CN112948062A - Transparent transmission method and device for device file and computer storage medium - Google Patents
Transparent transmission method and device for device file and computer storage medium Download PDFInfo
- Publication number
- CN112948062A CN112948062A CN202110520423.6A CN202110520423A CN112948062A CN 112948062 A CN112948062 A CN 112948062A CN 202110520423 A CN202110520423 A CN 202110520423A CN 112948062 A CN112948062 A CN 112948062A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- file
- container
- accessed
- creating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
- G06F8/63—Image based installation; Cloning; Build to order
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45562—Creating, deleting, cloning virtual machine instances
Abstract
The invention discloses a device transparent transmission method, a device and a computer storage medium, wherein the method comprises the following steps: creating a virtual machine image in a first preset mode; starting the virtual machine in a second preset mode based on the virtual machine mirror image; creating a container in the virtual machine in a third preset mode; creating a backup dependent file in the container based on a preset path; according to the preset path, enabling a container in the virtual machine to successfully access the equipment dependent file; based on the transparent transmission strategy of the virtual machine and the accessed device dependent file, enabling a container in the virtual machine to successfully access the device file to be accessed; the method and the device solve the problem that the Kata container fails to access the device file in the virtual machine, and realize that the Kata container successfully accesses the device file of the virtual machine and executes the operation.
Description
Technical Field
The present invention relates to container technologies, and in particular, to a method and an apparatus for transparently transmitting device files, and a computer storage medium.
Background
The technology of directly operating the android system in the container on the physical server has the characteristic of high starting speed, and the started container can directly access the equipment on the physical server. However, all containers on one physical server share the host kernel, and serious potential safety hazards exist. The main goal of the Kata container project is to build a secure container through a lightweight virtual machine. The construction of the Kata container-based virtualization environment can combine the security isolation advantages of the virtual machine with the rapid start-up characteristics of the container.
However, there are two problems with constructing a Kata container-based virtualization environment. On one hand, the Kata container-based container running environment is created by a virtual machine running Kata agent and is not created by a host machine running the virtual machine, and when an android system in the Kata container is started on the host machine running the virtual machine, the device on a physical server cannot be passed through to the Kata container, so that how to pass through the device on the virtual machine to the container is a key technical problem. And the devices required by the android system in the container also depend on other files, which are all required by the android system in the container to normally run, but are dynamically generated by a loading driver during the running of the virtual machine and cannot be generated when the container image is manufactured.
On the other hand, the kernel and root file systems on which the Kata container depends are very compact, so that drivers required for running the android system in the container, such as/dev/binder and the like, are lacked, and the Kata virtual machine cannot dynamically load the driver modules.
Disclosure of Invention
In view of this, embodiments of the present application provide an apparatus unvarnished transmission method, an apparatus, and a computer storage medium, which solve the problem that the Kata container fails to access the device file in the virtual machine to which the Kata container belongs.
The embodiment of the application provides a method for transparently transmitting an equipment file, which comprises the following steps:
creating a virtual machine image in a first preset mode;
starting the virtual machine in a second preset mode based on the virtual machine mirror image;
creating a container in the virtual machine in a third preset mode;
creating a backup dependent file in the container based on a preset path;
according to the preset path, enabling a container in the virtual machine to successfully access the equipment dependent file;
and enabling the container in the virtual machine to successfully access the device file to be accessed based on the transparent transmission strategy of the virtual machine and the accessed device dependent file.
In an embodiment, the creating a virtual machine image in a first preset mode includes:
adding a preset authority of a non-root user to the device file to be accessed in the virtual machine;
compiling the newly added driver in the virtual machine into a kernel built-in mode.
In an embodiment, the starting the virtual machine in the second preset mode based on the virtual machine image includes:
and newly adding equipment parameters corresponding to the equipment file to be accessed in the virtual machine.
In an embodiment, the creating a container in the virtual machine in the third preset mode includes:
and acquiring the equipment data of the virtual machine to create the container based on the configuration data adopted during the registration of the equipment file to be accessed.
In an embodiment, the making, based on the transparent transmission policy of the virtual machine and the accessed device dependent file, a container in the virtual machine successfully access the device file to be accessed includes:
creating a subsystem of a container in the virtual machine based on hardware configuration information of the container;
adding the device file to be accessed to an accessible list of the subsystem;
creating a sub-process;
and enabling the sub-process to access the device file to be accessed in the virtual machine by utilizing the subsystem of the container.
In an embodiment, the creating a device dependency file in the container based on the preset path includes:
acquiring a first path of a root file system of the container in the virtual machine;
acquiring a second path of the device dependent file in the virtual machine;
combining the first path and the second path, constructing a storage directory of the device dependent file in the container, and generating the preset path;
and creating an equipment dependent file in the storage directory in the preset path based on the equipment attribute corresponding to the equipment file to be accessed in the virtual machine.
In an embodiment, the preset permissions of the non-root user at least include readable permissions, writable permissions and executable permissions.
In one embodiment, the configuration data includes at least a primary device number and a secondary device number.
In order to achieve the above object, a computer storage medium is further provided, where a device file transparent transmission method program is stored on the computer storage medium, and when executed by a processor, the method program implements any one of the steps of the device file transparent transmission method described above.
In order to achieve the above object, there is also provided a device for transparently transmitting a device file, including a memory, a processor, and a device file transparently transmitting method program stored on the memory and executable on the processor, where the processor implements the steps of any one of the device file transparently transmitting method methods when executing the device file transparently transmitting method program.
One or more technical solutions provided in the embodiments of the present application have at least the following technical effects or advantages:
creating a virtual machine image in a first preset mode; and creating a virtual machine image through the first preset mode, compiling a newly added drive in the virtual machine into a kernel built-in mode, and adding a non-root user authority to ensure that the virtual machine image created in the first preset mode can provide data for a container to access the file of the device to be accessed.
Starting the virtual machine in a second preset mode based on the virtual machine mirror image; the virtual machine is started by increasing the device parameters and the like required by the device file to be accessed, so that the virtual machine can ensure that the device file to be accessed can be smoothly accessed.
Creating a container in the virtual machine in a third preset mode; when the container is created in the virtual machine through the third preset mode, the device data of the virtual machine may be additionally acquired to ensure that the container created in the virtual machine can access the device file to be accessed in the virtual machine.
Creating a backup dependent file in the container based on a preset path; the method comprises the steps of creating a container in the virtual machine based on a device dependent file in the virtual machine through a preset path so as to ensure that the container can smoothly and successfully access the device file to be accessed in the virtual machine.
According to the preset path, enabling a container in the virtual machine to successfully access the equipment dependent file; and the container in the virtual machine is ensured to successfully access the file of the device to be accessed through the preset path.
Based on the transparent transmission strategy of the virtual machine and the accessed device dependent file, enabling a container in the virtual machine to successfully access the device file to be accessed; the device file to be accessed in the virtual machine is transparently transmitted to the container in the virtual machine through the transparent transmission strategy of the virtual machine, and the accessed device file can be successfully and smoothly accessed by combining the accessed device dependent file.
The embodiment of the application solves the problem that the Kata container fails to access the device file in the virtual machine, and realizes that the Kata container successfully accesses the device file of the virtual machine and executes the operation.
Drawings
FIG. 1 is a schematic flow chart diagram illustrating a first embodiment of a method for file passthrough of a device according to the present application;
fig. 2 is a schematic flowchart illustrating a specific process of step S110 in the first embodiment of the apparatus document transparent transmission method according to the present application;
fig. 3 is a schematic flowchart illustrating a specific process of step S120 in the first embodiment of the apparatus file transparent transmission method according to the present application;
FIG. 4 is a schematic flow chart illustrating a file passthrough method of the present application;
fig. 5 is another specific flowchart illustrating step S130 in the first embodiment of the apparatus document passthrough method according to the present application;
fig. 6 is a schematic flowchart of step S160 in the first embodiment of the apparatus document transparent transmission method according to the present application;
fig. 7 is a schematic flowchart illustrating a specific process of step S140 in the first embodiment of the apparatus document passthrough method of the present application;
FIG. 8 is an exemplary diagram of a Kata virtual machine running a container with an operating system of Android;
FIG. 9 is a comparison of results before and after the application of the method for file passthrough of the device of the present application;
fig. 10 is a schematic hardware architecture diagram of a device file transparent transmission method according to an embodiment of the present application.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The main solution of the embodiment of the invention is as follows: creating a virtual machine image in a first preset mode; starting the virtual machine in a second preset mode based on the virtual machine mirror image; creating a container in the virtual machine in a third preset mode; creating a backup dependent file in the container based on a preset path; according to the preset path, enabling a container in the virtual machine to successfully access the equipment dependent file; based on the transparent transmission strategy of the virtual machine and the accessed device dependent file, enabling a container in the virtual machine to successfully access the device file to be accessed; the method and the device solve the problem that the Kata container fails to access the device file in the virtual machine, and realize that the Kata container successfully accesses the device file of the virtual machine and executes the operation.
In order to better understand the technical solution, the technical solution will be described in detail with reference to the drawings and the specific embodiments.
Referring to fig. 1, fig. 1 is a first embodiment of a transparent transmission method for device files of the present application, the method including:
step S110: a virtual machine image is created in a first preset mode.
Specifically, Mirroring (Mirroring) is a form of file storage, and is a type of redundancy, where data on one disk has an identical copy on another disk, that is, Mirroring.
The virtual machine image can be a virtual machine image file, is a disk partition provided with an operating system, and stores all information of a virtual machine hard disk.
Step S120: and starting the virtual machine in a second preset mode based on the virtual machine image.
In particular, a Virtual Machine (Virtual Machine) refers to a complete computer system with complete hardware system functionality, which is emulated by software and runs in a completely isolated environment. Work that can be done in a physical computer (physical or host) can be implemented in a virtual machine. When creating a virtual machine in a computer, it is necessary to use a part of the hard disk and the memory capacity of the physical machine as the hard disk and the memory capacity of the virtual machine. Each virtual machine has a separate CMOS (Complementary Metal-Oxide-Semiconductor) sensor, hard disk, and operating system, and can be operated as if a physical machine is used. The virtual machine may be a virtualized environment and is not limited to a virtual machine.
Step S130: creating a container in the virtual machine in a third preset mode.
In particular, the container technique can effectively partition resources of a single operating system into isolated groups, referred to as containers, that are isolated from one another, in order to better balance conflicting resource usage requirements among the isolated groups. The container technology can load both the operating system image and the application program into the memory. And the loading can be carried out from a network disk, so that the simultaneous starting of dozens of images does not bring large load to the network and the storage. The subsequent mirror image creating process only needs to point to the general mirror image, and the required memory is greatly reduced.
It should be noted that the container may be specifically Kata container, and is not limited to Kata container, and may also be another container that depends on a relatively simplified kernel and root system file during runtime.
Kata container makes up for the shortcomings of the security of the conventional container technology, and achieves the purpose of container isolation by using hardware virtualization. Each container (container/pod) is based on a separate operating system kernel instance as a lightweight virtual machine.
Step S140: and creating a device dependence file in the container based on a preset path.
Specifically, the device-dependent files may be files required by an operating system in the container to access device files to be accessed in the virtual machine, and if the device-dependent files cannot be successfully accessed, the device files to be accessed may not be successfully accessed.
In particular, the preset path may be to solve an access problem to a device dependent file in the virtual machine.
Step S150: and according to the preset path, enabling the container in the virtual machine to successfully access the device dependent file.
Specifically, according to the order of the preset paths, the containers in the virtual machine can be made to successfully access the device-dependent files.
Step S160: and enabling the container in the virtual machine to successfully access the device file to be accessed based on the transparent transmission strategy of the virtual machine and the accessed device dependent file.
Specifically, the device file to be accessed in the virtual machine is transmitted to the container in the virtual machine through the transparent transmission policy of the virtual machine, and the container in the virtual machine can successfully access the device file to be accessed by combining the device dependent file required when the accessed device file is normally accessed.
In the above embodiment, there are beneficial effects of:
creating a virtual machine image in a first preset mode; and creating a virtual machine image through the first preset mode, compiling a newly added drive in the virtual machine into a kernel built-in mode, and adding a non-root user authority to ensure that the virtual machine image created in the first preset mode can provide data for a container to access the file of the device to be accessed.
Starting the virtual machine in a second preset mode based on the virtual machine mirror image; the virtual machine is started by increasing the device parameters and the like required by the device file to be accessed, so that the virtual machine can ensure that the device file to be accessed can be smoothly accessed.
Creating a container in the virtual machine in a third preset mode; when the container is created in the virtual machine through the third preset mode, the device data of the virtual machine may be additionally acquired to ensure that the container created in the virtual machine can access the device file to be accessed in the virtual machine.
Creating a backup dependent file in the container based on a preset path; the method comprises the steps of creating a container in the virtual machine based on a device dependent file in the virtual machine through a preset path so as to ensure that the container can smoothly and successfully access the device file to be accessed in the virtual machine.
According to the preset path, enabling a container in the virtual machine to successfully access the equipment dependent file; and the container in the virtual machine is ensured to successfully access the file of the device to be accessed through the preset path.
Based on the transparent transmission strategy of the virtual machine and the accessed device dependent file, enabling a container in the virtual machine to successfully access the device file to be accessed; the device file to be accessed in the virtual machine is transparently transmitted to the container in the virtual machine through the transparent transmission strategy of the virtual machine, and the accessed device file can be successfully and smoothly accessed by combining the accessed device dependent file.
The embodiment of the application solves the problem that the Kata container fails to access the device file in the virtual machine, and realizes that the Kata container successfully accesses the device file of the virtual machine and executes the operation.
Referring to fig. 2, fig. 2 is a specific implementation step of step S110 in a first embodiment of the apparatus file transparent transmission method of the present application, where the creating a virtual machine image in a first preset mode includes:
step S111: and adding a preset authority of a non-root user to the device file to be accessed in the virtual machine.
Specifically, a preset authority of a non-root user to the device file to be accessed in the virtual machine is added, so that a program started on the virtual machine and a Kata agent of a container in the virtual machine can have authority to access the device.
It should be further noted that the preset authority of the newly added non-root user can be achieved by changing the original linux kernel driver code.
In addition, the Kata Container also comprises a Kata runtime, a Kata proxy, a Kata shim and a Kata hypervisor, wherein the Kata runtime is an OCI (open Container initiator) compatible operation and is responsible for all commands specified by an OCI operation specification and starting the Kata shim.
Step S112: compiling the newly added driver in the virtual machine into a kernel built-in mode.
Specifically, the kernel driver added in the virtual machine may be compiled into a kernel built-in module, so as to overcome the problem that the container in the virtual machine cannot dynamically load the kernel module.
In the above embodiment, there are beneficial effects of: a virtual machine mirror image with a required device driver is manufactured, so that a container in the virtual machine can dynamically load a kernel module, the driver required by an operating system in the container can be dynamically loaded, and the operating system in the container can be ensured to normally run.
Referring to fig. 3, fig. 3 is a specific implementation step of step S120 in a first embodiment of the apparatus file transparent transmission method of the present application, where starting a virtual machine in a second preset mode based on the virtual machine image includes:
step S121: and newly adding equipment parameters corresponding to the equipment file to be accessed in the virtual machine.
Specifically, in this embodiment, when a virtual machine is created by using an analog processor, Kata runtime shown in fig. 4, newly adding a device parameter, such as-device usb-ehci, corresponding to a device file to be accessed, so as to ensure that a device required by an operating system in a container in the virtual machine can be normally created, where the operating system in the container in the virtual machine may be an Android system, an IOS system, or a Windows system, but is not limited thereto, where the analog processor may be a QEMU (virtual operating system simulator), and a subsystem may be a cgroup device.
In the above embodiment, there are beneficial effects of: the virtual machine is started by increasing the device parameters and the like required by the device file to be accessed, so that the virtual machine can ensure that the device file to be accessed can be smoothly accessed.
Referring to fig. 5, fig. 5 is a specific implementation step of step S130 in the first embodiment of the apparatus file transparent transmission method of the present application, where creating a container in a virtual machine in a third preset mode includes:
step S131: and acquiring the equipment data of the virtual machine to create a container based on the configuration data adopted during the registration of the equipment file to be accessed.
Specifically, when the container is created by using the Kata agent, the Kata agent acquires information such as the device, the device type, and the like on the virtual machine according to the primary device number and the secondary device number adopted when the device file to be accessed is registered. As shown in fig. 4, the configuration data may be a primary device number and a secondary device number, or may be other data; similarly, the device data may be information such as device and device type, device address, device size, and the like, or may be other data, which is not limited herein.
In the above embodiment, there are beneficial effects of: and acquiring the equipment data on the virtual machine to create a container, providing data support for the container to normally access the equipment file, and ensuring that the container can normally access the equipment file.
Referring to fig. 6, fig. 6 is a specific implementation step of step S160 in a first embodiment of the device file transparent transmission method according to the present application, where the making of the container in the virtual machine to successfully access the device file to be accessed based on the transparent transmission policy of the virtual machine and the accessed device dependent file includes:
step S161: creating a subsystem of a container in the virtual machine based on hardware configuration information of the container.
Specifically, the hardware configuration information may be allocation of a CPU, allocation of a memory, and the like, and as shown in fig. 4, the kata agent creates a subsystem of the container by using the specific setting of the hardware configuration information. In this embodiment, the subsystem may be a group device, but is not limited to the group device subsystem.
It should be further noted that the cgroup subsystem includes the following:
blkio sets input/output limits for block devices, such as physical devices (disks, solid state drives, USB, etc.);
the CPU provides a cgroup task access to the CPU using a scheduler;
the CPU acc automatically generates a CPU report used by the task in the cgroup;
the CPU sets allocate independent CPUs (in the multi-core system) and memory nodes for tasks in the cgroup;
devices may allow or deny tasks in cgroup access to the device;
freezer suspends or resumes tasks in cgroup;
memory sets the memory limit used by the tasks in the cgroup and automatically generates memory resource reports used by the tasks;
net _ cls tags network packets with class identifiers (classid), which may allow the Linux traffic control program (tc) to identify packets generated from a specific cgroup;
ns is the namespace subsystem.
Step S162: adding the device file to be accessed to an accessible list of the subsystem;
step S163: creating a sub-process;
in particular, the sub-process may be created by runinit.
Step S164: and enabling the sub-process to access the device file to be accessed in the virtual machine by utilizing the subsystem of the container.
Specifically, the sub-process may access the device file to be accessed by using the corresponding cgroup device in the container.
In the embodiment, the container is created according to the configuration information, and the device file to be accessed is added to the accessible list, so that the container can be ensured to successfully access the device file to be accessed.
Referring to fig. 7, fig. 7 is a specific implementation step of step S140 in a first embodiment of the apparatus file transparent transmission method of the present application, where creating an apparatus dependent file in the container based on the preset path includes:
step S141: acquiring a first path of a root file system of the container in the virtual machine;
specifically, the root file system (rootfs) is a file system which not only has the function of storing data files of a normal file system, but also is characterized in that the root file system is the first file system to be mounted (mount) at the time of kernel boot, an image file of kernel code is stored in the root file system, and a system boot starter loads some initialization scripts (e.g., rcS, inittab) and services from the root file system to a memory to run after the root file system is mounted.
Specifically, the first path may be a storage path, a relative path, or an absolute path, and is not limited herein.
Step S142: acquiring a second path of the device dependent file in the virtual machine;
specifically, the second path may be a storage path, a relative path, or an absolute path, and is not limited herein.
Step S143: combining the first path and the second path, constructing a storage directory of the device dependent file in the container, and generating the preset path;
specifically, the preset path may be a relative path or an absolute path.
Step S144: creating a device dependent file in a storage directory in the preset path based on the device attribute corresponding to the device file to be accessed in the virtual machine;
specifically, the device attribute corresponding to the device file to be accessed may be read by a kata agent program.
It should be noted that the generated device dependent file can be accessed by the container after the root file system directory of the chroma or pivot _ root switching process.
In the above embodiment, there are beneficial effects of: the method for creating the preset path is specifically provided, and the correctness of the creation of the preset path is ensured, so that the device dependent file can be successfully accessed.
In one embodiment, the preset rights of the non-root user at least comprise a readable right, a writable right and an executable right.
Specifically, the readable authority is that the content in the file can be viewed; the writable right is that the content of the file can be edited; the executable operation only takes effect on the script and the directory, and has no meaning on the common files; the executable authority is that the script and the catalogue can be executed.
In one embodiment, the configuration data includes at least a primary device number and a secondary device number.
Specifically, the configuration data at least includes a primary device number and a secondary device number, and some related configuration files, which are not limited herein.
It should be further noted that, as shown in fig. 8, an exemplary diagram of a container with an operating system being Android is run in a kata virtual machine, where a HOST operating system may be HOST OS, an open source virtual machine may be KVM, a orchestration management tool of a portable container may be K8S, and an analog processor may be QEMU; and FIG. 9 (a) is a kata container before modification; FIG. 9 (b) is a modified kata container; through comparison, the container can access the devices/dev/binder,/dev/ashmem and/dev/input/micro of the virtual machine by adopting the improved kata container.
The application also provides a computer storage medium, wherein the computer storage medium stores a device file transparent transmission method program, and the device file transparent transmission method program is executed by a processor to realize any one of the device file transparent transmission method steps.
The application also provides a device for transparently transmitting the device file, which comprises a memory, a processor and a device file transparently-transmitting method program which is stored on the memory and can run on the processor, wherein the processor realizes any one of the device file transparently-transmitting method steps when executing the device file transparently-transmitting method program.
The application relates to a device 010 for transmitting device files, which comprises the following components as shown in fig. 10: at least one processor 012, memory 011.
The processor 012 may be an integrated circuit chip having signal processing capability. In implementation, the steps of the method may be performed by hardware integrated logic circuits or instructions in the form of software in the processor 012. The processor 012 may be a general-purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic device, or discrete hardware components. The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in the memory 011, and the processor 012 reads the information in the memory 011 and completes the steps of the method in combination with the hardware.
It is to be understood that the memory 011 in embodiments of the present invention can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. The non-volatile Memory may be a Read Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash Memory. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of illustration and not limitation, many forms of RAM are available, such as Static random access memory (Static RAM, SRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic random access memory (Synchronous DRAM, SDRAM), Double data rate Synchronous Dynamic random access memory (ddr DRAM), Enhanced Synchronous SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), and Direct Rambus RAM (DRRAM). The memory 011 of the systems and methods described in connection with the embodiments of the invention is intended to comprise, without being limited to, these and any other suitable types of memory.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It should be noted that in the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the invention without departing from the invention
With clear spirit and scope. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (10)
1. A method for transparent transmission of device files, the method comprising:
creating a virtual machine image in a first preset mode;
starting the virtual machine in a second preset mode based on the virtual machine mirror image;
creating a container in the virtual machine in a third preset mode;
creating a backup dependent file in the container based on a preset path;
according to the preset path, enabling a container in the virtual machine to successfully access the equipment dependent file;
and enabling the container in the virtual machine to successfully access the device file to be accessed based on the transparent transmission strategy of the virtual machine and the accessed device dependent file.
2. The method for transparently transmitting the device file according to claim 1, wherein the creating the virtual machine image in the first preset mode comprises:
adding a preset authority of a non-root user to the device file to be accessed in the virtual machine;
compiling the newly added driver in the virtual machine into a kernel built-in mode.
3. The method for transparently transmitting the device file according to claim 1, wherein the starting the virtual machine in a second preset mode based on the virtual machine image comprises:
and newly adding equipment parameters corresponding to the equipment file to be accessed in the virtual machine.
4. The method for transparently transferring device files according to claim 1, wherein the creating a container in the virtual machine in a third preset mode comprises:
and acquiring the equipment data of the virtual machine to create the container based on the configuration data adopted during the registration of the equipment file to be accessed.
5. The method for transparently transmitting the device file according to claim 1, wherein the enabling the container in the virtual machine to successfully access the device file to be accessed based on the transparent transmission policy of the virtual machine and the accessed device-dependent file comprises:
creating a subsystem of a container in the virtual machine based on hardware configuration information of the container;
adding the device file to be accessed to an accessible list of the subsystem;
creating a sub-process;
and enabling the sub-process to access the device file to be accessed in the virtual machine by utilizing the subsystem of the container.
6. The method for transparently transmitting the device file according to claim 1, wherein the creating the device-dependent file in the container based on the preset path comprises:
acquiring a first path of a root file system of the container in the virtual machine;
acquiring a second path of the device dependent file in the virtual machine;
combining the first path and the second path, constructing a storage directory of the device dependent file in the container, and generating the preset path;
and creating an equipment dependent file in the storage directory in the preset path based on the equipment attribute corresponding to the equipment file to be accessed in the virtual machine.
7. The method for transparently transmitting device files according to claim 2, wherein the preset permissions of the non-root users at least include readable permissions, writable permissions and executable permissions.
8. The method for transparently transmitting device files according to claim 4, wherein the configuration data at least includes a primary device number and a secondary device number.
9. A computer storage medium, characterized in that the computer storage medium stores a device file transparent transmission method program, and the device file transparent transmission method program realizes the device file transparent transmission method steps of any one of claims 1 to 8 when executed by a processor.
10. An apparatus for transparently transmitting device files, comprising a memory, a processor and a program for transparently transmitting device files, which is stored in the memory and can be run on the processor, wherein the processor implements the steps of the method for transparently transmitting device files according to any one of claims 1 to 8 when executing the program for transparently transmitting device files.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110520423.6A CN112948062B (en) | 2021-05-13 | 2021-05-13 | Transparent transmission method and device for device file and computer storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110520423.6A CN112948062B (en) | 2021-05-13 | 2021-05-13 | Transparent transmission method and device for device file and computer storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112948062A true CN112948062A (en) | 2021-06-11 |
| CN112948062B CN112948062B (en) | 2021-07-13 |
Family
ID=76233817
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110520423.6A Active CN112948062B (en) | 2021-05-13 | 2021-05-13 | Transparent transmission method and device for device file and computer storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112948062B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107766130A (en) * | 2016-08-22 | 2018-03-06 | 中国电信股份有限公司 | The method and apparatus that virtual machine migrates to container |
| CN109284168A (en) * | 2018-09-10 | 2019-01-29 | 福建星瑞格软件有限公司 | A kind of big data platform environment configurations and business datum separation management method and system |
| CN110688174A (en) * | 2019-09-30 | 2020-01-14 | 李福帮 | Container starting method, storage medium and electronic device |
| US20200174851A1 (en) * | 2018-11-30 | 2020-06-04 | Graphcore Limited | Virtualised Gateways |
| CN111324891A (en) * | 2018-12-13 | 2020-06-23 | 北京京东尚科信息技术有限公司 | System and method for container file integrity monitoring |
-
2021
- 2021-05-13 CN CN202110520423.6A patent/CN112948062B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107766130A (en) * | 2016-08-22 | 2018-03-06 | 中国电信股份有限公司 | The method and apparatus that virtual machine migrates to container |
| CN109284168A (en) * | 2018-09-10 | 2019-01-29 | 福建星瑞格软件有限公司 | A kind of big data platform environment configurations and business datum separation management method and system |
| US20200174851A1 (en) * | 2018-11-30 | 2020-06-04 | Graphcore Limited | Virtualised Gateways |
| CN111324891A (en) * | 2018-12-13 | 2020-06-23 | 北京京东尚科信息技术有限公司 | System and method for container file integrity monitoring |
| CN110688174A (en) * | 2019-09-30 | 2020-01-14 | 李福帮 | Container starting method, storage medium and electronic device |
Non-Patent Citations (1)
| Title |
|---|
| 李翔 等: "基于微服务特性的容器自动扩缩容研究", 《武汉大学学报(工学版)》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112948062B (en) | 2021-07-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Chen et al. | Enabling FPGAs in the cloud | |
| CN106469083B (en) | Container mirror image safety inspection method and device thereof | |
| US9547346B2 (en) | Context agent injection using virtual machine introspection | |
| RU2398267C2 (en) | Hierarchical virtualisation through multi-level virtualisation mechanism | |
| KR101602519B1 (en) | Virtualized storage assignment method | |
| US8112610B2 (en) | Partition bus | |
| Von Hagen | Professional xen virtualization | |
| US8549532B2 (en) | Parallel checkpointing for migration of workload partitions | |
| US10574524B2 (en) | Increasing reusability of and reducing storage resources required for virtual machine images | |
| US10545783B2 (en) | Technologies for securing data structures for controlling virtual machines | |
| US20210382747A1 (en) | Efficient userspace driver isolation by shallow virtual machines | |
| CN114327777B (en) | Method and device for determining global page directory, electronic equipment and storage medium | |
| US20090328077A1 (en) | Software Appliances not Requiring Virtual Machines | |
| CN114168255A (en) | Operation method and device of heterogeneous instruction set container in container cloud platform | |
| CN113297566A (en) | Sandbox implementation method, sandbox implementation device, sandbox implementation equipment and storage medium | |
| US20160321116A1 (en) | Translating operating system processes | |
| US20230266984A1 (en) | Container-based operating system translation | |
| Heiser | Virtualization for embedded systems | |
| Debab et al. | Containers runtimes war: a comparative study | |
| CN114090171A (en) | Virtual machine creation method, migration method and computer readable medium | |
| US10102024B2 (en) | System and methods to create virtual machines with affinity rules and services asymmetry | |
| CN112948062B (en) | Transparent transmission method and device for device file and computer storage medium | |
| Schneider et al. | Efficient virtualization for functional integration on modern microcontrollers in safety-relevant domains | |
| US11526358B2 (en) | Deterministic execution replay for multicore systems | |
| US11513825B2 (en) | System and method for implementing trusted execution environment on PCI device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |