Enabling resource access for secure application containers
First Claim
1. A method comprising:
- identifying, by a processor, a tracing wrapper for an application to be executed by the processor, the tracing wrapper to track an event associated with an interaction of the application with one or more system resources;
executing, by the processor, an instance of the application using an application account having access to the one or more system resources;
determining, by the processor, a first system resource of the one or more system resources used by the application in view of the tracing wrapper;
copying, by the processor, the application to a secure container to be executed by the processor using a container account associated with the secure container, the secure container is isolated from access to the one or more system resources; and
providing, by the processor, the container account with access to the first system resource of the one or more system resources.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the disclosure enable resource access for secure application containers. In accordance with one embodiment, a method is provided that comprises identifying a tracing wrapper for an application to be executed by a process. The tracing wrapper to track an event associated with an interaction of the application with one or more system resources. An instance of the application is executed by the process using an application account having access to the system resources. A first system resource of the system resources is determined to be used by the application in view of the tracing wrapper. The application is then copied to a secure container to be executed by the process using a container account of the secure container. The secure container is isolated from access to the one or more system resources. Thereupon, the container account is provided access to the first system resource.
-
Citations
20 Claims
-
1. A method comprising:
-
identifying, by a processor, a tracing wrapper for an application to be executed by the processor, the tracing wrapper to track an event associated with an interaction of the application with one or more system resources; executing, by the processor, an instance of the application using an application account having access to the one or more system resources; determining, by the processor, a first system resource of the one or more system resources used by the application in view of the tracing wrapper; copying, by the processor, the application to a secure container to be executed by the processor using a container account associated with the secure container, the secure container is isolated from access to the one or more system resources; and providing, by the processor, the container account with access to the first system resource of the one or more system resources. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
a memory to store a secure container; and a processor, operatively coupled to the memory, to; identify a tracing wrapper for an application to be executed by the processor, the tracing wrapper to track an event associated with an interaction of the application with one or more system resources; execute an instance of the application using an application account having access to the one or more system resources; determine a first system resource of the one or more system resources used by the application in view of the tracing wrapper; copy the application to the secure container to be executed by the processor using a container account associated with the secure container, the secure container is isolated from access to the one or more system resources; and provide the container account with access to the first system resource of the one or more system resources. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable storage medium comprising executable instructions that when executed, by a processor, cause the processor to:
-
identify, by the processor, a tracing wrapper for an application to be executed by the processor, the tracing wrapper to track an event associated with an interaction of the application with one or more system resources; execute an instance of the application using an application account having access to the one or more system resources; determine a first system resource of the one or more system resources used by the application in view of the tracing wrapper; copy the application to a secure container to be executed by the processor using a container account associated with the secure container, the secure container is isolated from access to the one or more system resources; and provide the container account access to the first system resource of the one or more system resources. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification