Virtualized file system

US 8,732,220 B2
Filed: 06/15/2005
Issued: 05/20/2014
Est. Priority Date: 06/15/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method of controlling access to all files of a file system, comprising using a processor of a computer to perform:

responsive to invocation of each of a plurality of applications for execution by any particular one of a plurality of users of a file system, automatically creating, by a file system access layer that controls all access to all files of the file system, a user-specific and application-specific file system view for each of the invoked applications;

automatically adding to the file system view, by the file system access layer, a copy of all files created by or changed by each of the invoked applications as the each application executes on behalf of the particular user, wherein for each of the invoked applications;

all changes made by the invoked application to each added file, as the invoked application executes on behalf of the particular user, are made only to the copy added to the file system view;

the automatically creating and the automatically adding are configured to prohibit the user from adding files to, or removing files from, the file system view for the invoked application; and

the automatically creating and the automatically adding thereby isolate the files in the file system view created for the invoked application as the invoked application executes on behalf of the particular user from access by any of the other users and from access by any other application executed by the particular user; and

upon completion of each of the executed applications invoked by the particular user, persisting the created file system view created therefor, such that the automatically-added copy of each of the changed or created files is available for a next execution of the completed application by the particular user through use of the persisted file system view.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

File system views are created for each application executed by a user, where this user-specific view comprises operating system files needed to run the application and file system changes made with this application for this user. Changes made to the file system during execution are allowed (in accordance with the user'"'"'s permissions), but by default, those changes are not visible to other applications or to other users. Optionally, a user or administrator may specify that one or more file system views are to be accessible from other views. The view-specific isolation of file system changes applies also to system files and meta-data alterations that might be made to the operating system. In one alternative approach, file system views may be created for an application without regard to individual users, where that application'"'"'s view is then used for all users who execute the application.

20 Citations

View as Search Results

17 Claims

1. A computer-implemented method of controlling access to all files of a file system, comprising using a processor of a computer to perform:
- responsive to invocation of each of a plurality of applications for execution by any particular one of a plurality of users of a file system, automatically creating, by a file system access layer that controls all access to all files of the file system, a user-specific and application-specific file system view for each of the invoked applications;
  
  automatically adding to the file system view, by the file system access layer, a copy of all files created by or changed by each of the invoked applications as the each application executes on behalf of the particular user, wherein for each of the invoked applications;
  
  all changes made by the invoked application to each added file, as the invoked application executes on behalf of the particular user, are made only to the copy added to the file system view;
  
  the automatically creating and the automatically adding are configured to prohibit the user from adding files to, or removing files from, the file system view for the invoked application; and
  
  the automatically creating and the automatically adding thereby isolate the files in the file system view created for the invoked application as the invoked application executes on behalf of the particular user from access by any of the other users and from access by any other application executed by the particular user; and
  
  upon completion of each of the executed applications invoked by the particular user, persisting the created file system view created therefor, such that the automatically-added copy of each of the changed or created files is available for a next execution of the completed application by the particular user through use of the persisted file system view.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The computer-implemented method according to claim 1, wherein the user-specific and application-specific file system view comprises a plurality of files.
  - 3. The computer-implemented method according to claim 2, wherein at least one of the files in the user-specific and application-specific file system view for each of the invoked applications is an operating system file for an operating system under control of which the invoked application executes.
  - 4. The computer-implemented method according to claim 1, wherein:
    - the file system access layer comprises a plurality of invocable application programming interface routines, each of which provides a different type of file access; and
      
      each of the invoked applications invokes ones of the routines, according to a desired type of file access, to access files needed by the invoked application as the invoked application executes.
  - 5. The computer-implemented method according to claim 4, further comprising:
    - receiving, by the file system access layer, a request by the invoked application to read data from a particular file;
      
      reading the data from a copy of the particular file in the file system view created for the invoked application and user from which the request is received, if the copy is available in the file system view; and
      
      reading the data from a base version of the particular file, otherwise.
  - 6. The computer-implemented method according to claim 4, further comprising:
    - receiving, by the file system access layer, a request by the invoked application to write data to a particular file;
      
      writing the data to a copy of the particular file in the file system view created for the invoked application and user from which the request is received, if the copy is available in the file system view; and
      
      storing, in the file system view, a copy of the particular file made from a base version thereof, and writing the data to the stored copy, otherwise.
  - 7. The computer-implemented method according to claim 4, further comprising:
    - receiving, by the file system access layer, a request by the invoked application to delete a particular file; and
      
      deleting a copy of the file from the file system view created for the invoked application and user from which the request is received, if the copy is available in the file system view, and otherwise not performing the requested deletion.
  - 8. The computer-implemented method according to claim 1, further comprising enabling the particular user to grant non-update permission for accessing the file system view created for each of the invoked applications to one or more other applications.
  - 9. The computer-implemented method according to claim 1, further comprising enabling the particular user to grant non-update permission for accessing the file system view created for each of the invoked applications to one or more other users.
  - 10. The computer-implemented method according to claim 9, wherein any copies of files in the file system view for which non-update permission is granted to other users are thereby accessible to the other users for read access.
  - 11. The computer-implemented method according to claim 1, further comprising removing, from the file system by the file system access layer, all changes made to any files of the file system, for the particular user when executing any of the invoked applications, by removing the user-specific and application-specific file system view created for each of the any invoked application.
  - 12. The computer-implemented method according to claim 1, further comprising removing, from the file system by the file system access layer, all changes made to any files of the file system, for the particular user, by removing all of the user-specific and application-specific file system views created for each of the any invoked application executed on behalf of the particular user.
  - 13. The computer-implemented method according to claim 1, wherein the copy is created, by the file system access layer, from a base version of the file.
  - 14. The computer-implemented method according to claim 1, wherein the copy is created, by the file system access layer, from a stacked copy of the file, the stacked copy corresponding to a stacked file system view, the stacked file system view being one which the corresponding file system view is logically stacked upon.

15. A system accessible on a computing system for controlling access to all files of a file system, comprising:
- a computer comprising a processor; and
  
  instructions which are executable, using the processor, to carry out functions comprising;
  
  responsive to invocation of each of a plurality of applications for execution by any particular one of a plurality of users of a file system, automatically creating, by a file system access layer that controls all access to all files of the file system, a user-specific and application-specific file system view for each of the invoked applications;
  
  automatically adding to the file system view, by the file system access layer, a copy of all files created by or changed by each of the invoked applications as the each application executes on behalf of the particular user, wherein for each of the invoked applications;
  
  all changes made by the invoked application to each added file, as the invoked application executes on behalf of the particular user, are made only to the copy added to the file system view;
  
  the automatically creating and the automatically adding are configured to prohibit the user from adding files to, or removing files from, the file system view for the invoked application; and
  
  the automatically creating and the automatically adding thereby isolate the files in the file system view created for the invoked application as the invoked application executes on behalf of the particular user from access by any of the other users and from access by any other application executed by the particular user; and
  
  upon completion of each of the executed applications invoked by the particular user, persisting the created file system view created therefor, such that the automatically-added copy of each of the changed or created files is available for a next execution of the completed application by the particular user through use of the persisted file system view.
- View Dependent Claims (17)
- - 17. The system according to claim 15, wherein the functions further comprise:
    - removing, from the file system by the file access layer, all changes made to any files of the file system, by any application executing on behalf of the particular user, by removing the user-specific and application-specific file system view created for each of the any invoked application.

16. A computer program product for controlling access to all files of a file system, the computer program product comprising computer-readable code embodied on one or more non-transitory computer-usable storage media, the computer-readable code comprising instructions that when executed on a computer cause the computer to:
- responsive to invocation of each of a plurality of applications for execution by any particular one of a plurality of users of a file system, automatically create, by a file system access layer that controls all access to all files of the file system, a user-specific and application-specific file system view for each of the invoked applications;
  
  automatically add to the file system view, by the file system access layer, a copy of all files created by or changed by each of the invoked applications as the each application executes on behalf of the particular user, wherein for each of the invoked applications;
  
  all changes made by the invoked application to each added file, as the invoked application executes on behalf of the particular user, are made only to the copy added to the file system view;
  
  the automatically creating and the automatically adding are configured to prohibit the user from adding files to, or removing files from, the file system view for the invoked application; and
  
  the automatically creating and the automatically adding thereby isolate the files in the file system view created for the invoked application as the invoked application executes on behalf of the particular user from access by any of the other users and from access by any other application executed by the particular user; and
  
  upon completion of each of the executed applications invoked by the particular user, persist the created file system view created therefor, such that the automatically-added copy of each of the changed or created files is available for a next execution of the completed application by the particular user through use of the persisted file system view.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Do, Phuc K., Pierce, Justin M.
Primary Examiner(s)
Choi, Yuk Ting

Application Number

US11/153,846
Publication Number

US 20060288034A1
Time in Patent Office

3,261 Days
Field of Search

None
US Class Current

707/831
CPC Class Codes

G06F 16/188   Virtual file systems

G06F 21/57   Certifying or maintaining t...

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

Virtualized file system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Virtualized file system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links