CN116340932A - Application program package generation method with isolation function, management method and device - Google Patents

Abstract

The application relates to the technical field of computer operating systems, in particular to an application program package generating method with an isolation function, a management method and a device, wherein the application program package generating method with the isolation function comprises the steps of copying application program files to a catalog corresponding to rpmbuild; the application program files comprise binary files, dependency files and application icon files; writing a rule configuration file corresponding to the application program file according to the isolation requirement; and compiling spec files of an rpmbuild mechanism; and generating an rpm package of the application program with the isolation function according to the spec file, the application program file and the rule configuration file. Based on the scheme provided by the application, each application program can have an isolation function, namely: the application programs are not mutually accessible, so that the safety of the application programs is improved; in addition, based on the scheme provided by the application, the graphical management of the application can be realized on a system without a graphical interface, so that the user can manage the application conveniently.

Description

Application program package generation method with isolation function, management method and device

Technical Field

The present invention relates to the field of computer operating systems, and in particular, to a method and an apparatus for generating and managing an application program package with an isolation function.

Background

Common application management of an operating system mainly comprises functions of installation, unloading, upgrading and the like of the application, and the read-write space and access authority of the application are basically not restricted.

Each application typically stores data related to the running of the program in a directory in the file system, which the application accesses according to the running requirements.

In order to ensure the stability and security of the overall system operation, it is therefore necessary to provide a data access isolation mechanism between different applications.

Disclosure of Invention

In view of the above problems in the prior art, the present application provides an application package generating method, an application package managing method and an application package managing device with an isolation function, which can prevent a plurality of applications from accessing each other, each application is operated in a limited sandbox, and the stability and safety of the operation of the whole system are ensured.

In order to achieve the above object, a first aspect of the present application provides an application package generating method with an isolation function, including: copying the application program file to a catalog corresponding to rpmbuild; the application program files comprise binary files, dependent files and application icon files; writing a rule configuration file corresponding to the application program file according to the isolation requirement; and compiling spec files of an rpmbuild mechanism; and generating an rpm package of the application program with the isolation function according to the spec file, the application program file and the rule configuration file.

By the method, the rpm package with the isolation function is customized by compiling the rule configuration file corresponding to the application program file according to the isolation requirement, and the access right of the application program is controlled and filtered, so that the isolation of the application program is realized, and the safety of the system is ensured.

As a possible implementation manner of the first aspect, the method further includes: signing the rpm package through a GPG signing mechanism to obtain an encrypted rpm package; and publishing the encrypted rpm packet to a target library.

By the method, the rpm is encrypted through the signature mechanism of the application package, so that the safety and stability of the application package are ensured. In addition, the customized encryption installation package supports to be released to a series of target libraries such as a software source or a server, so that the application package is more flexibly called.

As a possible implementation manner of the first aspect, the writing, according to the isolation requirement, a rule configuration file corresponding to the application program file includes: if the isolation requirement is the isolation requirement of the system call, writing a rule configuration file corresponding to the application program file based on Seccomp; if the isolation requirement is the isolation requirement of file access, writing a rule configuration file corresponding to the application program file based on AppArmor; and if the isolation requirement comprises the isolation requirement of system call and the isolation requirement of file access, writing a rule configuration file corresponding to the application program file based on the Seccomp and the AppArmor.

By the method, the isolation requirement for system call is realized based on the Seccomp rule, and the isolation requirement for file access is realized based on AppArmor, so that the isolation requirement of a user is enriched, the user can customize and write the isolation rule according to the actual requirement, and the isolation rule of the application package is richer and more flexible.

As a possible implementation manner of the first aspect, the application package generating method with the isolation function operates under the authority of an administrator.

By limiting the writing of the application package under the authority of an administrator, the isolation rule can be prevented from being modified by misoperation of a common user, and therefore the safety and stability of the system are ensured.

A second aspect of the present application provides an application management method with an isolation function, including: the target machine establishes connection with the user machine; the target machine obtains an rpm packet of an application program with an isolation function through a user machine with a connection established, wherein the rpm packet is generated according to the method of any one of the first aspect; the target machine performs signature verification on the rpm packet, and if the verification is passed, the target machine performs corresponding management on the application program; the target machine is a machine without a graphical interface, and the user machine is a machine with a graphical interface.

By the method, the target machine without the graphic interface is controlled to carry out application management through the user machine with the graphic interface, so that the graphic application management of the graphic system is realized, and the management of the application by a user is more visual and convenient.

As a possible implementation manner of the second aspect, the managing includes: install, uninstall, delete, and/or upgrade.

As a possible implementation manner of the second aspect, the checksum management includes: performing said checksum said managing by means of an rpm command; or by means of dnf command.

By the method, signature verification and application management are performed in an rpm command or dnf command mode, and operation habits of different users can be met.

As a possible implementation manner of the second aspect, the application management method with the isolation function operates under a common user authority.

By the method, the management function of the application in the graphic-free system by the common user through the user machine is realized.

A third aspect of the present application provides an application package generating device with an isolation function, including: the application program copying module is used for copying the application program file to the catalog corresponding to rpmbuild; the application program files comprise binary files, dependent files and application icon files; the rule configuration file writing module is used for writing rule configuration files corresponding to the application program files according to isolation requirements; and compiling spec files of an rpmbuild mechanism; and the rpm package generating module is used for generating an rpm package of the application program with the isolation function according to the spec file, the application program file and the rule configuration file.

Advantageous effects of the present aspect reference may be made to the description of the advantageous effects of the parts of the first aspect described above.

A fourth aspect of the present application provides an application management apparatus having an isolation function, including: the connection establishment module is used for establishing connection with the user machine by the target machine; an rpm package obtaining module, configured to obtain, by the target machine through the user machine that has established a connection, an rpm package of an application program having an isolation function, where the rpm package is generated according to the method of any one of claims 1 to 4; the application program management module is used for carrying out signature verification on the rpm packet by the target machine, and carrying out corresponding management on the application program if the verification is passed; the target machine is a machine without a graphical interface, and the user machine is a machine with a graphical interface.

The advantages of this aspect may be seen from the description of the advantages of the parts of the second aspect described above.

These and other aspects of the invention will be apparent from and elucidated with reference to the embodiment(s) described hereinafter.

Drawings

The various features of the invention and the connections between the various features are further described below with reference to the figures. The figures are exemplary, some features are not shown in actual scale, and some features that are conventional in the art to which this application pertains and are not essential to the application may be omitted from some figures, or features that are not essential to the application may be additionally shown, and combinations of the various features shown in the figures are not meant to limit the application. In addition, throughout the specification, the same reference numerals refer to the same. The specific drawings are as follows:

Fig. 1 is a flow chart of an application package generating method with isolation function according to an embodiment of the present application;

FIG. 2 is an exemplary diagram of an application manager interface when customizing an rpm package under the authority of an administrator, provided in an embodiment of the present application;

FIG. 3 is a flowchart of an application management method with isolation function according to an embodiment of the present application;

FIG. 4 is an exemplary diagram of an application management page on a client provided in an embodiment of the present application;

FIG. 5 is a flowchart illustrating generation and management of an application package with isolation function according to an embodiment of the present application;

FIG. 6 is a schematic diagram of an application package generating device with isolation function according to an embodiment of the present application;

FIG. 7 is a schematic diagram of an application management device with isolation function according to an embodiment of the present application;

fig. 8 is a schematic structural diagram of a computing device according to an embodiment of the present application.

Detailed Description

The technical scheme provided by the application is further described below by referring to the accompanying drawings and examples. It should be understood that the system structures and service scenarios provided in the embodiments of the present application are mainly for illustrating possible implementations of the technical solutions of the present application, and should not be construed as the only limitation of the technical solutions of the present application. As one of ordinary skill in the art can know, with the evolution of the system structure and the appearance of new service scenarios, the technical scheme provided in the application is applicable to similar technical problems.

It should be understood that the embedded application isolation scheme provided in the embodiments of the present application includes an application package generating method, an application package managing device, and the like with an isolation function. Because the principles of solving the problems in these technical solutions are the same or similar, in the following description of the specific embodiments, some repetition is not described in detail, but it should be considered that these specific embodiments have mutual references and can be combined with each other.

Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. If there is a discrepancy, the meaning described in the present specification or the meaning obtained from the content described in the present specification is used. In addition, the terminology used herein is for the purpose of describing embodiments of the present application only and is not intended to be limiting of the present application. For the purpose of accurately describing the technical content of the present application, and for the purpose of accurately understanding the present invention, the terms used in the present specification are given the following explanation or definition before the explanation of the specific embodiments:

indefinite (type): a tag union is used to express any type of data (e.g., integer, double-precision, single-precision floating point numbers, objects, etc.), except for fixed-length strings or structures. Variables that do not explicitly specify data types are also treated as indefinite types.

BPF: berkeley Packet Filter, berkeley packet filter, an original interface of the data link layer on the system, provides for transceiving of original link layer packets.

Desktop file: is a file identifiable by the system and is used for storing the personality settings of the user on the folders.

spec file: is a configuration specification file that can be used as an rpmbuild application to build rpm packages. The spec file provides the necessary information for building the system by defining a series of descriptions. For example: it describes how the software package is configured, which patches are patched, which files are installed, where they are installed, which system level activities are required by the installation process, etc.

createrepo command: the method is used for creating yum sources (software warehouses), namely, indexing a plurality of rpm packages stored in a specific local position, describing dependency information required by each package, and forming metadata.

GPG signature: the application of GPG on Linux is mainly to realize the signature mechanism of the officially issued package.

Public key: the sharable secret key is mainly used for verifying the data encrypted by the private key and signing the data to be sent to the private key party.

Private key: the key reserved locally is used for signing local data and verifying the data signed by the public key.

DNF: a software management tool.

pt_regs: the minimum state information that needs to be saved in the kernel entry is encapsulated.

Binary file: the purpose depends on the system or application. An abbreviation for the file format bin, a file with the suffix ". Bin" merely indicates that it is in the bin format.

Relying on files: depending on the other packages that complete their software.

The application is mainly applied to the research and development field of domestic computer operating systems, and the common operating system application management technology mainly has the functions of application installation, uninstallation and upgrading, and the read-write space and access right of the application are basically not restricted. Meanwhile, the custom application package is inconvenient to release to application stores such as ubuntu, centos release boards, and the application management technologies mainly aim at a graphical operating system, an application management program must run on a target machine with a graphic display function, and an embedded non-graphical system cannot use the functions.

The method realizes the isolation function of the software package through AppArmor and Seccomp, and remotely manages the target machine system application through the application management program of user machine graphics.

AppArmor is a security function, also a kernel enhancement function, intended to limit programs to a limited set of resources, which binds access control attributes to programs rather than individual users. The limit of AppArmor is provided by a special configuration file loaded into the kernel. A configuration file loaded in force mode will result in enforcement of policies defined in the configuration file and reporting of policy violation attempts (via syslog (system log or system call)) or audiotd (daemon).

For example, assuming that there is an executable file with a path of/usr/bin/man, if access control is to be performed by AppArmor, a profile with a file name of usr.bin.man is created, and this profile is placed under the catalog/etc/apparmor.d where the profile is specifically placed by AppArmor.

AppArmor can realize access control to a file system, can carry out access control to a certain file or a file under a certain directory, and has the following access modes: r (read), w (write), ux (unconstrained execution), ix (inherited execution), l (chaining), etc. Files not listed in the configuration file are inaccessible to the program, like a white list. AppArmor may provide a similar way to a system call setlimit to limit the resources that a program may use. AppArmor may limit whether a program may access the network.

Seccomp is a secure mechanism for Linux, whose main function is to restrict the direct call to certain system functions through syscall (System call). In Linux systems, a large number of system calls (systemcalls) are directly exposed to user-mode programs. However, not all system calls are required and unsafe code misuse of the system calls can pose a security threat to the system. By Seccomp, the restriction program uses certain system calls, which can reduce the exposed surface of the system, while putting the program into a safe state.

There are two types of filtering modes of secomp (struct & filter). First, the struct supports only read, write, exit, cancel or terminate current commands, and the rt_signature return (restores the original pt_regs) four syscalls, meaning that the file must be opened before entering strict mode, once the strict mode of Seccomp is applied to the program, the SIGKILL is triggered and the process signal is terminated immediately for all other calls to the system.

Second, FILTER, which FILTERs any system calls and their parameters using the Berkeley Package FILTER (BPF) program, using which a process can use prctl (pr_set_ SECCOMP, SECCOMP _mode_filter) to specify which system calls are allowed. When Seccomp is applied to a process, a preset BPF program and its configuration file need to be installed to the kernel in advance, and then each system call passes through the filter.

In the present application, for example: when a process invokes a switching virtual circuit (Switching Virtual Circuit, SVC), a preset BPF rule is entered first, and whether a given system call is allowed or not is determined through the preset rule (configuration file), so that the program is isolated, and the safety of the system is ensured.

However, unlike some other MAC (Mandatory Access Control, forced access control) systems on Linux, appArmor is path-based, meaning that AppArmor mechanisms can be bypassed by modifying the filename. Therefore, the above risks are circumvented in this application in connection with the management of root rights.

Fig. 1 is a flow chart of an application package generating method with an isolation function according to an embodiment of the present application. As shown in fig. 1, the method for generating an application package with isolation function according to the present embodiment includes the following steps:

s101: and copying the application program file of the application to a catalog corresponding to rpmbuild.

The custom rpm package is performed in an application manager having administrator authority (root authority), and when the custom rpm package is performed through a development page of the application manager, it is required to run on a specific development machine, which is installed with components such as AppArmor, libSeccomp, rpmbuild, gpg, createrepo. The developer imports application files of the application through the application management program, namely, the importation of the application files is realized by clicking the importation at the corresponding position of the importation application compression package field in the interface shown in fig. 2, and then the application files are copied to the catalog corresponding to rpmbuild, namely, the application files are copied to the catalog corresponding to rpmbuild through the selection of the motor in the application installation package generation path in the interface shown in fig. 2. The application program files comprise binary files, dependent files, application icon files and the like.

S102: and writing a rule configuration file corresponding to the application program file according to the isolation requirement, and writing a spec file of an rpmbuild mechanism.

The application access authority is limited through AppArmor and Seccomp rule configuration files, whether a given system call is allowed or not is determined, filtering is performed based on a system call number and a parameter (register) value, and the program is isolated, so that the safety of the system is ensured. Specific: if the isolation requirement is an isolation requirement related to the system call (i.e. the isolation limitation is performed on the system call), writing a rule configuration file corresponding to the application program file based on the Seccomp. If the isolation requirement is an isolation requirement of file access (i.e. isolation restriction is performed on file access of the application program), writing a rule configuration file corresponding to the application program file based on AppArmor. If the isolation requirement comprises the isolation requirement including both system call and file access, writing a rule configuration file corresponding to the application program file based on the Seccomp and the AppArmor respectively.

S103: and generating an rpm package of the application program with the isolation function according to the spec file, the application program file and the rule configuration file.

The spec file of rpmbuild mechanism can be written, and besides generating the rpm packet source code, the spec file can also contain some information according to requirements, including: the method comprises the steps of decompressing a source code packet, patching, compiling, installing a path and the like according to software basic information and scripts executed before and after installation and uninstallation. Therefore, customizing functions and corresponding descriptions according to requirements can be realized, and the whole process source code is independently controllable.

And then generating rpm packages of application corresponding names by the spec files, the application program files, the AppArmor, the Seccomp rule configuration files and the like. The generated rpm packet is output to a designated path. In addition, a new software source configuration file can be generated through a createrepo command, and the software source configuration file contains the dependency relationship of all rpm packages inside the software source, so that the rpm packages can be conveniently incorporated into the software source.

In this embodiment, an application rpm package with an isolation function is customized based on AppArmor and Seccomp rule configuration files through an administrator authority (root), access authority of an application is controlled, system calls that the application can perform are filtered, programs are isolated, and safety of a system is guaranteed. Meanwhile, the risk that the AppArmor-based path can be bypassed by modifying the file name is avoided based on the root authority.

Fig. 3 is a flowchart of an application management method with an isolation function according to an embodiment of the present application. As shown in fig. 3, the method for managing an application program with an isolation function provided in this embodiment includes the following steps:

s201: the target machine establishes a connection with the user machine.

The user machine is connected to the target machine in a ssh mode through an application management program, so that the target machine and the user machine are connected. The connection between the target machine and the user machine in the ssh mode can ensure the connection safety of the target machine and the user machine.

S202: the target machine obtains the rpm package of the application program with the isolation function through the user machine with the connection established.

The user application management page enables the target machine to import the rpm package of the application from the software source to the target machine (the target machine needs to install the secret key of the application rpm package) in the mode of sftp and the like through the script, and the user application management page (program) can read all desktop files under the rpm package/usr/share/applications/directory of the application and display the contained application information on the user application management page of the user machine. The user machine needs a graphic display function to run an application management program and perform a graphic operation, and an operating system of the user machine may be a system with a graphic display function, for example, windows, linux, etc., for example, as shown in fig. 4, an example of an application management page on the user machine, through which management (for example, installation, uninstallation, upgrading, etc.) of an application may be implemented.

S203: and the target machine performs signature verification on the rpm packet, and performs corresponding management on the application program if the verification is passed.

The client can manage the rpm package by means of dnf command or rpm command, etc., and can control the destination to download the rpm package from a designated server (source).

The user device can check the signature of the rpm package which is imported to the target device by means of dnf command or rpm command, and install the rpm package if the verification is passed.

In the above operation, the application management interface needs to use the root authority when calling dnf or rpm operation command, the root authority is not opened to the application manufacturer and the common user (user application management page), and at this time, the root authority can be opened by modifying the configuration of etc/subscribers when the system leaves the factory.

In this embodiment, the security and stability of the application package are ensured by the signature and verification mechanism of the application package, the customized application package support is issued to a local software source or other target libraries (such as a local server, a cloud end, etc.), and the target machine without a graphical interface is controlled by the user machine with the graphical interface to obtain the application package, thereby realizing the management of the graphical application. And different application management authorities are provided for different use objects, so that the safety of the application and the whole system is further ensured.

An example of the method provided in the present application is further described below in conjunction with a specific embodiment and fig. 5.

S301: the rpm package of the custom application.

The customized rpm package can only be performed in the application management program with the administrator authority (root authority), specifically, the development page of the application management program, and when the customized rpm package is performed through the development page of the application management program, the customized rpm package needs to be run on a specific development machine, the development machine and the target machine are of the same architecture type, and the development machine is provided with components such as AppArmor, libSeccomp, rpmbuild, gpg, createrepo. The developer imports application files of the application through (the development pages of) the application manager's background script and then copies these application files to the rpmbild's corresponding directory. The application program files comprise binary files, dependent files, application icons and the like; the application manager may be written in the Qt5 language.

The rpm package is made through an rpmbuild component (command) of the development machine, the converted source code is indicated to be variably compiled into a package of binary files, so that the software package is customized according to the requirement, and the package installation can be facilitated. In the process, the spec file is the core part of the rpm package, the rpm package is manufactured according to the spec file, and the spec file can be provided with executable scripts before and after the rpm is installed.

And writing a corresponding rule configuration file according to rules of AppArmor and Seccomp in the catalog corresponding to rpmbuild. Rule configuration files of AppArmor and/or Seccomp can be written according to program requirements. And generating an rpm packet with an application corresponding name by writing a spec file of an rpmbield mechanism, and outputting the spec file, an application program file, an AppArmor, a Seccomp rule configuration file and the like to a specified path. The default operating system library catalog/usr/lib, other custom library catalogs default to/usr/local/applielib, wherein applielib is the name of the application, the default installation path of the binary file is/usr/local/bin/appname, the AppArmor rule configuration file installation path is/etc/apparmor.d, the rpm package also comprises a desktop file of the application, and file information such as an execution path and an icon of the binary file of the application is recorded.

After the rpm package of the application is generated, the script is called to carry out custom signature on the rpm, and the rpm package customization of the application is completed. When signing an rpm, the script may be invoked to sign the rpm using the key of the gpg mechanism.

S302: the rpm package of the application is incorporated into (published to) the software source (server, library).

After the customization of the application rpm package is completed, the existing software source is incorporated through the script; and a new software source configuration file is generated in the software source catalog by using a createrepo command, and the software source configuration file contains the dependency relationship of all rpm packages in the software source, so that other target machines can be conveniently connected to the software source by commands and perform installation, unloading and updating operations.

S303: the application rpm package is imported into the target machine.

The user machine is connected to the target machine in a ssh mode through an application management program, and specifically can be a user application management page (program) of the application management program, wherein the page does not have root authority. The user application management page enables the target machine to import the rpm package of the application from the software source to the target machine (the target machine needs to install the secret key of the application rpm package) in a mode of sftp and the like through the script, and the user application management page (program) can read all desktop files under the rpm package/usr/share/applications/directory of the application and display the contained application information on the user application management page. The user machine needs a graphic display function to run an application management program and perform graphic operation, and an operating system of the user machine can be windows, linux and the like.

S304: and carrying out application management on the target machine.

The client can manage the rpm package by means of dnf command or rpm command, etc., and can control the destination to download and install the rpm package from a designated server (source). In addition, since the spec file can set the script executable before and after the rpm installation, the automatic downloading and installation of the rpm package, the automatic management of the dependency relationship between the rpm packages, and the like can be realized based on the preset script.

When application management is performed by dnf command, a gpg-verify/directory name/rpm package name command needs to be called first to verify the rpm package signature, and if the signatures do not match, installation failure is indicated. If the verification is passed, the application management can be performed through buttons or input boxes for providing application installation, uninstallation and updating functions through an application management interface of the user machine. The operation commands for executing the application installation, uninstallation and updating corresponding background scripts through buttons or input boxes are-dnf install appname ', -dnf remove appname ' and-dnf update appname '. In addition, by script calling the execute-dnf list updates "command, all available updates for the installed package may be listed, and the command may also set the corresponding buttons or input boxes, etc.

When application management is performed in an rpm command mode, a script call-rpm-checksignature.rpm "command is executed by a user machine to verify an rpm packet signature, and if the signatures are not matched, installation failure is prompted. If the verification passes, an application rpm package installation will be invoked-rpm-ivh "command, the purpose of which is to visualize and display the progress of the software installation. After the rpm package is successfully installed, the desktop file in the rpm package is copied to the destination machine/usr/share/applications/directory, and the display is updated on the application management interface of the user machine. The binary, appArmor, seccomp, and other library files and configuration files of the application are also copied to the corresponding directory.

The AppArmor service is then restarted and the party can validate the application isolation function. In addition, the packet deletion operation may be performed using an rpm-eappname command, the packet update operation may be performed using an rpm-U appname command, and all installed packets in the system may be displayed using an rpm-qa command.

In the above operation, the application management interface needs to use root authority when invoking dnf or rpm operation command, the root authority is not opened to application manufacturers and common users (user application management page), at this time, the authorities of rpm and dnf can be opened to manufacturers and common users by modifying/etc/substituents configuration when the system leaves the factory, and at this time, rpm and dnf commands can be used without root authority.

The modified content of the open rpm command is-All= (ALL) NOPASSWD:/usr/bin/rpm ";

the modified content of the open dnf command is-ALL All= (ALL) NOPASSWD:/usr/bin/dnf ".

According to the technical scheme provided by the embodiment of the application management method, the customized application with isolation is realized and managed, namely, an administrator (root authority) calls a background script on a development page of an application management program to customize an application rpm package with isolation function and sign the application rpm package, and then the application rpm package with isolation function is imported into a custom software source. The general user connects the target machine in a ssh mode at the user machine application management program (user application management page), and introduces the customized application rpm package with isolation attribute and signature into the target machine. And then, performing application management operation by using an rpm or dnf related command, displaying the corresponding operation on a user machine application management program (user application management page), so as to achieve the graphic management function of the embedded system, and realizing the graphic management function of performing application management on the embedded system without graphic display. And related rights are needed when customizing the application rpm package and application management, avoiding the risk that AppArmor can be bypassed by modifying the file name based path.

Another embodiment of the present application provides an application package generating apparatus with an isolation function, where the apparatus may be implemented by a software system, may be implemented by a hardware device, or may be implemented by a combination of the software system and the hardware device.

It should be understood that fig. 6 is merely an exemplary schematic diagram illustrating a structure of the application package generating device 60 with the isolation function, and the present application is not limited to the division of the functional modules in the application package generating device 60 with the isolation function. As shown in fig. 6, the application package generating apparatus 60 with isolation function may be logically divided into a plurality of modules, each of which may have different functions, and the functions of each module are implemented by a processor in a computing device that reads and executes instructions in a memory. The application package generating device 60 with isolation function includes an application copy module 601, a rule profile writing module 602, and an rpm package generating module 603, for example.

In one embodiment, the application package generating device with isolation function is used to execute the content described in steps S101-S103 shown in fig. 1.

Specifically, it may be: an application program copying module 601, configured to copy an application program file to a directory corresponding to rpmbuild; the application files include binary files, dependency files, and application icon files. A rule configuration file writing module 602, configured to write a rule configuration file corresponding to the application program file according to an isolation requirement; and writing spec files of rpmbield mechanism. And the rpm package generating module 603 is configured to generate an rpm package of the application program with the isolation function according to the spec file, the application program file and the rule configuration file.

The specific implementation manner of each functional module in this embodiment may be referred to the description in the foregoing method embodiment, and this embodiment will not be described in detail.

Another embodiment of the present application provides an application management device 70 with isolation function, and it should be understood that fig. 7 is merely an exemplary schematic structural diagram of an application management device 70 with isolation function, and the present application is not limited to the division of functional modules in the application management device with isolation function. As shown in fig. 7, the application management apparatus 70 with isolation function may be logically divided into a plurality of modules, each of which may have different functions, and the functions of each module are implemented by a processor in a computing device that reads and executes instructions in a memory. The application management device 70 with isolation function includes, for example, a connection establishment module 701, an rpm package acquisition module 702, and an application management module 703.

In one embodiment, the application package generating device with isolation function is used to execute the contents described in steps S201-S203 shown in fig. 3.

Specifically, it may be: a connection establishment module 701, configured to establish a connection with a client by using a target machine; an rpm package obtaining module 702, configured to obtain, by the target machine through the user machine that has established a connection, an rpm package of an application program having an isolation function, where the rpm package is generated according to the method of any one of claims 1 to 4; the application management module 703 is configured to perform signature verification on the rpm packet by using the target machine, and if the verification is passed, perform corresponding management on the application; the target machine is a machine without a graphical interface, and the user machine is a machine with a graphical interface.

The specific implementation manner of each functional module in this embodiment may be referred to the description in the foregoing method embodiment, and this embodiment will not be described in detail. Fig. 8 is a schematic diagram of a computing device 900 provided by an embodiment of the present application. The computing device may perform various alternative embodiments of the method for generating an application package with isolation function and the method for managing an application with isolation function, and may be a terminal, or may be a chip or a system on chip inside the terminal. As shown in fig. 8, the computing device 900 includes: processor 910, memory 920, and communication interface 930.

It should be appreciated that the communication interface 930 in the computing device 900 shown in fig. 8 may be used to communicate with other devices and may include, in particular, one or more transceiver circuits or interface circuits.

Wherein the processor 910 may be coupled to a memory 920. The memory 920 may be used to store the program codes and data. Accordingly, the memory 920 may be a storage unit internal to the processor 910, an external storage unit independent of the processor 910, or a component including a storage unit internal to the processor 910 and an external storage unit independent of the processor 910.

Optionally, computing device 900 may also include a bus. The memory 920 and the communication interface 930 may be connected to the processor 910 through a bus. The bus may be a peripheral component interconnect standard (Peripheral Component Interconnect, PCI) bus or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, or the like. The buses may be classified as address buses, data buses, control buses, etc. For ease of illustration, an unbiased line is shown in FIG. 5, but does not represent only one bus or one type of bus.

It should be appreciated that in embodiments of the present application, the processor 910 may employ a central processing unit (central processing unit, CPU). The processor may also be other general purpose processors, digital signal processors (digital signal processor, DSP), application specific integrated circuits (application specific integrated circuit, ASIC), off-the-shelf programmable gate arrays (field programmable gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. Or the processor 910 may employ one or more integrated circuits for executing associated programs to perform the techniques provided in the embodiments of the present application.

The memory 920 may include read only memory and random access memory and provide instructions and data to the processor 910. A portion of the processor 910 may also include nonvolatile random access memory. For example, the processor 910 may also store information of the device type.

When the computing device 900 is running, the processor 910 executes computer-executable instructions in the memory 920 to perform any of the operational steps of the methods described above, as well as any of the alternative embodiments.

It should be understood that the computing device 900 according to the embodiments of the present application may correspond to a respective subject performing the methods according to the embodiments of the present application, and that the foregoing and other operations and/or functions of the respective modules in the computing device 900 are respectively for implementing the respective flows of the methods of the embodiments, and are not described herein for brevity.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or as computer software, or as a combination of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application. For example, the apparatus described in the foregoing embodiments, or each unit or module included in each apparatus, may be implemented by a process or a software module, where the software module may be a unit split according to functional logic. It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.

In the several embodiments provided in this application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.

The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.

Embodiments of the present application also provide a computer-readable storage medium having stored thereon a computer program for performing the above-described method when executed by a processor, the method comprising at least one of the aspects described in the above-described embodiments.

Any combination of one or more computer readable media may be employed as the computer storage media of the embodiments herein. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.

The computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.

Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

Computer program code for carrying out operations of the present application may be written in one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the-C "programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).

Furthermore, the terms first, second, third and the like in the description and in the claims, or in the claims, module a, module B, module C and the like, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order, and it is to be understood that the specific order or sequence may be interchanged if permitted to implement the embodiments of the present application described herein in an order other than that illustrated or described herein.

In the above description, reference numerals indicating steps such as S110, S120, … …, etc. do not necessarily indicate that the steps are performed in this order, and the order of the steps may be interchanged or performed simultaneously as the case may be.

The term "comprising" as used in the description and claims should not be interpreted as being limited to what is listed thereafter; it does not exclude other elements or steps. Thus, it should be interpreted as specifying the presence of the stated features, integers, steps or components as referred to, but does not preclude the presence or addition of one or more other features, integers, steps or components, or groups thereof. Thus, the expression "a device comprising means a and B" should not be limited to a device consisting of only parts a and B.

Reference in the specification to one embodiment "or" an embodiment "means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the application. Thus, appearances of the phrases "in one embodiment" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment, but may. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments as would be apparent to one of ordinary skill in the art from this disclosure.

Note that the above is only a preferred embodiment of the present application and the technical principle applied. Those skilled in the art will appreciate that the present application is not limited to the particular embodiments described herein, but is capable of numerous obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the present application. Thus, while the present application has been described in terms of the foregoing embodiments, the present application is not limited to the foregoing embodiments, but may include many other equivalent embodiments without departing from the spirit of the present application, all of which fall within the scope of the present application.

Claims (10)

1. An application package generation method with isolation function is characterized by comprising the following steps:

copying the application program file to a catalog corresponding to rpmbuild; the application program files comprise binary files, dependent files and application icon files;

writing a rule configuration file corresponding to the application program file according to the isolation requirement; and compiling spec files of an rpmbuild mechanism;

and generating an rpm package of the application program with the isolation function according to the spec file, the application program file and the rule configuration file.

2. The method as recited in claim 1, further comprising:

signing the rpm package through a GPG signing mechanism to obtain an encrypted rpm package;

and publishing the encrypted rpm packet to a target library.

3. The method of claim 1, wherein writing the rule configuration file corresponding to the application file according to the isolation requirement comprises:

if the isolation requirement is the isolation requirement of the system call, writing a rule configuration file corresponding to the application program file based on Seccomp;

if the isolation requirement is the isolation requirement of file access, writing a rule configuration file corresponding to the application program file based on AppArmor;

And if the isolation requirement comprises the isolation requirement of system call and the isolation requirement of file access, writing a rule configuration file corresponding to the application program file based on the Seccomp and the AppArmor.

4. A method according to any one of claims 1-3, wherein the method of generating application packages with quarantine functions operates under administrator authority.

5. An application management method with isolation function, comprising:

the target machine establishes connection with the user machine;

the target machine obtains an rpm package of an application program with an isolation function through a user machine with a connection established, wherein the rpm package is generated according to the method of any one of claims 1-4;

the target machine performs signature verification on the rpm packet, and if the verification is passed, the target machine performs corresponding management on the application program;

the target machine is a machine without a graphical interface, and the user machine is a machine with a graphical interface.

6. The method of claim 5, wherein the managing comprises:

install, uninstall, delete, and/or upgrade.

7. The method of claim 6, wherein the checksum the managing comprises:

Performing said checksum said managing by means of an rpm command; or (b)

The checksum management is performed by way of a dnf command.

8. The method of claim 6, wherein the application management method with quarantine function operates under normal user rights.

9. An application package generating device with isolation function, comprising:

the application program copying module is used for copying the application program file to the catalog corresponding to rpmbuild; the application program files comprise binary files, dependent files and application icon files;

the rule configuration file writing module is used for writing rule configuration files corresponding to the application program files according to isolation requirements; and compiling spec files of an rpmbuild mechanism;

and the rpm package generating module is used for generating an rpm package of the application program with the isolation function according to the spec file, the application program file and the rule configuration file.

10. An application management device with isolation function, comprising:

the connection establishment module is used for establishing connection with the user machine by the target machine;

an rpm package obtaining module, configured to obtain, by the target machine through the user machine that has established a connection, an rpm package of an application program having an isolation function, where the rpm package is generated according to the method of any one of claims 1 to 4;

The application program management module is used for carrying out signature verification on the rpm packet by the target machine, and carrying out corresponding management on the application program if the verification is passed;

the target machine is a machine without a graphical interface, and the user machine is a machine with a graphical interface.

Images