CN111078367A - Request processing method and device, electronic equipment and storage medium - Google Patents
Request processing method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN111078367A CN111078367A CN201911338427.1A CN201911338427A CN111078367A CN 111078367 A CN111078367 A CN 111078367A CN 201911338427 A CN201911338427 A CN 201911338427A CN 111078367 A CN111078367 A CN 111078367A
- Authority
- CN
- China
- Prior art keywords
- container
- program
- privilege
- instruction
- privileged
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 21
- 238000000034 method Methods 0.000 claims abstract description 26
- 230000008569 process Effects 0.000 claims abstract description 15
- 238000012544 monitoring process Methods 0.000 claims abstract description 13
- 238000012545 processing Methods 0.000 claims abstract description 12
- 238000004590 computer program Methods 0.000 claims description 6
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 claims description 2
- 239000003795 chemical substances by application Substances 0.000 description 49
- 238000010586 diagram Methods 0.000 description 7
- 230000007246 mechanism Effects 0.000 description 7
- 230000003287 optical effect Effects 0.000 description 6
- 230000006870 function Effects 0.000 description 3
- 239000013307 optical fiber Substances 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The embodiment of the invention discloses a request processing method, a request processing device, electronic equipment and a storage medium. The method comprises the following steps: monitoring operation requests sent by application programs in each container in real time based on an agent executive program, wherein the agent executive program is a system daemon process running on the host machine; if a target operation request sent by an application program in a target container is monitored, determining a privileged instruction included in the target operation request based on an agent executive program; and executing corresponding privileged operation according to the privileged instruction based on the agent executive program, and feeding back an execution result to the application program in the target container. The embodiment of the invention realizes the purpose that the application program in the common container can execute the privileged operation on the host machine by setting the agent executive program on the container host machine, wherein the agent executive program is a system daemon process running on the host machine, and the agent executive program executes the corresponding privileged operation according to the operation request of the application program in the container.
Description
Technical Field
The embodiment of the invention relates to the technical field of computers, in particular to a request processing method and device, electronic equipment and a storage medium.
Background
The container is a system virtualization technology, and is an application program running mechanism which is generally adopted at present. Containers running on the same host machine share the kernel of the host machine operating system, and in order to avoid that a single container operates the kernel of the host machine to influence all the containers of the whole host machine, application programs in the containers are usually prohibited from directly accessing the kernel of the host machine and equipment on the host machine and executing privileged operations and commands, for example, the starting of a daemon service process running on the host machine is prohibited; forbidding to load and unload the kernel module, forbidding to modify kernel parameters and forbidding to directly access the equipment mounted on the host machine; access to the dynamically created device and kernel resources is prohibited.
Currently, two mechanisms are commonly employed in the prior art to allow containers to perform some privileged operations and commands: one is to add specific privileges by configuring the container start parameter, e.g. by adding specific rights to the container via an add-cap parameter, e.g. allowing a certain process of KILL (— add-cap ═ KILL), and by allowing the container to access a specified host device, e.g. cdrom (— device ═ dev/sr 0). The mode has complex configuration, does not support dynamic modification of the container in operation, is not flexible enough and has limited applicable scenes. Another is to set a container as a privileged container, so that the application of the privileged container has the same right as the application of the host, for example, to access the kernel and device of the host. However, this approach still has certain disadvantages: when a certain container is set as a privileged container, the whole host needs to be completely exposed to the privileged container, including system directories such as/dev,/proc,/sys, etc., so that an application program in the privileged container can access or modify any system files on the host, and thus a security vulnerability exists. Meanwhile, in addition to the above drawbacks, both mechanisms cannot implement the starting of the daemon on the host machine.
Disclosure of Invention
Embodiments of the present invention provide a request processing method, apparatus, electronic device, and storage medium, so as to achieve the purpose that an application program in a common container can controllably execute any privileged operation and command on a host.
In a first aspect, an embodiment of the present invention provides a request processing method, which is applied to a container host, where the container host includes at least one container, and each container has an application installed therein, and the method includes:
monitoring operation requests sent by application programs in each container in real time based on an agent executive program, wherein the agent executive program is a system daemon process running on the host machine;
if a target operation request sent by an application program in a target container is monitored, determining a privileged instruction included in the target operation request based on the agent executive program;
and executing corresponding privileged operation according to the privileged instruction based on the agent executive program, and feeding back an execution result to the application program in the target container.
In a second aspect, an embodiment of the present invention further provides a request processing method apparatus, configured on a container host, where the container host includes at least one container, and each container has an application installed therein, and the apparatus includes:
the monitoring module is used for monitoring operation requests sent by application programs in all containers in real time based on an agent executive program, wherein the agent executive program is a system daemon process running on the host machine;
the instruction determining module is used for determining a privileged instruction included in a target operation request based on the agent executive program if the target operation request sent by an application program in a target container is monitored;
and the execution module is used for executing corresponding privileged operation according to the privileged instruction based on the agent executive program and feeding back an execution result to the application program in the target container.
In a third aspect, an embodiment of the present invention further provides an electronic device, including:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement a request processing method according to any embodiment of the present invention.
In a fourth aspect, the embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the request processing method according to any embodiment of the present invention.
The embodiment of the invention sets the agent executive program on the container host machine, and the agent executive program is a system daemon process running on the host machine, so that the agent executive program monitors the operation request sent by the application program in any common container and then executes corresponding privileged operation according to the privileged instruction included in the request. Therefore, the purpose that the application program in the common container can execute privileged operation and command on the host machine is achieved.
Drawings
FIG. 1a is a flowchart illustrating a request processing method according to a first embodiment of the present invention;
FIG. 1b is a schematic structural diagram of a container host according to a first embodiment of the present invention;
FIG. 2 is a flowchart illustrating a request processing method according to a second embodiment of the present invention;
FIG. 3 is a schematic structural diagram of a request processing apparatus according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device in a fourth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1a is a flowchart of a request processing method according to an embodiment of the present invention, where this embodiment is applicable to a case where an application in a general container needs to execute a privileged operation on a host, for example, the application in the general container accesses a kernel and a device of the host, and the method may be executed by a request processing apparatus, which may be implemented in a software and/or hardware manner and may be integrated on an electronic device, for example, a container host.
As shown in fig. 1a, the request processing method specifically includes:
s101, monitoring operation requests sent by application programs in each container in real time based on an agent executive program, wherein the agent executive program is a system daemon process running on the host machine.
In the embodiment of the invention, the container is based on mechanisms such as resource control management and a name space mechanism of a Linux kernel, takes a file system packaged in a container mirror image as a root directory, runs an application program contained in the container mirror image on a container host, limits the upper limit of resources such as a CPU (Central processing Unit), a memory and the like allowed to be used by the container application program through the resource control management mechanism, and creates an isolated running environment for the application program in the container through the name space mechanism.
Referring to fig. 1b, a schematic structural diagram of a container host is shown, where the container host includes at least one container, such as a container 1 and a container 2, an application is deployed in each container, an agent executive is further set on the container host, and the agent executive is a system daemon running on the container host, so that the agent executive can perform some privileged operations and commands on the container host. And optionally, the agent executive monitors the operation request sent by the application in each container in real time by monitoring unix sockets of var/run/cmdagen. It should be noted that, in order to implement snooping, unix sockets/var/run/cmdagent.sock needs to be transferred into each container in advance, and when an application program in the container needs to execute a certain privileged operation and command on the container host, a request corresponding to the privileged operation and command is written into the unix sockets and sent to the proxy execution program through a remote call interface of the container host.
S102, if a target operation request sent by an application program in a target container is monitored, determining a privileged instruction included in the target operation request based on the agent executive program.
The target operation request is sent by an application program in the target container through a remote call interface of the container host, so that after receiving the target operation request, the agent executive program analyzes the target operation request according to a corresponding remote call protocol to obtain a privilege instruction included in the target operation request, wherein the privilege instruction can be exemplarily used for accessing a directory of the container host, modifying a kernel parameter of the container host and the like.
S103, executing corresponding privilege operation according to the privilege instruction based on the agent executive program, and feeding back an execution result to the application program in the target container.
Because the agent executive program runs in the background of the container host machine in a system daemon mode, the agent executive program performs any privileged operation. Therefore, after obtaining the privileged instruction, the agent executive executes the corresponding privileged operation, for example, the privileged instruction is a docker run (starts a new container instruction), and after obtaining the privileged instruction, the agent executive executes the docker run command to start a new container. Further, referring to fig. 1b, after the privileged operation corresponding to the privileged instruction is executed, the execution result is fed back to the application program in the target container, for example, the related information of the newly started container is fed back to the application program in the target container, and for example, the privileged instruction is to access the file in the directory a, and after the access operation is executed, the file in the directory a is fed back to the application program in the target container.
The embodiment of the invention sets the agent executive program on the container host machine, and the agent executive program is a system daemon process running on the host machine, so that the agent executive program monitors the operation request sent by the application program in any common container and then executes corresponding privileged operation according to the privileged instruction included in the request. Therefore, the purpose that the application program in the common container can execute privileged operation and command on the host machine is achieved.
Example two
Fig. 2 is a schematic flow chart of a request processing method according to a second embodiment of the present invention, which is optimized based on the foregoing embodiment, and as shown in fig. 2, the request processing method includes:
s201, monitoring operation requests sent by application programs in each container in real time based on an agent executive program, wherein the agent executive program is a system daemon process running on the host machine.
S202, if a target operation request sent by an application program in a target container is monitored, determining a privileged instruction included in the target operation request based on the agent executive program.
In the embodiment of the present invention, in order to further ensure the security of the container host, a white list or a black list may be configured in advance, and optionally, the configuration control on the container host in fig. 1b may be used to set the white list, where the white list includes a privilege instruction allowing the application program of each container to be executed on the host, and a directory and a file allowing access; the blacklist includes privileged instructions that prohibit applications of each container from executing on the host, as well as directories and files that are prohibited from being accessed. Therefore, after determining the privileged instruction included in the target operation request based on the agent executive, if the white list is pre-configured on the container host, S203 is performed, and if the black list is pre-configured on the container host, S204 is performed.
S203, judging whether the privilege instruction is in a preset white list or not, and if so, executing corresponding privilege operation according to the privilege instruction based on an agent executive program.
And S204, judging whether the privilege instruction is in a preset blacklist or not, and if not, executing corresponding privilege operation according to the privilege instruction based on an agent execution program.
And S205, feeding back the execution result to the application program in the target container.
In the embodiment of the application, after the privilege instruction included in the target operation request is determined, whether the privilege instruction exists in a preset white list or a black list is judged to determine whether to execute corresponding privilege operation according to the privilege instruction, so that influence on other containers of the host machine due to execution of a certain unauthorized privilege instruction is avoided, and the safety of the host machine system is ensured.
EXAMPLE III
Fig. 3 is a schematic structural diagram of a request processing apparatus according to a third embodiment of the present invention, the apparatus is configured on a container host, the container host includes at least one container, and each container has an application installed therein, as shown in fig. 3, the apparatus includes:
a monitoring module 301, configured to monitor, in real time, an operation request sent by an application program in each container based on an agent executive program, where the agent executive program is a system daemon running on the host;
an instruction determining module 302, configured to determine, based on the proxy executive program, a privileged instruction included in a target operation request if the target operation request sent by an application program in a target container is monitored;
and the execution module 303 is configured to execute a corresponding privileged operation according to the privileged instruction based on the agent executive, and feed back an execution result to the application program in the target container.
The embodiment of the invention sets the agent executive program on the container host machine, and the agent executive program is a system daemon process running on the host machine, so that the agent executive program monitors the operation request sent by the application program in any common container and then executes corresponding privileged operation according to the privileged instruction included in the request. Therefore, the purpose that the application program in the common container can execute privileged operation and command on the host machine is achieved.
Optionally, the executing module includes:
and the first judgment execution unit is used for judging whether the privilege instruction is in a preset white list or not, and executing corresponding privilege operation according to the privilege instruction based on an agent executive program when the judgment result is yes, wherein the white list comprises the privilege instruction allowing the application program of each container to be executed on the host machine.
Optionally, the executing module includes:
and the second judgment execution unit is used for judging whether the privilege instruction is in a preset blacklist or not, and executing corresponding privilege operation according to the privilege instruction based on an agent execution program when the judgment result is negative, wherein the blacklist comprises the privilege instructions which forbid the application programs of all containers from being executed on the host machine.
Optionally, the target operation request is sent by an application program in the target container through a remote call interface of the container host.
The request processing device provided by the embodiment of the invention can execute the request processing method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
Example four
Fig. 4 is a schematic structural diagram of an electronic device according to a fourth embodiment of the present invention. FIG. 4 illustrates a block diagram of an exemplary electronic device 12 suitable for use in implementing embodiments of the present invention. The electronic device 12 shown in fig. 4 is only an example and should not bring any limitation to the function and the scope of use of the embodiment of the present invention.
As shown in FIG. 4, electronic device 12 is embodied in the form of a general purpose computing device. The components of electronic device 12 may include, but are not limited to: one or more processors or processing units 16, a system memory 28, and a bus 18 that couples various system components including the system memory 28 and the processing unit 16.
The system memory 28 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM)30 and/or cache memory 32. The electronic device 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 4, and commonly referred to as a "hard drive"). Although not shown in FIG. 4, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to bus 18 by one or more data media interfaces. Memory 28 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
A program/utility 40 having a set (at least one) of program modules 42 may be stored, for example, in memory 28, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may comprise an implementation of a network environment. Program modules 42 generally carry out the functions and/or methodologies of the described embodiments of the invention.
The processing unit 16 executes various functional applications and data processing by executing programs stored in the system memory 28, for example, implementing a request processing method applied to a container host provided by an embodiment of the present invention, where the container host includes at least one container, and each container has an application program installed therein, and the method includes:
monitoring operation requests sent by application programs in each container in real time based on an agent executive program, wherein the agent executive program is a system daemon process running on the host machine;
if a target operation request sent by an application program in a target container is monitored, determining a privileged instruction included in the target operation request based on the agent executive program;
and executing corresponding privileged operation according to the privileged instruction based on the agent executive program, and feeding back an execution result to the application program in the target container.
EXAMPLE five
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a request processing method applied to a container host according to an embodiment of the present invention, where the container host includes at least one container, and each container has an application program installed therein, and the method includes:
monitoring operation requests sent by application programs in each container in real time based on an agent executive program, wherein the agent executive program is a system daemon process running on the host machine;
if a target operation request sent by an application program in a target container is monitored, determining a privileged instruction included in the target operation request based on the agent executive program;
and executing corresponding privileged operation according to the privileged instruction based on the agent executive program, and feeding back an execution result to the application program in the target container.
Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (10)
1. A request processing method applied to a container host, wherein the container host comprises at least one container, and each container has an application program installed therein, the method comprising:
monitoring operation requests sent by application programs in each container in real time based on an agent executive program, wherein the agent executive program is a system daemon process running on the host machine;
if a target operation request sent by an application program in a target container is monitored, determining a privileged instruction included in the target operation request based on the agent executive program;
and executing corresponding privileged operation according to the privileged instruction based on the agent executive program, and feeding back an execution result to the application program in the target container.
2. The method of claim 1, wherein performing, by the agent-based executive, the corresponding operation according to the privileged instruction comprises:
and judging whether the privilege instruction is in a preset white list or not, and if so, executing corresponding privilege operation according to the privilege instruction based on an agent executive program, wherein the white list comprises the privilege instruction allowing the application program of each container to be executed on the host machine.
3. The method of claim 1, wherein performing, by the agent-based executive, the corresponding operation according to the privileged instruction comprises:
and judging whether the privilege instruction is in a preset blacklist or not, and if not, executing corresponding privilege operation according to the privilege instruction based on an agent execution program, wherein the blacklist comprises privilege instructions for forbidding application programs of all containers to be executed on a host machine.
4. The method of claim 1, wherein the target operation request is sent by an application within the target container through a remote invocation interface of the container host.
5. A request processing apparatus configured to a container host including at least one container on which an application is installed, the apparatus comprising:
the monitoring module is used for monitoring operation requests sent by application programs in all containers in real time based on an agent executive program, wherein the agent executive program is a system daemon process running on the host machine;
the instruction determining module is used for determining a privileged instruction included in a target operation request based on the agent executive program if the target operation request sent by an application program in a target container is monitored;
and the execution module is used for executing corresponding privileged operation according to the privileged instruction based on the agent executive program and feeding back an execution result to the application program in the target container.
6. The apparatus of claim 5, wherein the execution module comprises:
and the first judgment execution unit is used for judging whether the privilege instruction is in a preset white list or not, and executing corresponding privilege operation according to the privilege instruction based on an agent executive program when the judgment result is yes, wherein the white list comprises the privilege instruction allowing the application program of each container to be executed on the host machine.
7. The apparatus of claim 5, wherein the execution module comprises:
and the second judgment execution unit is used for judging whether the privilege instruction is in a preset blacklist or not, and executing corresponding privilege operation according to the privilege instruction based on an agent execution program when the judgment result is negative, wherein the blacklist comprises the privilege instructions which forbid the application programs of all containers from being executed on the host machine.
8. The apparatus of claim 5, wherein the target operation request is sent by an application in the target container through a remote invocation interface of the container host.
9. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement a request processing method as recited in any of claims 1-4.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out a request processing method according to any one of claims 1 to 4.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911338427.1A CN111078367A (en) | 2019-12-23 | 2019-12-23 | Request processing method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911338427.1A CN111078367A (en) | 2019-12-23 | 2019-12-23 | Request processing method and device, electronic equipment and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111078367A true CN111078367A (en) | 2020-04-28 |
Family
ID=70316762
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911338427.1A Pending CN111078367A (en) | 2019-12-23 | 2019-12-23 | Request processing method and device, electronic equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111078367A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113765799A (en) * | 2020-06-05 | 2021-12-07 | 中兴通讯股份有限公司 | Method for transmitting and receiving container message, storage medium and container communication system |
US20210382739A1 (en) * | 2020-06-04 | 2021-12-09 | Microsoft Technology Licensing, Llc | Partially Privileged Lightweight Virtualization Environments |
CN113791865A (en) * | 2021-09-08 | 2021-12-14 | 山石网科通信技术股份有限公司 | Container security processing method and device, storage medium and processor |
CN117408060A (en) * | 2023-10-13 | 2024-01-16 | 上海同星智能科技有限公司 | Whole vehicle model simulation performance optimization method, storage medium and electronic equipment |
CN117408061A (en) * | 2023-10-13 | 2024-01-16 | 上海同星智能科技有限公司 | Whole vehicle model simulation performance optimization system and computer device |
US11995449B2 (en) | 2019-12-16 | 2024-05-28 | Microsoft Technology Licensing, Llc | Layered composite boot device and file system for operating system booting in file system virtualization environments |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106919812A (en) * | 2015-12-26 | 2017-07-04 | 腾讯科技(深圳)有限公司 | A kind of application process right management method and device |
WO2019168957A1 (en) * | 2018-03-01 | 2019-09-06 | Veritas Technologies Llc | Systems and methods for running applications on a multi-tenant container platform |
CN110362382A (en) * | 2019-06-24 | 2019-10-22 | 湖南麒麟信安科技有限公司 | A kind of vessel safety partition method, system and medium |
CN110427248A (en) * | 2019-07-12 | 2019-11-08 | 中国人民解放军国防科技大学 | Container-based lightweight user environment construction method, system and medium |
-
2019
- 2019-12-23 CN CN201911338427.1A patent/CN111078367A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106919812A (en) * | 2015-12-26 | 2017-07-04 | 腾讯科技(深圳)有限公司 | A kind of application process right management method and device |
WO2019168957A1 (en) * | 2018-03-01 | 2019-09-06 | Veritas Technologies Llc | Systems and methods for running applications on a multi-tenant container platform |
CN110362382A (en) * | 2019-06-24 | 2019-10-22 | 湖南麒麟信安科技有限公司 | A kind of vessel safety partition method, system and medium |
CN110427248A (en) * | 2019-07-12 | 2019-11-08 | 中国人民解放军国防科技大学 | Container-based lightweight user environment construction method, system and medium |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11995449B2 (en) | 2019-12-16 | 2024-05-28 | Microsoft Technology Licensing, Llc | Layered composite boot device and file system for operating system booting in file system virtualization environments |
US20210382739A1 (en) * | 2020-06-04 | 2021-12-09 | Microsoft Technology Licensing, Llc | Partially Privileged Lightweight Virtualization Environments |
CN113765799A (en) * | 2020-06-05 | 2021-12-07 | 中兴通讯股份有限公司 | Method for transmitting and receiving container message, storage medium and container communication system |
CN113791865A (en) * | 2021-09-08 | 2021-12-14 | 山石网科通信技术股份有限公司 | Container security processing method and device, storage medium and processor |
CN113791865B (en) * | 2021-09-08 | 2024-07-26 | 山石网科通信技术股份有限公司 | Container security processing method and device, storage medium and processor |
CN117408060A (en) * | 2023-10-13 | 2024-01-16 | 上海同星智能科技有限公司 | Whole vehicle model simulation performance optimization method, storage medium and electronic equipment |
CN117408061A (en) * | 2023-10-13 | 2024-01-16 | 上海同星智能科技有限公司 | Whole vehicle model simulation performance optimization system and computer device |
CN117408061B (en) * | 2023-10-13 | 2024-05-03 | 上海同星智能科技有限公司 | Whole vehicle model simulation performance optimization system and computer device |
CN117408060B (en) * | 2023-10-13 | 2024-05-14 | 上海同星智能科技有限公司 | Whole vehicle model simulation performance optimization method, storage medium and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111078367A (en) | Request processing method and device, electronic equipment and storage medium | |
US10057364B2 (en) | Method and apparatus for remotely running application program | |
US11301562B2 (en) | Function execution based on data locality and securing integration flows | |
US8171504B1 (en) | System and method for using virtual machine for driver installation sandbox | |
JP4676744B2 (en) | Security-related programming interface | |
EP2734949B1 (en) | Trust level activation | |
US8713582B2 (en) | Providing policy-based operating system services in an operating system on a computing system | |
US20150248554A1 (en) | Systems And Methods For Executing Arbitrary Applications In Secure Environments | |
US8893306B2 (en) | Resource management and security system | |
US8677449B1 (en) | Exposing data to virtual machines | |
US10228993B2 (en) | Data dump for a memory in a data processing system | |
US20220083364A1 (en) | Reconciler sandboxes for secure kubernetes operators | |
CN108334779B (en) | Application processing method, device and computing storage medium | |
US8352948B2 (en) | Method to automatically ReDirect SRB routines to a zIIP eligible enclave | |
EP3633507B1 (en) | Technologies for secure and efficient native code invocation for firmware services | |
KR20060063643A (en) | Improving operating system performance | |
US20150058926A1 (en) | Shared Page Access Control Among Cloud Objects In A Distributed Cloud Environment | |
US11068613B2 (en) | Differentiating and managing identical USB devices | |
US5742826A (en) | Object encapsulation protection apparatus | |
KR101731920B1 (en) | Mobile terminal and control method thereof | |
US20230065645A1 (en) | Storage Provisioning | |
CN114371908A (en) | Cloud application program operation method and device | |
US9858085B2 (en) | Information processing including BIOS apparatus, information processing method thereof, and storage medium | |
WO2018153113A1 (en) | Information protection method and device | |
CN115617496B (en) | Method, device, electronic equipment and medium for communication between user mode and kernel mode |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20201221 Address after: F456, 1st floor, No. 1089, Huihe South Street, Banbidian village, Gaobeidian Township, Chaoyang District, Beijing 100023 Applicant after: Beijing Yunlian Yiyun Technology Co.,Ltd. Address before: Room 727, 7 / F, 101, 1-7 / F, building 5, yard 14, Jiuxianqiao Road, Chaoyang District, Beijing Applicant before: BEIJING YUNLIAN WANVI TECHNOLOGY Co.,Ltd. |
|
TA01 | Transfer of patent application right | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200428 |
|
RJ01 | Rejection of invention patent application after publication |