer readable medium of claim 13, wherein instructions for causing one or more processors to establish a non-global zone for isolating processes from processes in other non-global zones further comprises:
    - instructions for causing one or more processors to create a non-global zone;
      
      instructions for causing one or more processors to associate a unique identifier with the non-global zone; and
      
      instructions for causing one or more processors to create a data structure for managing information about communications objects associated with the non-global zone.
  - 18. A computer readable medium of claim 13, wherein instructions for causing one or more processors to receive from a second process a request to initiate communications using the communications object comprises instructions for causing one or more processors to receive a request from a requestor process in a first non-global zone to communicate with a recipient process in a second non-global zone, the computer readable medium further comprising:
    - instructions for causing one or more processors to retrieve credentials for the requestor process, the credentials comprising a zone identifier indicating a non-global zone to which the requestor process is bound;
      
      instructions for causing one or more processors to verify that the requestor process is authorized to communicate with the recipient process across a non-global zone boundary based upon the credentials; and
      
      instructions for causing one or more processors to establish a communication path between the requestor process and the recipient process via the global operating system environment if the requestor process is authorized.
  - 19. A computer readable medium of claim 13, wherein the communications object comprises at least one of a loopback transport provider, a semaphore, a shared memory segment, a message queue and an event channel.

20. A computer readable medium, comprising:
- instructions for causing one or more processors to establish a non-global zone for isolating processes from processes in other non-global zones in a global operating system environment controlled by a single operating system kernel instance;
  
  instructions for causing one or more processors to mount a file system to a global file system of the global operating system environment at a point accessible by processes in one non-global zone;
  
  instructions for causing one or more processors to establish a file system location in the file system of the non-global zone;
  
  instructions for causing one or more processors to establish a communications object within the file system location;
  
  instructions for causing one or more processors to establish access permissions for the file system locations;
  
  instructions for causing one or more processors to receive from a first process a request to initiate communications using the communications object;
  
  instructions for causing one or more processors to determine, in response to receiving the request, if the first process is authorized to access the file system location of the communications object; and
  
  instructions for causing one or more processors to deny the request if the first process is not authorized to access the file system location of the communications object.
- View Dependent Claims (21, 22, 23)
- - 21. The computer readable medium of claim 20, wherein the first communication object and the second communications object employ at least one of a pipe, a stream, a socket, a POSIX inter-process communications and a doors interface.
  - 22. A computer readable medium of claim 20, wherein the instructions for causing one or more processors to receive from a first process a request to initiate communications using the communications object comprise instructions for causing one or more processors to receive a request from a first processes in a first non-global zone to communicate with a second processes in a second non-global zone, the computer readable medium further comprising:
    - instructions for causing one or more processors to retrieve credentials for the first process, the credentials comprising a zone identifier indicating a non-global zone to which the first process is bound;
      
      instructions for causing one or more processors to verify that the first process is authorized to communicate with the second process across a non-global zone boundary based upon the credentials; and
      
      instructions for causing one or more processors to establish a communication path between the first process and the second process if the first process is authorized.
  - 23. A computer readable medium of claim 22, wherein the first processes in the first non-global zone communicates with the second processes in the second non-global zone using at least one of an event channel and a doors interface.

24. A computer readable medium comprising:
- instructions for causing one or more processors to establish a non-global zone for isolating processes from processes in other non-global zones in a global operating system environment;
  
  instructions for causing one or more processors to create a communications object responsive to a first request, the communications object having a unique identifier corresponding to the non-global zone of a process making the first request; and
  
  instructions for causing one or more processors to initiate a communications using the communications object responsive to a second request, if the process making the second request is determined to be associated with the non-global zone having a unique identifier matching the unique identifier of the communications object.

25. An apparatus, comprising:
- means for establishing a non-global zone for isolating processes from processes in other non-global zones in a global operating system environment controlled by a single operating system kernel instance, wherein the non-global zone has a unique zone identifier;
  
  means for receiving from a first process executing in association with the non-global zone a first request to create a communications object;
  
  means for creating a communications object, in response to receiving the first request, wherein the communications object has the unique zone identifier of the first process associated therewith;
  
  means for receiving from a second process a second request to initiate communications using the communications object;
  
  means for determining, in response to receiving the second request, if the second process is associated with the non-global zone having the unique zone identifier of the communications object; and
  
  means for denying the second request if the second process is not associated with the non-global zone having the unique zone identifier of the communications object.

26. An apparatus, comprising:
- means for establishing a non-global zone for isolating processes from processes in other non-global zones in a global operating system environment controlled by a single operating system kernel instance;
  
  means for mounting a file system to a global file system of the global operating system environment at a point accessible by processes in one non-global zone;
  
  means for establishing a file system location in the file system of the non-global zone;
  
  means for establishing a communications object within the file system location;
  
  means for establishing access permissions for the file system locations;
  
  means for receiving from a first process a request to initiate communications using the communications object;
  
  means for determining, in response to receiving the request, if the first process is authorized to access the file system location of the communications object; and
  
  means for denying the request if the first process is not authorized to access the file system location of the communications object.

27. An apparatus, comprising:
- means for establishing a non-global zone for isolating processes from processes in other non-global zones in a global operating system environment;
  
  means for creating, responsive to a first request, a communications object having a unique identifier corresponding to the non-global zone of a process making the first request; and
  
  means for initiating, responsive to a second request, communications using the communications object for a process making the second request, if the process making the second request is determined to be associated with the non-global zone having a unique identifier matching the unique identifier of the communications object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Tucker, Andrew G.

Granted Patent

US 7,389,512 B2
Time in Patent Office

Days
Field of Search
US Class Current

719/315
CPC Class Codes

G06F 21/53 by executing in a restricte...

G06F 9/54 Interprogram communication

Interprocess communication within operating system partitions

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

124 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Interprocess communication within operating system partitions

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

124 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links