Using virtual hierarchies to build alternative namespaces
First Claim
Patent Images
1. A system for restricting access to resources comprising:
- an operating system module adapted to serve a system environment, the system environment associated with a global physical hierarchy comprising a plurality of nodes representing resources and an isolated environment within the system environment associated with a view of the global physical hierarchy, the view constraining access of an entity executing in the isolated environment to a subset of the resources, the operating system module adapted to generating the view by creation of a virtual hierarchy in volatile storage only, the virtual hierarchy not persisted to non-volatile storage and wherein the entity'"'"'s sole access to the subset of the resources is via the virtual hierarchy.
3 Assignments
0 Petitions
Accused Products
Abstract
A containment mechanism provides for the grouping and isolation of multiple processes running on a single computer using a single instance of the operating system. A system is divided into one or more side-by-side and/or nested isolated environments enabling the partitioning and controlled sharing of resources by creating different views of hierarchical name spaces via virtual hierarchies.
-
Citations
20 Claims
-
1. A system for restricting access to resources comprising:
an operating system module adapted to serve a system environment, the system environment associated with a global physical hierarchy comprising a plurality of nodes representing resources and an isolated environment within the system environment associated with a view of the global physical hierarchy, the view constraining access of an entity executing in the isolated environment to a subset of the resources, the operating system module adapted to generating the view by creation of a virtual hierarchy in volatile storage only, the virtual hierarchy not persisted to non-volatile storage and wherein the entity'"'"'s sole access to the subset of the resources is via the virtual hierarchy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
10. A method of providing a view of a global name space to an entity executing in an isolated environment comprising:
-
generating the isolated environment within a system environment via an operating system image, the operating system image serving the isolated environment and the system environment, the system environment associated with a global physical hierarchy on non-volatile storage and the isolated environment associated with a view of the global physical hierarchy; and
generating the view by creating a virtual hierarchy that provides the entity access to only a subset of the global physical hierarchy, the virtual hierarchy stored only in volatile storage. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A computer-readable medium comprising computer-executable instructions for:
restricting a set of resources available to a process, group of processes, application or group of applications running in a silo by creating a virtual hierarchy accessed by the process, the group of processes, the application or the group of applications, the virtual hierarchy comprising a plurality of virtual nodes at least one of which comprises a link to a physical hierarchy comprising a plurality of physical nodes, the virtual hierarchy providing sole access to a node in the physical hierarchy via a link from a node in the virtual hierarchy to the node in the physical hierarchy. - View Dependent Claims (18, 19, 20)
Specification