Virtualized file system
First Claim
1. A computer-implemented method of controlling access to all files of a file system, comprising using a processor of a computer to perform:
- responsive to invocation of each of a plurality of applications for execution by any particular one of a plurality of users of a file system, automatically creating, by a file system access layer that controls all access to all files of the file system, a user-specific and application-specific file system view for each of the invoked applications;
automatically adding to the file system view, by the file system access layer, a copy of all files created by or changed by each of the invoked applications as the each application executes on behalf of the particular user, wherein for each of the invoked applications;
all changes made by the invoked application to each added file, as the invoked application executes on behalf of the particular user, are made only to the copy added to the file system view;
the automatically creating and the automatically adding are configured to prohibit the user from adding files to, or removing files from, the file system view for the invoked application; and
the automatically creating and the automatically adding thereby isolate the files in the file system view created for the invoked application as the invoked application executes on behalf of the particular user from access by any of the other users and from access by any other application executed by the particular user; and
upon completion of each of the executed applications invoked by the particular user, persisting the created file system view created therefor, such that the automatically-added copy of each of the changed or created files is available for a next execution of the completed application by the particular user through use of the persisted file system view.
1 Assignment
0 Petitions
Accused Products
Abstract
File system views are created for each application executed by a user, where this user-specific view comprises operating system files needed to run the application and file system changes made with this application for this user. Changes made to the file system during execution are allowed (in accordance with the user'"'"'s permissions), but by default, those changes are not visible to other applications or to other users. Optionally, a user or administrator may specify that one or more file system views are to be accessible from other views. The view-specific isolation of file system changes applies also to system files and meta-data alterations that might be made to the operating system. In one alternative approach, file system views may be created for an application without regard to individual users, where that application'"'"'s view is then used for all users who execute the application.
20 Citations
17 Claims
-
1. A computer-implemented method of controlling access to all files of a file system, comprising using a processor of a computer to perform:
-
responsive to invocation of each of a plurality of applications for execution by any particular one of a plurality of users of a file system, automatically creating, by a file system access layer that controls all access to all files of the file system, a user-specific and application-specific file system view for each of the invoked applications; automatically adding to the file system view, by the file system access layer, a copy of all files created by or changed by each of the invoked applications as the each application executes on behalf of the particular user, wherein for each of the invoked applications; all changes made by the invoked application to each added file, as the invoked application executes on behalf of the particular user, are made only to the copy added to the file system view; the automatically creating and the automatically adding are configured to prohibit the user from adding files to, or removing files from, the file system view for the invoked application; and the automatically creating and the automatically adding thereby isolate the files in the file system view created for the invoked application as the invoked application executes on behalf of the particular user from access by any of the other users and from access by any other application executed by the particular user; and upon completion of each of the executed applications invoked by the particular user, persisting the created file system view created therefor, such that the automatically-added copy of each of the changed or created files is available for a next execution of the completed application by the particular user through use of the persisted file system view. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system accessible on a computing system for controlling access to all files of a file system, comprising:
-
a computer comprising a processor; and instructions which are executable, using the processor, to carry out functions comprising; responsive to invocation of each of a plurality of applications for execution by any particular one of a plurality of users of a file system, automatically creating, by a file system access layer that controls all access to all files of the file system, a user-specific and application-specific file system view for each of the invoked applications; automatically adding to the file system view, by the file system access layer, a copy of all files created by or changed by each of the invoked applications as the each application executes on behalf of the particular user, wherein for each of the invoked applications; all changes made by the invoked application to each added file, as the invoked application executes on behalf of the particular user, are made only to the copy added to the file system view; the automatically creating and the automatically adding are configured to prohibit the user from adding files to, or removing files from, the file system view for the invoked application; and the automatically creating and the automatically adding thereby isolate the files in the file system view created for the invoked application as the invoked application executes on behalf of the particular user from access by any of the other users and from access by any other application executed by the particular user; and upon completion of each of the executed applications invoked by the particular user, persisting the created file system view created therefor, such that the automatically-added copy of each of the changed or created files is available for a next execution of the completed application by the particular user through use of the persisted file system view. - View Dependent Claims (17)
-
-
16. A computer program product for controlling access to all files of a file system, the computer program product comprising computer-readable code embodied on one or more non-transitory computer-usable storage media, the computer-readable code comprising instructions that when executed on a computer cause the computer to:
-
responsive to invocation of each of a plurality of applications for execution by any particular one of a plurality of users of a file system, automatically create, by a file system access layer that controls all access to all files of the file system, a user-specific and application-specific file system view for each of the invoked applications; automatically add to the file system view, by the file system access layer, a copy of all files created by or changed by each of the invoked applications as the each application executes on behalf of the particular user, wherein for each of the invoked applications; all changes made by the invoked application to each added file, as the invoked application executes on behalf of the particular user, are made only to the copy added to the file system view; the automatically creating and the automatically adding are configured to prohibit the user from adding files to, or removing files from, the file system view for the invoked application; and the automatically creating and the automatically adding thereby isolate the files in the file system view created for the invoked application as the invoked application executes on behalf of the particular user from access by any of the other users and from access by any other application executed by the particular user; and upon completion of each of the executed applications invoked by the particular user, persist the created file system view created therefor, such that the automatically-added copy of each of the changed or created files is available for a next execution of the completed application by the particular user through use of the persisted file system view.
-
Specification