Fine-grained privileges in operating system partitions
First Claim
Patent Images
1. A non-transitory computer readable medium comprising a set of one or more instructions which, when executed by one or more processors, cause the one or more processors to perform the method of:
- in an operating system environment controlled by a single operating system kernel instance, establishing a global zone comprising a first non-global zone and a second non-global zone,wherein the first non-global zone comprises a first file system and a first set of privileges identifying operations performable by processes associated with the first non-global zone,wherein the second non-global zone comprises a second file system and a second set of privileges identifying operations performable by processes associated with the second non-global zone,wherein the global zone comprises a third file system, a first zoneadmn process to halt the first non-global zone, a second zoneadmn process to halt the second non-global zone, and a third set of privileges identifying operations performable by processes associated with the global zone,wherein the first file system is separate and distinct from the second file system and the third file system, andwherein the second file system is separate and distinct from the third file system;
receiving, from a first process, a first request to perform a first operation on an object, wherein the first process is associated with the global zone;
determining that the object is associated with the first non-global zone;
in response to determining that the object is associated with the first non-global zone, determining whether performing the first operation on the object associated with the first non-global zone is within the third set of privileges;
denying the first request if performing the first operation on the object is not within the third set of privileges;
allowing the first request if performing the first operation on the object is within the third set of privileges;
receiving, from a second process, a second request to perform a second operation on the object, wherein the second process is associated with the second non-global zone; and
denying the second request in response to the second process being in the second non-global zone and the object being in the first non-global zone.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, the present invention provides techniques for managing activities of processes using a fine grained privilege model in an operating system environment partitioned into a global zone and one or more non-global zones for isolating processes from processes executing in association with other non-global zones under control of a single operating kernel instance.
81 Citations
6 Claims
-
1. A non-transitory computer readable medium comprising a set of one or more instructions which, when executed by one or more processors, cause the one or more processors to perform the method of:
-
in an operating system environment controlled by a single operating system kernel instance, establishing a global zone comprising a first non-global zone and a second non-global zone, wherein the first non-global zone comprises a first file system and a first set of privileges identifying operations performable by processes associated with the first non-global zone, wherein the second non-global zone comprises a second file system and a second set of privileges identifying operations performable by processes associated with the second non-global zone, wherein the global zone comprises a third file system, a first zoneadmn process to halt the first non-global zone, a second zoneadmn process to halt the second non-global zone, and a third set of privileges identifying operations performable by processes associated with the global zone, wherein the first file system is separate and distinct from the second file system and the third file system, and wherein the second file system is separate and distinct from the third file system; receiving, from a first process, a first request to perform a first operation on an object, wherein the first process is associated with the global zone; determining that the object is associated with the first non-global zone; in response to determining that the object is associated with the first non-global zone, determining whether performing the first operation on the object associated with the first non-global zone is within the third set of privileges; denying the first request if performing the first operation on the object is not within the third set of privileges; allowing the first request if performing the first operation on the object is within the third set of privileges; receiving, from a second process, a second request to perform a second operation on the object, wherein the second process is associated with the second non-global zone; and denying the second request in response to the second process being in the second non-global zone and the object being in the first non-global zone. - View Dependent Claims (2, 3)
-
-
4. A system, comprising:
-
at least one processor; and a memory, storing a set of instructions which, when executed by the at least one processor, cause the at least one processor to perform the method of; in an operating system environment controlled by a single operating system kernel instance, establishing a global zone comprising a first non-global zone and a second non-global zone, wherein the first non-global zone comprises a first file system and a first set of privileges identifying operations performable by processes associated with the first non-global zone, wherein the second non-global zone comprises a second file system and a second set of privileges identifying operations performable by processes associated with the second non-global zone, wherein the global zone comprises a third file system, a first zoneadmn process to halt the first non-global zone, a second zoneadmn process to halt the second non-global zone, and a third set of privileges identifying operations performable by processes associated with the global zone, wherein the first file system is separate and distinct from the second file system and the third file system, and wherein the second file system is separate and distinct from the third file system; receiving, from a first process, a first request to perform a first operation on an object, wherein the first process is associated with the global zone; determining that the object is associated with the first non-global zone; in response to determining that the object is associated with the first non-global zone, determining whether performing the first operation on the object associated with the first non-global zone is within the third set of privileges; and denying the first request if performing the first operation on the object is not within the third set of privileges; allowing the first request if performing the first operation on the object is within the third set of privileges; receiving, from a second process, a second request to perform a second operation on the object, wherein the second process is associated with the second non-global zone; and denying the second request in response to the second process being in the second non-global zone and the object being in the first non-global zone. - View Dependent Claims (5, 6)
-
Specification