Fine-grained privileges in operating system partitions

US 8,892,878 B2
Filed: 01/30/2004
Issued: 11/18/2014
Est. Priority Date: 05/09/2003
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer readable medium comprising a set of one or more instructions which, when executed by one or more processors, cause the one or more processors to perform the method of:

in an operating system environment controlled by a single operating system kernel instance, establishing a global zone comprising a first non-global zone and a second non-global zone,wherein the first non-global zone comprises a first file system and a first set of privileges identifying operations performable by processes associated with the first non-global zone,wherein the second non-global zone comprises a second file system and a second set of privileges identifying operations performable by processes associated with the second non-global zone,wherein the global zone comprises a third file system, a first zoneadmn process to halt the first non-global zone, a second zoneadmn process to halt the second non-global zone, and a third set of privileges identifying operations performable by processes associated with the global zone,wherein the first file system is separate and distinct from the second file system and the third file system, andwherein the second file system is separate and distinct from the third file system;

receiving, from a first process, a first request to perform a first operation on an object, wherein the first process is associated with the global zone;

determining that the object is associated with the first non-global zone;

in response to determining that the object is associated with the first non-global zone, determining whether performing the first operation on the object associated with the first non-global zone is within the third set of privileges;

denying the first request if performing the first operation on the object is not within the third set of privileges;

allowing the first request if performing the first operation on the object is within the third set of privileges;

receiving, from a second process, a second request to perform a second operation on the object, wherein the second process is associated with the second non-global zone; and

denying the second request in response to the second process being in the second non-global zone and the object being in the first non-global zone.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, the present invention provides techniques for managing activities of processes using a fine grained privilege model in an operating system environment partitioned into a global zone and one or more non-global zones for isolating processes from processes executing in association with other non-global zones under control of a single operating kernel instance.

81 Citations

View as Search Results

6 Claims

1. A non-transitory computer readable medium comprising a set of one or more instructions which, when executed by one or more processors, cause the one or more processors to perform the method of:
- in an operating system environment controlled by a single operating system kernel instance, establishing a global zone comprising a first non-global zone and a second non-global zone,wherein the first non-global zone comprises a first file system and a first set of privileges identifying operations performable by processes associated with the first non-global zone,wherein the second non-global zone comprises a second file system and a second set of privileges identifying operations performable by processes associated with the second non-global zone,wherein the global zone comprises a third file system, a first zoneadmn process to halt the first non-global zone, a second zoneadmn process to halt the second non-global zone, and a third set of privileges identifying operations performable by processes associated with the global zone,wherein the first file system is separate and distinct from the second file system and the third file system, andwherein the second file system is separate and distinct from the third file system;
  
  receiving, from a first process, a first request to perform a first operation on an object, wherein the first process is associated with the global zone;
  
  determining that the object is associated with the first non-global zone;
  
  in response to determining that the object is associated with the first non-global zone, determining whether performing the first operation on the object associated with the first non-global zone is within the third set of privileges;
  
  denying the first request if performing the first operation on the object is not within the third set of privileges;
  
  allowing the first request if performing the first operation on the object is within the third set of privileges;
  
  receiving, from a second process, a second request to perform a second operation on the object, wherein the second process is associated with the second non-global zone; and
  
  denying the second request in response to the second process being in the second non-global zone and the object being in the first non-global zone.
- View Dependent Claims (2, 3)
- - 2. The non-transitory computer readable medium of claim 1, whereinthe first set of privileges comprises one or more of:
    - mounting/unmounting a file system, overriding file system permissions, binding to a privileged network port, and controlling other processes with different user identifiers.
  - 3. The non-transitory computer readable medium of claim 1, wherein the third set of privileges comprises one or more of:
    - modifying all process privileges, writing to system administration file, opening device holding kernel memory, modifying operating system code, accessing file systems restricted to root user, setting the system clock, changing scheduling priority of an executing process, reserving resources for an application, directly accessing a network layer and loading kernel modules.

4. A system, comprising:
- at least one processor; and
  
  a memory, storing a set of instructions which, when executed by the at least one processor, cause the at least one processor to perform the method of;
  
  in an operating system environment controlled by a single operating system kernel instance, establishing a global zone comprising a first non-global zone and a second non-global zone,wherein the first non-global zone comprises a first file system and a first set of privileges identifying operations performable by processes associated with the first non-global zone,wherein the second non-global zone comprises a second file system and a second set of privileges identifying operations performable by processes associated with the second non-global zone,wherein the global zone comprises a third file system, a first zoneadmn process to halt the first non-global zone, a second zoneadmn process to halt the second non-global zone, and a third set of privileges identifying operations performable by processes associated with the global zone,wherein the first file system is separate and distinct from the second file system and the third file system, andwherein the second file system is separate and distinct from the third file system;
  
  receiving, from a first process, a first request to perform a first operation on an object, wherein the first process is associated with the global zone;
  
  determining that the object is associated with the first non-global zone;
  
  in response to determining that the object is associated with the first non-global zone, determining whether performing the first operation on the object associated with the first non-global zone is within the third set of privileges; and
  
  denying the first request if performing the first operation on the object is not within the third set of privileges;
  
  allowing the first request if performing the first operation on the object is within the third set of privileges;
  
  receiving, from a second process, a second request to perform a second operation on the object, wherein the second process is associated with the second non-global zone; and
  
  denying the second request in response to the second process being in the second non-global zone and the object being in the first non-global zone.
- View Dependent Claims (5, 6)
- - 5. The system of claim 4, wherein the first set of privileges comprises one or more of:
    - mounting/unmounting a file system, overriding file system permissions, binding to a privileged network port, and controlling other processes with different user.
  - 6. The system of claim 4, wherein the third set of privileges comprises one or more of:
    - modifying all process privileges, writing to system administration file, opening device holding kernel memory, modifying operating system code, accessing file systems restricted to root user, setting the system clock, changing scheduling priority of an executing process, reserving resources for an application, directly accessing a network layer and loading kernel modules.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Original Assignee
Oracle America, Inc. (Oracle Corporation)
Inventors
Tucker, Andrew G., Dik, Casper H.
Primary Examiner(s)
Vaughan, Michael R

Application Number

US10/769,415
Publication Number

US 20040226019A1
Time in Patent Office

3,945 Days
Field of Search

None
US Class Current

713/167
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 21/6281   at program execution time, ...

G06F 9/468   Specific access rights for ...

Fine-grained privileges in operating system partitions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

81 Citations

6 Claims

Specification

Use Cases

Quick Links

Others

Fine-grained privileges in operating system partitions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

81 Citations

6 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others