CN117348951B - Container sensing device and container sensing method applied to linux kernel - Google Patents
Container sensing device and container sensing method applied to linux kernel Download PDFInfo
- Publication number
- CN117348951B CN117348951B CN202311638593.XA CN202311638593A CN117348951B CN 117348951 B CN117348951 B CN 117348951B CN 202311638593 A CN202311638593 A CN 202311638593A CN 117348951 B CN117348951 B CN 117348951B
- Authority
- CN
- China
- Prior art keywords
- container
- layer
- entity
- run
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 134
- 230000008569 process Effects 0.000 claims abstract description 117
- 230000008447 perception Effects 0.000 claims abstract description 32
- 239000000523 sample Substances 0.000 claims abstract description 22
- 238000012544 monitoring process Methods 0.000 claims abstract description 17
- 230000005540 biological transmission Effects 0.000 claims abstract description 4
- 239000000284 extract Substances 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 description 9
- 230000007246 mechanism Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 238000010367 cloning Methods 0.000 description 1
- 239000002131 composite material Substances 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/448—Execution paradigms, e.g. implementations of programming paradigms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/545—Interprogram communication where tasks reside in different layers, e.g. user- and kernel-space
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The invention relates to the technical field of kernel container sensing, in particular to a container sensing device and a container sensing method applied to a linux kernel. The device comprises: the system comprises a container probe, a request agent layer, a container perception layer and a container entity module; the request agent layer is respectively connected with the container sensing layer and the container entity module and is used for calling the container probe to acquire container information from a user state based on the data request of the container sensing layer and acquiring the state of the container entity object from the container entity module based on the data request of the container sensing layer so as to realize data transmission between a kernel state and the user state; the container perception layer is used for monitoring the starting operation state and the stopping operation state of the container, creating and releasing corresponding container entity objects in the container entity module based on the monitored container information, and realizing the association of the processes in the container and the container entity objects. The scheme can realize the comprehensive perception of the Linux kernel to the container.
Description
Technical Field
The embodiment of the invention relates to the technical field of kernel container sensing, in particular to a container sensing device and a container sensing method applied to a linux kernel.
Background
In a Linux operating system, a Linux kernel has the highest running priority, so that not only is the whole Linux system resource managed, but also a safety mechanism is introduced to control the safe running of the Linux system. The container technology realizes the functions of starting, running, suspending and the like of the container through a Cgroup (control group) mechanism and a Namespace (name space) mechanism, and the Cgroup and Namespace technologies belong to the general Linux operating system realization technology and are not specially realized for the container technology; meanwhile, the Linux system also does not provide a system call interface to realize the management of the container, so that the existing Linux kernel cannot sense the existence of the container.
The Linux kernel cannot sense the existence of the container, and thus cannot realize fine-grained management of the container in the kernel mode. For example, the Linux security access control module cannot realize access control management at a container level, and a network protocol stack in a kernel mode cannot implement functions of filtering packets, forwarding data, and the like at the container level on a network data packet.
Therefore, there is a need for a container sensing device applied to a linux kernel.
Disclosure of Invention
In order to solve the problem that the existing Linux kernel cannot sense the existence of a container and cannot realize fine granularity management of the container in the kernel mode, the embodiment of the invention provides a container sensing device and a container sensing method applied to a Linux kernel.
In a first aspect, an embodiment of the present invention provides a container sensing device applied to a linux kernel, where the device includes: the system comprises a container probe arranged in a user mode, a request agent layer, a container sensing layer arranged in a kernel mode and a container entity module arranged in the kernel mode;
the request agent layer is respectively connected with the container sensing layer and the container entity module and is used for calling the container probe to acquire container information from the user state based on the data request of the container sensing layer and acquiring the state of a container entity object from the container entity module based on the data request of the container sensing layer so as to realize data transmission between the kernel state and the user state;
the container perception layer is used for monitoring the starting operation state and the stopping operation state of the container, creating and releasing corresponding container entity objects in the container entity module based on the monitored container information, and is also used for realizing the association of processes in the container and the container entity objects.
In a second aspect, an embodiment of the present invention further provides a method for sensing a container according to any one of the embodiments of the present invention, where the method includes:
monitoring a start operation state and a stop operation state of the container by using the container sensing layer;
when the container is monitored to start to run, the container sensing layer acquires container information of the container which starts to run by using a request agent layer and a container probe, and creates a corresponding container entity object in the container entity module based on the container information;
when the container creates an in-container process, the in-container process is associated with the container entity object by utilizing the container perception layer;
and when the container is monitored to stop running, the container sensing layer releases the corresponding container entity object in the container entity module based on the container information of the container which stops running.
The embodiment of the invention provides a container sensing device and a container sensing method applied to a Linux kernel, which realize the overall sensing of the Linux kernel on the container by sensing the starting operation state and the stopping operation state of the container and associating the entity object of the container with the process in the container by utilizing a container sensing layer, so that each functional module in the Linux kernel can sense the existence of the container, and the fine granularity management of the container is realized in the kernel state.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a container sensing device applied to a linux kernel according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for sensing a container according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments, and all other embodiments obtained by those skilled in the art without making any inventive effort based on the embodiments of the present invention are within the scope of protection of the present invention.
Referring to fig. 1, an embodiment of the present invention provides a container sensing device applied to a linux kernel, where the device includes: the system comprises a container probe arranged in a user mode, a request agent layer, a container sensing layer arranged in a kernel mode and a container entity module arranged in the kernel mode;
the request agent layer is respectively connected with the container sensing layer and the container entity module and is used for calling the container probe to acquire container information from a user state based on the data request of the container sensing layer and acquiring the state of the container entity object from the container entity module based on the data request of the container sensing layer so as to realize data transmission between a kernel state and the user state;
the container perception layer is used for monitoring the starting operation state and the stopping operation state of the container, creating and releasing corresponding container entity objects in the container entity module based on the monitored container information, and realizing the association of the processes in the container and the container entity objects.
In the embodiment of the invention, the container is comprehensively perceived by the Linux kernel by utilizing the container perception layer to perceive the starting operation state and the stopping operation state of the container and associating the container entity object and the process in the container, so that each functional module in the Linux kernel can perceive the existence of the container, and the fine granularity management of the container is realized in the kernel state.
It should be noted that, the technology of the scheme is different from the implementation of the container sensing technology of the cinium, and the container sensing technology of the cinium is mainly aimed at a network security management and control scene; the technology of the invention is oriented to the whole Linux kernel system, so that a scheduling module, a memory management module, a network protocol stack, a file system, a security access control module and the like in the Linux kernel system can sense the existence of the container, thereby being convenient for realizing fine-grained management of the container in kernel mode.
In some implementations, the container entity module includes storing the created plurality of container entity objects in a list;
each container entity object includes a name of the container, a container mount point, a root file of the container, a mirror name of the container, and a process namespace of the container.
In this embodiment, the container entity object exists in the Linux kernel mode and is a representation form of the container in the kernel mode. The secure access control module in the operating system can implement a container-based access control model through this object, and in addition, an operating system administrator can also view the container entity object in the container entity module through the request agent layer. Each container entity object is of a composite structure type and at least consists of a name of a container, a container mounting point, a root file of the container, a mirror name of the container and a process naming space of the container; the security access control module can realize an access control model for the container based on the mounting point, the root file and the mirror image name.
In some embodiments, the container awareness layer, when executing monitoring the starting operational state of the container and creating a corresponding container entity object in the container entity module based on the monitored container information, is configured to:
the container perception layer adds a process monitoring point in the kernel state to monitor the creation of a new runc process by using the process monitoring point; wherein the run process is used to initiate the target container to run;
when monitoring the creation of a new run process, the container perception layer acquires container information of a target container based on environment variables of the run process, a request agent layer and a container probe; the container information comprises the name of a target container, a container mounting point, a root file, a mirror name and a process naming space;
based on the container information of the target container, a container entity object of the target container is created in a container entity module.
At present, although containers are of a plurality of types, the common types are a docker container and a podman container, in the docker container, a background process of the container is usually used for starting a gasket program, then the gasket program is used for creating the container by running a run process, then the run process is used for exiting the operation, and the management work of the container is responsible for the gasket program; in the podman container technology, the environment initialization and management of the container is also responsible for the run process. Thus, it can be considered that the container is initialized and allocated resources by the run process before it is run, and then the run process starts the container and manages the container.
Therefore, the container sensing layer of this embodiment can implement the start sensing capability of the container only by tracking the creation of the run process, and when the creation of the new run process is monitored, it can be considered that a target container is executed, and at this time, the container information of the target container can be acquired based on the environment variable of the run process, the request agent layer and the container probe, and after the container entity object of the target container is created in the container entity module based on the container information of the target container, it can be considered that the start sensing of the target container is completed.
In some implementations, the container aware layer, when executing the run process-based environment variable, the request agent layer, and the container probe, is to obtain container information for the target container to:
the container perception layer extracts the name, mounting point and root file of the target container from the environment variable of the runc process;
the container perception layer monitors the process of creating a process naming space by the runc process so as to acquire the process naming space;
the container perception layer calls the container probe by using the request agent layer so that the container probe obtains the mirror name corresponding to the target container from the user state based on the name of the target container.
In this embodiment, a large amount of container information exists in the running environment variable of the run process, so that the relevant information of the target container including the name, mount point and root file of the target container can be resolved by acquiring the environment variable of the run process. It can be understood that the parameter information of the run process also contains the relevant information, so in order to accurately analyze the relevant information of the target container, the parameter information of the run process and the environment variable can be obtained and analyzed together to obtain the name, the mount point and the root file of the target container.
Then, the container perception layer can monitor the process of creating a process name space by the run process, and can acquire the process name space of the target container after detecting that the run process creates the process name space;
then, since the container information of all the containers is recorded in the user state, the container perception layer calls the container probe by using the request agent layer, so that the container probe can acquire the mirror name corresponding to the target container from the user state based on the name of the target container, and thus all the container information required for creating the container entity object of the target container can be acquired.
In some embodiments, the container awareness layer, after creating the container entity object of the target container in the container entity module based on the container information of the target container, is further to:
the container domain is newly added on the structure body of the run process, and the address of the container entity object of the target container is stored in the container domain of the run process.
Then, in the embodiment of the present invention, the container aware layer may implement association of the process in the container with the container entity object in the following manner:
the container perception layer adds the associated code into the clone system call copying process interface in the Linux kernel layer, so that when the clone system call copying process interface takes the run process as a father process or an ancestor process to generate an in-container process, a container domain is newly added on the structure body of the in-container process, and the address copy in the container domain of the run process is transferred to the container domain of the in-container process, thereby realizing the association of the in-container process and the container entity object.
In this embodiment, by adding a container domain to the structure task_struct of the run process, which is responsible for recording the pointer of the container entity object, and adding the association code to the copy process interface, the association between the container entity object and the process in the container can be quickly realized by using the process cloning mechanism of the Linux kernel. The purpose of associating the container entity object with the process in the container is to facilitate a security access control module in the kernel to control the process in the container according to the container security policy, so as to realize security management and control of all processes in the container.
In some embodiments, the container sensing layer is configured to, when performing monitoring of a shutdown state of the container and releasing a corresponding container entity object in the container entity module based on the monitored container information:
the container perception layer monitors the release operation of the process namespaces;
when the process namespaces are released, the container entity objects corresponding to the process namespaces are searched in the container entity module based on the process namespaces, and the searched container entity objects are released in the container entity module.
In this embodiment, the process namespace is used for managing the lifecycle of the container entity object, and once the release of the process namespace is detected, which represents that the container stops running, the container entity object corresponding to the process namespace is searched in the container entity module and released, so that the whole lifecycle management of the container entity object in the kernel can be completed.
As shown in fig. 2, an embodiment of the present invention provides a method for sensing a container based on the device according to any one of the embodiments of the present specification, where the method includes:
step 200, monitoring the starting operation state and the stopping operation state of the container by utilizing a container sensing layer;
step 202, when the container is monitored to start running, the container sensing layer acquires container information of the container which starts running by using the request agent layer and the container probe, and creates a corresponding container entity object in the container entity module based on the container information;
step 204, when the container creates an in-container process, associating the in-container process with the container entity object by using the container perception layer;
and 206, when the container is monitored to stop running, the container perception layer releases the corresponding container entity object in the container entity module based on the container information of the container which stops running.
Since the method embodiments and the device embodiments in the present disclosure are based on the same concept, the specific content may be referred to the description in the device embodiments of the present disclosure, and the description is omitted herein.
It is noted that relational terms such as first and second, and the like, are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware related to program instructions, and the foregoing program may be stored in a computer readable storage medium, where the program, when executed, performs steps including the above method embodiments; and the aforementioned storage medium includes: various media in which program code may be stored, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (7)
1. A container sensing device applied to a linux kernel, comprising: the system comprises a container probe arranged in a user mode, a request agent layer, a container sensing layer arranged in a kernel mode and a container entity module arranged in the kernel mode;
the request agent layer is respectively connected with the container sensing layer and the container entity module and is used for calling the container probe to acquire container information from the user state based on the data request of the container sensing layer and acquiring the state of a container entity object from the container entity module based on the data request of the container sensing layer so as to realize data transmission between the kernel state and the user state;
the container perception layer is used for monitoring the starting operation state and the stopping operation state of the container, creating and releasing corresponding container entity objects in the container entity module based on the monitored container information, and realizing the association between the processes in the container and the container entity objects;
the container perception layer is used for tracking the creation of a run progress to monitor the starting running state of the container;
the container perception layer is used for realizing the association of the processes in the container and the entity objects of the container by the following modes:
and the container perception layer adds an associated code into a copying process interface of a clone system call in a Linux kernel layer, so that when the clone system calls the copying process interface to generate an in-container process by taking the run process as a father process or an ancestor process, a container domain is newly added on a structure body of the in-container process, and address copy in the container domain of the run process is transferred to the container domain of the in-container process, thereby realizing association of the in-container process and the container entity object.
2. The apparatus of claim 1, wherein the container entity module comprises a plurality of container entity objects created by storing in a list;
each of the container entity objects includes a name of the container, a container mount point, a root file of the container, a mirror name of the container, and a process namespace of the container.
3. The apparatus of claim 2, wherein the container awareness layer, when executing monitoring a starting operational state of a container and creating a corresponding container entity object in the container entity module based on the monitored container information, is configured to:
the container perception layer adds a process monitoring point in a kernel state to monitor creation of a new run process by using the process monitoring point; the run process is used for starting the target container to run;
when monitoring the creation of a new run process, the container perception layer acquires container information of the target container based on environment variables of the run process, the request agent layer and the container probe; the container information comprises the name of the target container, a container mounting point, a root file, a mirror image name and a process naming space;
based on the container information of the target container, a container entity object of the target container is created in the container entity module.
4. The apparatus of claim 3, wherein the container awareness layer, when executing the environment variable based on the run process, the request agent layer, and the container probe, is to obtain container information for the target container:
the container perception layer extracts the name, mounting point and root file of the target container from the environment variable of the run process;
the container perception layer monitors the process of creating the process namespaces by the run process to acquire the process namespaces;
and the container perception layer calls the container probe by utilizing the request agent layer so that the container probe obtains the mirror image name corresponding to the target container from the user state based on the name of the target container.
5. The apparatus of claim 3, wherein the container awareness layer, after creating the container entity object of the target container in the container entity module based on the container information of the target container, is further to:
adding a container domain on the structure of the run process, and storing the address of the container entity object of the target container in the container domain of the run process.
6. The apparatus of claim 2, wherein the container aware layer, when executing monitoring of a shutdown state of a container and releasing a corresponding container entity object in the container entity module based on the monitored container information, is configured to:
the container perception layer monitors the release operation of the process namespaces;
and when the process namespaces are released, searching the container entity objects corresponding to the process namespaces in the container entity modules based on the process namespaces, and releasing the searched container entity objects in the container entity modules.
7. A container sensing method applied to a linux kernel, comprising:
monitoring a start operation state and a stop operation state of the container by using the container sensing layer;
when the container is monitored to start to run, the container sensing layer acquires container information of the container which starts to run by using a request agent layer and a container probe, and creates a corresponding container entity object in the container entity module based on the container information;
when the container creates an in-container process, the in-container process is associated with the container entity object by utilizing the container perception layer;
when the container is monitored to stop running, the container sensing layer releases a corresponding container entity object in the container entity module based on the container information of the container which stops running;
the container perception layer is used for tracking the creation of a run progress to monitor the starting running state of the container;
the container perception layer is used for realizing the association of the processes in the container and the entity objects of the container by the following modes:
and the container perception layer adds an associated code into a copying process interface of a clone system call in a Linux kernel layer, so that when the clone system calls the copying process interface to generate an in-container process by taking the run process as a father process or an ancestor process, a container domain is newly added on a structure body of the in-container process, and address copy in the container domain of the run process is transferred to the container domain of the in-container process, thereby realizing association of the in-container process and the container entity object.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311638593.XA CN117348951B (en) | 2023-12-04 | 2023-12-04 | Container sensing device and container sensing method applied to linux kernel |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311638593.XA CN117348951B (en) | 2023-12-04 | 2023-12-04 | Container sensing device and container sensing method applied to linux kernel |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117348951A CN117348951A (en) | 2024-01-05 |
| CN117348951B true CN117348951B (en) | 2024-02-09 |
Family
ID=89359828
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311638593.XA Active CN117348951B (en) | 2023-12-04 | 2023-12-04 | Container sensing device and container sensing method applied to linux kernel |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117348951B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107797845A (en) * | 2016-09-07 | 2018-03-13 | 华为技术有限公司 | Method and apparatus for accessing container |
| CN109858244A (en) * | 2019-01-16 | 2019-06-07 | 四川大学 | Process exception behavioral value method and system in a kind of container |
| CN111680288A (en) * | 2020-06-10 | 2020-09-18 | 深圳前海微众银行股份有限公司 | Command execution method, device and equipment for container and storage medium |
| CN114398142A (en) * | 2021-11-29 | 2022-04-26 | 北京中电普华信息技术有限公司 | Power grid Internet of things edge processing method and processing unit based on containerization |
| CN115113970A (en) * | 2021-03-17 | 2022-09-27 | 腾讯云计算(北京)有限责任公司 | Data processing method based on container engine and related equipment |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10678935B2 (en) * | 2017-04-11 | 2020-06-09 | Nicira, Inc. | Identifying container file events for providing container security |
-
2023
- 2023-12-04 CN CN202311638593.XA patent/CN117348951B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107797845A (en) * | 2016-09-07 | 2018-03-13 | 华为技术有限公司 | Method and apparatus for accessing container |
| CN109858244A (en) * | 2019-01-16 | 2019-06-07 | 四川大学 | Process exception behavioral value method and system in a kind of container |
| CN111680288A (en) * | 2020-06-10 | 2020-09-18 | 深圳前海微众银行股份有限公司 | Command execution method, device and equipment for container and storage medium |
| CN115113970A (en) * | 2021-03-17 | 2022-09-27 | 腾讯云计算(北京)有限责任公司 | Data processing method based on container engine and related equipment |
| CN114398142A (en) * | 2021-11-29 | 2022-04-26 | 北京中电普华信息技术有限公司 | Power grid Internet of things edge processing method and processing unit based on containerization |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117348951A (en) | 2024-01-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11875173B2 (en) | Execution of auxiliary functions in an on-demand network code execution system | |
| US10817331B2 (en) | Execution of auxiliary functions in an on-demand network code execution system | |
| JP7197612B2 (en) | Execution of auxiliary functions on on-demand network code execution systems | |
| US9825956B2 (en) | Systems and methods for access permission revocation and reinstatement | |
| US11132356B2 (en) | Optimizing data entries in a log | |
| US9384056B2 (en) | Virtual resource allocation and resource and consumption management | |
| CN112346829B (en) | Method and equipment for task scheduling | |
| EP3432159B1 (en) | Garbage collection method and device | |
| JP2007148738A (en) | Information monitoring method, system, and program | |
| US8904359B2 (en) | On-demand monitoring of memory usage | |
| CN109409087B (en) | Anti-privilege-raising detection method and device | |
| CN109923547B (en) | Program behavior monitoring device, distributed object generation management device, storage medium, and program behavior monitoring system | |
| US11379579B2 (en) | Shadow stack violation enforcement at module granularity | |
| US20190303542A1 (en) | Global License Spanning Multiple Timezones in a Rate-Based System | |
| CN112882765B (en) | Digital twin model scheduling method and device | |
| CN117348951B (en) | Container sensing device and container sensing method applied to linux kernel | |
| CN108154343B (en) | Emergency processing method and system for enterprise-level information system | |
| CN115292740A (en) | Method and device for managing clipboard and nonvolatile storage medium | |
| CN115080309A (en) | Data backup system, method, storage medium, and electronic device | |
| CN110968406B (en) | Method, device, storage medium and processor for processing task | |
| JP2013145511A (en) | Api execution controller and program | |
| WO2021096346A1 (en) | A computer-implemented system for management of container logs and its method thereof | |
| CN112825517B (en) | Safe acceleration wind control scheduling method and equipment | |
| CN111176959A (en) | Early warning method, system and storage medium for cross-domain application server | |
| CN117290857B (en) | System, method, equipment and medium for realizing cloud primary security based on eBPF |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 100102 room 2, 1301, floor 13, building 3, yard 6, lizexi street, Chaoyang District, Beijing Patentee after: Beijing Changqing Software Co.,Ltd. Country or region after: China Address before: No. 38, Room 726, Building 1-7, Building 1-7, No. 1 Jinsong South Road, Chaoyang District, Beijing, 100021 Patentee before: Beijing Changyang Software Co.,Ltd. Country or region before: China |