JP7378356B2 - Information processing device and program - Google Patents

Description

The present invention relates to an information processing device and a program.

BACKGROUND ART Server virtualization technology that allows multiple virtual machine systems to be activated and used on a host OS has been known (Non-Patent Document 1).

Etsushi Nakai, “Practical Utilization of KVM Server Virtualization”, Nikkei Linux, 2015.9, pp.138-143

However, in the above-mentioned conventional technology, the host OS and the guest OS operate as mutually different systems, and the user authority settings of the host OS and the user authority settings of the guest OS are generally different.

Therefore, if files in the file system of the host OS are set to be shared by the guest OS, applications running on the guest OS may access files on the file system without considering user privileges of the host OS. There is a possibility that it will be stored away.

The present invention has been made in view of the above-mentioned circumstances, and one of its objects is to provide an information processing device and a program that can perform processing in a guest OS that takes into account user authority settings in the host OS. .

One aspect of the present invention that solves the problems of the conventional example described above is an information processing device that includes a storage unit, a host-side processing unit that executes processing of a host operating system, and processing as a virtual machine. , a controller unit that includes a guest-side processing unit that executes a process of a guest operating system and a guest-side processing unit that executes a predetermined process on a virtual machine executed by the host-side processing unit, the controller unit In the processing as the host-side processing means, the guest-side processing means uses authentication information of the user of the host operating system and access right information of each user of the host operating system for each file stored in the storage unit. In the processing as the guest-side processing means, when the application program receives access from the user, it refers to the user authentication information managed by the host operating system and authenticates the user. The controller section is designed to authenticate users.

With this configuration, the guest OS can perform processing that takes into account the user authority settings in the host OS.

Further, the host side processing means of the controller section further holds access right information of the user of the host operating system for each file stored in the storage section in a state that is accessible from the guest side processing means, The host-side processing means of the controller section sets at least a part of the file system in the storage section managed by the host operating system to be accessible from the guest-side processing means, and the guest-side processing means of the controller section: As a process of an application program running on a guest operating system, determining the access right of a file held in a file system in the storage section that is set to be accessible by the host operating system based on the access right information. You can also use it as

This allows the guest OS to perform processing that takes into account the user authority settings in the host OS.

Furthermore, the host-side processing means of the controller section sets at least a part of the file system in the storage section managed by the host operating system to be accessible from the guest-side processing means by NFS mounting, and The processing means may NFS mount at least a part of the file system of the host operating system in the storage section that is set to be accessible, and make it available for use by an application program running on the guest operating system.

According to this, the guest OS can access at least part of the file system under the control of the host OS via the network.

Furthermore, an application program running on a guest operating system executed by the guest side processing means of the controller section searches for files held in a file system in the storage section that is set to be accessible by the host operating system. It may also include a search application for searching.

In this way, it becomes possible to use a search application that does not run on the host OS to search for files on the file system managed by the host OS while taking into consideration the user authority settings on the host OS.

Another aspect of the present invention is a method for controlling an information processing apparatus including a storage unit and a controller unit, wherein the controller unit executes processing of a host operating system and also executes processing as a virtual machine. and a guest side processing step that executes a process of a guest operating system and a predetermined process on a virtual machine executed in the host side processing step, and the controller unit: In the host side processing step, the authentication information of the user of the host operating system and the access right information of each user of the host operating system for each file stored in the storage unit are made accessible in the guest side processing step. state, and in the guest-side processing step, as a process of the application program, upon receiving access from a user, the user is authenticated by referring to the user authentication information managed by the host operating system. It is.

Furthermore, another aspect of the present invention is a program, in which a computer including a storage unit and a controller unit is installed on a host side where the controller unit executes processing of a host operating system and also executes processing as a virtual machine. and a guest-side processing means that executes processing of a guest operating system and executes predetermined processing on a virtual machine executed by the host-side processing means, and functions as the host-side processing means. At the time of the process, the authentication information of the user of the host operating system and the access right information of each user of the host operating system for each file stored in the storage unit are made accessible to the guest side processing means. When the computer is stored and functions as the guest-side processing means, the process of the application program is to receive access from a user and authenticate the user by referring to user authentication information managed by the host operating system. This is what I did.

According to the present invention, it becomes possible for the guest OS to perform processing that takes into consideration the settings of user authority in the host OS.

1 is a block diagram illustrating a configuration example of an information processing device according to an embodiment of the present invention. FIG. FIG. 1 is a functional block diagram illustrating an example of an information processing device according to an embodiment of the present invention. FIG. 2 is a flowchart illustrating an example of processing on a guest OS of an information processing device according to an embodiment of the present invention. FIG. 2 is a flowchart illustrating a processing example of guest OS management of the information processing device according to the embodiment of the present invention.

Embodiments of the present invention will be described with reference to the drawings. The information processing device 1 according to the embodiment of the present invention includes a control section 11, a main storage section 12, an interface section 13, a storage section 14, and a network communication section 15, as illustrated in FIG. Consists of. Here, the control section 11, main storage section 12, interface section (I/F) 13, and network communication section 15 correspond to the controller section of the present invention.

The control unit 11 is a program control device such as a CPU, and operates according to a program stored in the main storage unit 12. In one example of the present embodiment, the control unit 11 operates as a first operating system (hereinafter referred to as host OS), and also operates as a virtual machine system (VM) on this first operating system. processing is being executed. Further, the control unit 11 operates a second operating system (hereinafter referred to as a guest OS) on the virtual machine system.

The control unit 11 executes processing of corresponding application programs on the respective operating systems of the host OS and the guest OS. The specific details of the processing by the control unit 11 will be described later.

The main storage unit 12 is a memory device or the like, and stores programs executed by the control unit 11. This program is read out from within the system area set in the storage unit 14 and stored in the main storage unit 12. The main storage section 12 also operates as a work memory for the control section 11.

The interface unit 13 is interposed between the control unit 11 and the storage unit 14, and writes data to the storage unit 14 or reads data from the storage unit 14 according to instructions input from the control unit 11. Execute processing.

The storage unit 14 is a disk device such as a hard disk drive (HDD) or an SSD (Solid State Drive), and holds various data. In this embodiment, the storage area of the storage unit 14 is divided into a program storage area 14a, a system area 14b, and a user data area 14c.

Among these, the program storage area 14a stores programs for the host OS, application programs executed on the host OS, and the like.

The system area 14b also contains the image file of the file system for the guest OS, its backup, information on access rights for each user to each file and directory in the user data area 14c, user registration authentication information, etc. is stored. One of the characteristics of this embodiment is that the data of the installation image (initial image) of the file system image file for the guest OS is used as a backup, and the image file of the file system used by the virtual machine system is This is something that is kept separately.

The user data area 14c stores at least one directory (hereinafter referred to as a shared directory for convenience), and files that are user data are stored under each shared directory.

The network communication unit 15 includes a plurality of network interfaces LAN1, LAN2, . This network communication unit 15 is connected to a network via any network interface LAN, and sends and receives information to and from computer devices (including itself) on the network according to instructions input from the control unit 11. .

In one example of this embodiment, the network communication section 15 is assumed to include three network interfaces LAN1, LAN2, and LAN3. Here, the LAN 1 is assumed to have communication parameters such as an IP address set by the guest OS, and is controlled by the guest OS. Further, it is assumed that communication parameters such as an IP address are set by the host OS for LAN2 and LAN3, and the LAN2 and LAN3 are controlled by the host OS.

That is, application programs and the like on the guest OS send and receive information to and from computer devices on the network via the network interface LAN1. In the example of this embodiment, the guest OS logically sets a virtual network interface (virtual NIC) therein. The virtual machine system then passes through (outputs as is) the data instructed to be transmitted via this virtual network interface to the network interface LAN1. Furthermore, the virtual machine system passes through data arriving at the network interface LAN1 to the virtual network interface set by the guest OS.

Further, in this example, application programs and the like on the host OS send and receive information to and from computer devices on the network via the network interface LAN2 or LAN3.

Next, the operation of the control section 11 will be explained here. As illustrated in FIG. 2, the control unit 11 of this embodiment functions as a host OS that executes a host OS and operates as a host OS, and also as a host that operates according to an application program on the host OS. It includes a side processing unit 20 and a guest side processing unit 30 that executes a guest OS to operate as a guest OS and operates according to an application program on the guest OS.

Further, the host-side processing unit 20 functionally includes a file management unit 21, a virtual machine system unit 22, and a guest OS management unit 23. The guest side processing section 30 is configured to functionally include a file system sharing processing section 31, a file search section 32, and a response processing section 33.

The file management unit 21 accepts requests for access from other information processing devices (personal computers, etc.) on the network based on instructions from users thereof. The file management unit 21 authenticates the user of the information processing device that is the source of the access request. This authentication is performed by receiving authentication information such as the user name and password of the user from the information processing device, and then using the user name and password recorded in the registered authentication information stored in the system area 14b of the storage unit 14 in advance. This may be done using a conventionally known method such as comparing the

The file management unit 21 requests writing of user data to the user data area 14c of the storage unit 14 and reading of user data stored in the user data area 14c from the other information processing device operated by the authenticated user. accept.

In an example of this embodiment, a shared directory is created in the user data area 14c. The system area 14b also contains, for each shared directory, access right information that associates information that identifies the shared directory with information that indicates whether each user can read or write user data (files) in the shared directory. is stored. Further, the information specifying the shared directory here may be the path name of the shared directory.

When the file management unit 21 receives user data (various files) and information specifying the shared directory in which the data is stored from the other information processing device operated by the authenticated user, the file management unit 21 refers to this access right information. Then, it is checked whether the authenticated user can write to the shared directory (storage destination) specified by the information. When the user is set to be able to write to the storage destination, the file management unit 21 stores the accepted user data in the shared directory of the storage destination.

Further, when the file management unit 21 receives information identifying user data (a path name including a shared directory specification) from the other information processing device operated by the authenticated user, the file management unit 21 refers to this access right information. Then, it is checked whether the authenticated user is able to read data from the shared directory (read source) specified by the information. Then, when the user is set to be able to read data from the read source, the file management unit 21 reads the user data specified by the accepted information from the read source shared directory, and uses the data from the other information processing device. Send it to the address via the network.

That is, in one example of this embodiment, the access right to each file is determined based on the access right information of the shared directory containing the file.

The file management unit 21 also performs processes such as rewriting the above-mentioned access right information by a user set as an administrator, and moving and deleting user data. Since it is widely known, detailed explanation will be omitted here.

The virtual machine system unit 22 is realized using a virtual machine system program that runs on the host OS, such as KVM (Kernel-based Virtual Machine)/QEMU. This virtual machine system unit 22 provides functions as a virtual CPU, virtual memory, virtual input/output interface, and virtual network interface (virtual NIC), and operates a guest OS on this. let

In the example of the present embodiment, the virtual machine system unit 22 sets up a virtual file system (such as VirtFS) to create a system area 14b and a user data area 14c in the storage unit 14 of the information processing device 1. from the guest OS. As a result, the host side processing unit 20 uses the user authentication information (user name, etc.) in the host OS and the access rights of each user set on the host OS side for each file stored in the user data area 14c of the storage unit 14. The information is made accessible from the guest OS executed by the guest-side processing unit 30.

Additionally, the virtual machine system unit 22 stores the file system image file for the virtual machine system stored in the system area 14b as a file system in a virtual disk device logically connected to the virtual machine system. Mount it and start the guest OS program recorded in the file system image. Furthermore, data such as application programs executed on the guest OS is also recorded in this file system image.

Further, in the example of this embodiment, the virtual machine system unit 22 provides at least one logical virtual network interface.

The guest OS management unit 23 repeatedly sends a request for status information to the guest processing unit 30 at predetermined timings (for example, at regular timings). The guest OS management unit 23 also waits for a response from the guest side processing unit 30 to the sent status information request. The guest OS management unit 23 measures the time spent waiting for a response, and when this time exceeds a predetermined time threshold, it assumes that the status information has not been obtained and performs abnormality processing, which will be explained later. Execute.

Furthermore, if the guest OS management unit 23 receives a response to the request for status information from the guest processing unit 30 before the time threshold is exceeded, the guest OS management unit 23 determines whether or not the content of the response indicates an abnormality. do. Here, if the content of the response does not indicate an abnormality, the guest OS management unit 23 waits until it sends a request for status information at the next timing. On the other hand, if the content of the accepted response indicates an abnormality, the guest OS management unit 23 executes the following abnormality processing.

If no status information is obtained in response to a request for status information, or if the acquired status information indicates an abnormality, the guest OS management unit 23 performs the following process as an abnormality process. Execute.

That is, the guest OS management unit 23 instructs the guest side processing unit 30 to restart the guest OS. This instruction can be given, for example, as a reboot instruction to the guest OS.

The guest OS management unit 23 repeatedly sends requests for status information at predetermined timings (for example, at regular timings) even after receiving an instruction to execute the reboot. Then, even after a predetermined time (reboot waiting time) has elapsed after the guest OS management unit 23 instructs to execute the reboot, the status information cannot be obtained in response to the status information request. or if the obtained status information indicates an abnormality, the guest OS is initialized.

Specifically, the guest OS management unit 23 stops the operation of the virtual machine system unit 22 when initializing the guest OS. Next, the guest OS management unit 23 deletes the file system image file for the virtual machine system stored in the system area 14b, and deletes the file system image file for the virtual machine system stored in the system area 14b. Copy the backup (initial image) file. The file obtained by this copying becomes a file system image file for a new virtual machine system.

In other words, the guest OS management unit 23 reinstalls the virtual machine system including the guest OS.

Then, the guest OS management unit 23 starts up the virtual machine system unit 22 again. In this case, the virtual machine system unit 22 will be restarted using the file system image for the virtual machine system that has become a new initial image.

The file system sharing processing unit 31 of the guest side processing unit 30 uses a storage unit under the management of the host OS via a virtual file system (for example, VirtFS) provided by the virtual machine system unit 22 running on the host OS side. 14 file systems are mounted (made accessible) as file systems of the guest OS.

In this embodiment, the file system sharing processing unit 31 mounts the system area 14b and user data area 14c in the storage unit 14 on the guest OS side.

Note that in this embodiment, the user settings on the host OS are not the same as the user settings on the guest OS, so the access rights of the host OS user are set to be ignored on the guest OS side. Under this setting, from the guest OS side, commands that operate with the authority of any user account can access all files in the system area 14b and user data area 14c of the storage section 14 on the host OS side. It becomes a state.

The file system sharing processing unit 31 also receives authentication information including information (user name) that identifies the user who requested the file search and information about the user's password from the file search unit 32 (application program) to be described later. Accept information input.

The file system sharing processing unit 31 refers to the registered authentication information of the host OS stored in the system area 14b in the storage unit 14, and uses the user name and password recorded in the registered authentication information and the file search unit The user of the file search section 32 is authenticated by comparing the user name and password accepted from the file search section 32.

When the authentication is successful here, the file system sharing processing unit 31 refers to the access right information managed by the host OS, which is stored in the system area 14b in the storage unit 14, and uses the information regarding the authenticated user. Read access right information.

Based on the read access right information, the file system sharing processing unit 31 outputs to the file search unit 32 information specifying a shared directory that the authenticated user is permitted to read. The file system sharing processing unit 31 then instructs the file search unit 32 to search only for files under the shared directory specified by the information.

Further, when the file system sharing processing section 31 fails to authenticate the user of the file search section 32, it outputs information to the file search section 32 that the authentication has failed. Alternatively, when the file search unit 32 fails to authenticate the user, the file system sharing processing unit 31 provides information specifying the shared directory to which the guest user (user without a user name has been set) is permitted to access. , is output to the file search unit 32.

The file search unit 32 accepts a request to search for user data in the user data area 14c of the storage unit 14 from a user on the network via the virtual network interface provided by the virtual machine system unit 22. The file search unit 32 requests the user who made the search request to input a user name and password, and outputs the input user name and password to the file system sharing processing unit 31.

When the file search unit 32 receives input from the file system sharing processing unit 31 of information specifying a shared directory containing a file to be searched, the file search unit 32 sends information to the user who made the search request, which is a key to the search. prompt for input. Note that the file search unit 32 may request input of this information by presenting a web page to the user.

When the user inputs search key information, the file search unit 32 uses the search key information to find the user of the storage unit 14 identified by the information input from the file system sharing processing unit 31. A file under the shared directory in the data area 14c is searched. The file search unit 32 then presents the search results to the user who requested the search.

This search process may be similar to the process performed using a search system such as Apache Solr (trademark) provided by the Apache Software Foundation, so it will not be described here. Detailed explanation will be omitted.

The application program such as the file search unit 32 generates various information (hereinafter referred to as preference information) such as file index information and operation setting information used for its processing. Then, the application program such as the file search unit 32 stores this preference information in the system area of the host OS storage unit 14 via the virtual file system provided by the virtual machine system unit 22 running on the host OS side. 14b directly. As a result, even when the above-mentioned guest OS is initialized, the preference information necessary for the operation of application programs such as the file search unit 32 is maintained in the state before initialization.

Note that the preference information here may include various types of information, such as data generated by an application program, in addition to the information described above. For example, it may include documents generated by application programs, media data such as image data and audio data, various data obtained by calculations such as calculation results and mechanical learning data, and other data.

Further, in this embodiment, when the file system sharing processing unit 31 receives information indicating that authentication has failed, the file search unit 32 sends the input authentication information to the user who made the search request. The user will be shown the information that is incorrect and asked to enter the username and password again.

The response processing section 33 accepts a request for status information from the guest OS management section 23 of the host side processing section 20, and sends out the status information in response to the request. In one example of the present embodiment, the response processing unit 33 accepts a request for status information using HTTP (Hyper-Text Transfer Protocol), and also sends the status information in response to the request. In this case, the response processing unit 33 sends requests to and from the guest OS management unit 23 of the host-side processing unit 20 via, for example, the virtual network interface, the network interface LAN1, the network, and the network interface LAN2 (or LAN3). and send and receive responses.

Upon accepting a request for status information from the guest OS management unit 23 of the host-side processing unit 20, the response processing unit 33 checks the operating status (process status) of a predetermined application program such as the file search unit 32.

When the operating status of a predetermined application program such as the file search unit 32 indicates an abnormality (for example, the process is not running or the memory consumption is at a predetermined threshold (exceeds the state of the process, the state of the process remains in a state of waiting for a predetermined process after completion, etc.), the state information indicating that the process is abnormal is sent to the guest OS management unit 23 of the host side processing unit 20. do.

Further, if the operating status of a predetermined application program such as the file search unit 32 does not indicate any abnormality, the response processing unit 33 transmits status information indicating that the operation is normal to the guest OS management of the host side processing unit 20. The information is sent to the section 23.

Note that if the guest OS is not operating normally in the first place, or if the response processing unit 33 is not activated (or terminated abnormally), the response processing unit 33 cannot send a response to the above request. That will happen.

[motion]
The information processing device 1 of this embodiment basically has the above configuration and operates as follows. In this example, the information processing device 1 stores user data of the user in the storage unit 14. Further, this information processing device 1 operates a host OS, further operates a virtual machine system on this host OS, and operates a guest OS within this virtual machine system.

The information processing device 1 operates as a NAS by a program running on the host OS, and receives user data write (storage) instructions from a personal computer PC used by the user via the network, and the information stored in the storage unit 14. Accept instructions to read user data.

Here, the network interface LAN1 of the information processing device 1 is set as an interface for a guest OS running on the virtual machine system to communicate with a PC or the like on the network. Further, the network interfaces LAN2 and LAN3 are set as interfaces for the host OS to communicate with PCs and the like on the network.

In the following example, it is assumed that the storage area of the storage unit 14 is divided into a program storage area 14a, a system area 14b, and a user data area 14c. It is also assumed that the system area 14b stores registered authentication information for user authentication and access right information recording the access right to the shared directory in the user data area 14c for each user. .

Furthermore, in this embodiment, the system area 14b stores a file system image file for the virtual machine system. The virtual file system recorded in this file stores a guest OS, application programs running on the guest OS, and various data used by them.

It is also assumed that a backup (initial image) of a file system image for the virtual machine system is stored in the system area 14b. This initial image corresponds to an image immediately after installing a guest OS, applications, etc. that run on it, and is assumed to be in a state where operation is guaranteed in advance.

The information processing device 1 receives instructions for writing or reading user data from a personal computer PC used by a user via a network interface LAN2 or LAN3. The information processing device 1 authenticates the user of the PC that is the source of the access request using the registered authentication information stored in the system area 14b of the storage unit 14.

When the information processing device 1 successfully authenticates the user, it refers to the instruction accepted from the user. If the instruction accepted from the user here is, for example, an instruction to store user data that specifies a shared directory as a storage destination, whether or not the user has write permission to the specified shared directory. This is determined based on access right information predetermined for the user. When the user is set to be able to write to the specified shared directory, the information processing device 1 stores the accepted user data in the specified shared directory as a storage destination.

Furthermore, the information processing device 1 determines whether the instruction accepted from the user who has successfully authenticated is information for identifying user data (which may be a path name including a shared directory specification) and an instruction to read the user data specified by the information. When the above-mentioned authenticated user is able to read data from the shared directory (read source) specified by the above-mentioned information by referring to the access right information predetermined for the user, investigate. Then, when the user is set to be able to read from the read source, the information processing device 1 reads the user data specified by the accepted information from the read source shared directory and sends it to the PC used by the user. , and then send it out over the network.

On the other hand, it is assumed that the information processing device 1 is running, for example, a file search application program as a process on the guest OS side. In such an example, an application program for the NAS function that is compatible with the host OS but does not run on the guest OS, and a file search application that runs on the guest OS but not on the host OS are combined into one information processing device. This corresponds to the case where it is operated on 1.

The guest OS operates on a virtual machine system running on the host OS, and mounts the system area 14b and user data area 14c in the storage unit 14 managed by the host OS on the guest OS side. As already mentioned, since the user settings on the host OS are not the same as the user settings on the guest OS, the access rights of the host OS user are set to be ignored on the guest OS side. Therefore, all files in the system area 14b and user data area 14c of the storage unit 14 on the host OS side can be accessed from a command that operates with the authority of any user account on the guest OS.

When an application program on the guest OS accesses a file stored in the user data area 14c or the like under the control of the host OS, such as when searching for a file, the information processing device 1 operates as illustrated in FIG. .

That is, the information processing device 1 performs a search for user data in the user data area 14c of the storage unit 14 from the user's PC via the network interface LAN1 used by the guest OS to communicate with PCs and the like on the network. Accept the request (S1).

The information processing device 1 requests the user who made the search request to input a user name and password (S2), and when authentication information such as a user name and password is input, the information processing device 1 stores the authentication information and the storage. The user is authenticated by comparing the registered authentication information of the host OS stored in the system area 14b in the unit 14 (S3). In the following, it is assumed that the authentication was successful.

The information processing device 1 refers to the access right information managed by the host OS, which is stored in the system area 14b in the storage unit 14, and reads out the access right information regarding the authenticated user (S4).

Based on the read access right information, the information processing device 1 identifies a shared directory in the user data area 14c that the authenticated user is permitted to read (S5). The information processing device 1 then sets the file in the shared directory identified in step S5 as a search target (S6).

In addition, the information processing device 1 requests the user who made the search request to input information that will be the key for the search (S7), and when the user inputs the information that will be the key for the search (S8), the information processing device 1 Using the information, a file matching the input search key is searched from among the files searched in step S6 (search process: S9). The information processing device 1 then sends and presents the results of the search process in step S9 to the user who made the search request (S10).

According to this example of the present embodiment, an application program on the guest OS side refers to user authentication information on the host OS side and setting information of access rights used by the host OS for files and directories. Since the process is executed for the user authenticated using the relevant authentication information within the scope of the access rights defined by the referenced setting information, the user rights settings of the host OS and the user rights of the guest OS may differ. Also, application programs running on the guest OS can access files on the file system while taking into account the user privileges of the host OS.

Furthermore, the information processing device 1 of this embodiment monitors the operating status of the guest OS as the operation of the application program on the host OS, and maintains the service provided by the application program on the guest OS.

For this purpose, the guest OS executes a process of accepting a request for status information from the host OS and sending the status information in response to the request. In one example of this embodiment, a request for this status information is sent from the host OS side to the guest OS side via the network, and the guest OS side sends a response to the request to the host OS side via the network. Send to. Here, the requests and responses are sent and received using a widely known protocol such as HTTP.

As a process on the guest OS side, the information processing device 1 checks the status of a process of a predetermined application program, such as a file search application program, every time it receives a request for status information from the host OS side. Then, if the status of the process indicates an abnormality, the information processing device 1 transmits status information indicating that the process is abnormal; Sends status information to the host OS side.

As already mentioned, if the guest OS is not operating normally or if the process for the response is not operating normally, the response to the request is not sent.

In this example, the information processing device 1 executes an application program or the like for managing the guest OS on the host OS, and performs the processing illustrated in FIG. 4 . The following processing is performed on the host OS.

The information processing device 1 repeatedly sends a request for status information at predetermined timings (for example, at regular timings) to the network interface LAN1 used by the guest OS to communicate with the network (S11).

The information processing device 1 then waits for a response to the request, and determines whether the status information has been obtained before a predetermined time threshold is exceeded (that is, before timeout) (S12).

Here, if a response to the request for status information is accepted from the guest OS side via the network before timeout (S12: Yes), the information processing device 1 determines whether the content of the response indicates an abnormality or not. A judgment is made (S13).

If the content of the response indicates an abnormality in step S13 (S13: Yes), the information processing device 1 moves to step S14. Further, even if there is no response from the guest OS to the request for status information via the network before timeout in step S12 (S12: No), the information processing device 1 moves to step S14 and continues the process.

As the process of step S14, the information processing device 1 instructs the guest OS to reboot (S14). Then, the information processing device 1 waits for a predetermined time required for rebooting, and then sends a request for status information (S15).

The information processing device 1 waits for a response to the request, and determines whether status information has been obtained before a predetermined time threshold is exceeded (that is, before timeout) (S16).

Here, if a response to the request for status information is accepted from the guest OS side via the network before timeout (S16: Yes), the information processing device 1 determines whether the content of the response indicates an abnormality or not. A judgment is made (S17).

If the content of the response indicates an abnormality in step S17 (S17: Yes), the information processing device 1 moves to step S18. Further, even if there is no response from the guest OS to the request for status information via the network before timeout in step S16 (S16: No), the information processing device 1 moves to step S18 and continues the process.

The information processing device 1 initializes the guest OS as the process of step S18 (S18). Initialization of this guest OS is performed as follows. Specifically, the information processing device 1 stops the operation of the virtual machine system running on the host OS, deletes the file system image file for the virtual machine system stored in the system area 14b, and restores the system area. The backup (initial image) file of the file system image for the virtual machine system stored in the virtual machine system 14b is copied, and the virtual machine system including the guest OS is reinstalled. Then, the information processing device 1 starts up the virtual machine system again on the host OS. After that, the information processing device 1 returns to step S11 and continues the process.

On the other hand, if the content of the response does not indicate an abnormality in step S13 or step S17 (S13, S17: No), the information processing device 1 returns to step S11 and continues the process.

As a result, in this embodiment, the host OS can detect an abnormality in a process on the guest OS or an abnormality in the guest OS itself, and execute processing corresponding to the abnormality to improve the availability of services provided on the guest OS. improves.

[Local bridge settings]
In addition, in the description of this embodiment so far, the host OS and guest OS executed on the information processing device 1 share at least part of the storage area of the storage unit 14 in a virtual file system. The above processing was executed by communicating via network interfaces LAN1, LAN2, and LAN3. However, this embodiment is not limited to this.

For example, a virtual machine system running on a host OS may set up a virtual network bridge. In this example, the host OS and the guest OS each set a virtual network interface and connect to this virtual network bridge. This allows the host OS and guest OS to perform network communication using various protocols such as HTTP via this virtual network bridge.

Therefore, in this example, the guest OS management unit 23 on the host OS and the response processing unit 33 on the guest OS may send and receive requests and responses via this virtual network bridge.

In this case, the host OS and guest OS connect to the virtual network bridge after the IP addresses assigned to the physical network interfaces LAN1, 2, and 3 are set (by a DHCP server, etc.). Set the IP address of the virtual network interface. At this time, the host OS and the guest OS make the network addresses of the IP addresses assigned to the network interfaces LAN1, 2, and 3 different from the network addresses of the IP addresses of the virtual network interfaces. This prevents troubles caused by multiple devices having the same IP address appearing on the network.

[Using NFS]
Further, if operations such as search processing through a virtual file system cannot reach practical speed due to some reason such as hardware reasons, NFS may be used.

In this example, the host OS executed by the host side processing unit 20 manages at least part of the file system in the storage unit 14 managed by the host OS itself, such as an application program executed under the management of the guest side processing unit 30. Make it accessible via NFS mount.

Then, the guest OS executed by the guest-side processing unit 30 accesses the user data area 14c of the storage unit 14 via the virtual network bridge or via the network file system (NFS) via the network interfaces LAN1, LAN2, or LAN3. Mount it on the guest OS side.

In this example as well, on the guest OS side, the file system sharing processing section 31 operates to authenticate the user who has accessed the file search section 32 using the registered authentication information on the host OS side. In addition, the file system sharing processing unit 31 has access rights set so that authenticated users can read the shared directory in the user data area 14c of the NFS-mounted storage unit 14 (access rights are set on the host OS side). This command instructs the file search unit 32 to search only for files in the shared directory (where ``is set'').

Further, in this example of the present embodiment, setting information for use in NFS mounting (NFS root information, etc.) is recorded in the system area 14b of the storage unit 14 so that it can be referenced from the guest OS. In addition to the information described above, the system area 14b of the storage unit 14 records information that needs to be referenced from the guest OS, such as network settings (participating domain names, etc.).

1 information processing device, 11 control unit, 12 main storage unit, 13 interface unit, 14 storage unit, 15 network communication unit, 20 host side processing unit, 21 file management unit, 22 virtual machine system unit, 23 guest OS management unit, 30 Guest side processing unit, 31 File system sharing processing unit, 32 File search unit, 33 Response processing unit.

Claims (6)

An information processing device,
storage section,
A host-side processing means that executes the processing of the host operating system and executes processing as a virtual machine, and a host-side processing means that executes the processing of the guest operating system and executes predetermined processing on the virtual machine executed by the host-side processing means. a controller unit including a guest-side processing means for executing;
In processing as the host-side processing means, the controller section stores the authentication information of the user of the host operating system and the access right information of each user of the host operating system for each file stored in the storage section. Retain it in a state that is accessible from the guest side processing means,
In the processing as the guest side processing means, as the processing of the application program, the information is a controller unit that receives access from a user and authenticates the user by referring to user authentication information managed by the host operating system. Processing equipment. The information processing device according to claim 1,
The host side processing means of the controller section further holds access right information of the user of the host operating system for each file stored in the storage section in a state that is accessible from the guest side processing means,
The host side processing means of the controller section sets at least a part of the file system in the storage section managed by the host operating system to be accessible from the guest side processing means,
The guest-side processing means of the controller unit, as a process of an application program running on the guest operating system, acquires access rights to files held in a file system in the storage unit that are set to be accessible by the host operating system. An information processing device that makes a determination based on the access right information. The information processing device according to claim 2,
The host side processing means of the controller section sets at least a part of the file system in the storage section managed by the host operating system to be accessible from the guest side processing means by NFS mounting,
The guest-side processing means of the controller unit NFS-mounts at least a part of the file system of the host operating system in the storage unit, which is set to be accessible, for use by an application program running on the guest operating system. Information processing equipment provided. The information processing device according to claim 2 or 3,
The application program running on the guest operating system, which is executed by the guest side processing means of the controller unit, searches for files held in a file system in the storage unit that is set to be accessible by the host operating system. An information processing device including a search application. A method for controlling an information processing device including a storage unit and a controller unit, the method comprising:
The controller section is
a host-side processing step that executes processing of the host operating system as well as processing as a virtual machine;
Executing a guest operating system process and a guest side processing step that executes a predetermined process on a virtual machine executed in the host side processing step,
In the host side processing step, the controller unit transmits the authentication information of the user of the host operating system and the access right information of each user of the host operating system for each file stored in the storage unit to the guest side process. remain accessible in the process,
In the guest-side processing step, the information processing apparatus receives access from a user and authenticates the user by referring to user authentication information managed by the host operating system as processing of an application program. A computer comprising a storage section and a controller section,
a host-side processing unit in which the controller unit executes processing of a host operating system and processing as a virtual machine;
a guest-side processing means that executes a process of a guest operating system and a predetermined process on a virtual machine executed by the host-side processing means;
function as
When functioning as the host side processing means, authentication information of the user of the host operating system and access right information of each user of the host operating system for each file stored in the storage unit are processed by the guest side processing means. be kept accessible from means;
When functioning as the guest-side processing means, the program receives access from a user and authenticates the user by referring to user authentication information managed by the host operating system, as a process of the application program.

Images