Unlock instant, AI-driven research and patent intelligence for your innovation.

Request processing method and device, electronic equipment and storage medium

A request processing and processor technology, applied in the computer field, can solve problems such as the inability to start the daemon process on the host machine, and the existence of security holes.

Pending Publication Date: 2020-04-28
北京云联壹云技术有限公司
View PDF4 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, there are still some shortcomings in this method: when a container is set as a privileged container, the entire host needs to be completely exposed to the privileged container, including system directories such as / dev, / proc, and / sys, so that the privileged container Applications can access or modify any system files on the host machine, so there are security holes
At the same time, in addition to the above-mentioned defects, neither of these two mechanisms can realize the daemon process on the host machine

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Request processing method and device, electronic equipment and storage medium
  • Request processing method and device, electronic equipment and storage medium
  • Request processing method and device, electronic equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0026] Figure 1a It is a flow chart of the request processing method provided by Embodiment 1 of the present invention. This embodiment is applicable to the situation where the application program in the common container needs to perform privileged operations on the host machine, for example, the application program in the common container accesses the kernel of the host machine and a device, the method may be executed by a request processing device, which may be implemented in software and / or hardware, and may be integrated on an electronic device, such as a container host.

[0027] Such as Figure 1a As shown, the request processing method specifically includes:

[0028] S101. Monitor in real time the operation requests sent by the application programs in each container based on the proxy execution program, wherein the proxy execution program is a system daemon process running on the host computer.

[0029] In the embodiment of the present invention, the container is based ...

Embodiment 2

[0037] figure 2 It is a schematic flowchart of the request processing method provided by Embodiment 2 of the present invention. This embodiment is optimized on the basis of the above embodiments, as shown in figure 2 As shown, the request processing method includes:

[0038] S201. Monitor in real time the operation requests sent by the application programs in each container based on the proxy execution program, wherein the proxy execution program is a system daemon process running on the host machine.

[0039]S202. If the target operation request sent by the application program in the target container is monitored, determine the privileged instruction included in the target operation request based on the proxy execution program.

[0040] In the embodiment of the present invention, in order to further ensure the security of the container host, a whitelist or blacklist can be pre-configured. Figure 1b The configuration controls on the container host are set. The white list ...

Embodiment 3

[0046] image 3 It is a schematic structural diagram of the request processing device in Embodiment 3 of the present invention. The device is configured on a container host machine, and the container host machine includes at least one container, and an application program is installed in each container, such as image 3 As shown, the device includes:

[0047] The monitoring module 301 is configured to monitor in real time the operation requests sent by the application programs in each container based on the proxy execution program, wherein the proxy execution program is a system daemon process running on the host computer;

[0048] An instruction determination module 302, configured to determine the privileged instruction included in the target operation request based on the proxy execution program if the target operation request sent by the application program in the target container is monitored;

[0049] The execution module 303 is configured to execute the corresponding p...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a request processing method and a device, electronic equipment and a storage medium. The method comprises the steps of monitoring an operation request sent byan application program in each container in real time based on an agent execution program, and the agent execution program is a system daemon process running on a host machine; if the target operation request sent by the application program in the target container is monitored, determining a privileged instruction included in the target operation request based on the agent execution program; andexecuting a corresponding privilege operation according to the privilege instruction based on the agent execution program, and feeding back an execution result to the application program in the targetcontainer. According to the method of the invention, the agent execution program is set on the container host machine; wherein the agent execution program is a system daemon process running in the host machine, and the agent execution program executes corresponding privilege operation according to the operation request of the application program in the container, so that the purpose that the application program in the common container can execute the privilege operation on the host machine is achieved.

Description

technical field [0001] The embodiments of the present invention relate to the field of computer technology, and in particular, to a request processing method, device, electronic equipment, and storage medium. Background technique [0002] Containers are a system virtualization technology and a commonly used application running mechanism. Containers running on the same host share the kernel of the host operating system. In order to prevent a single container from operating on the host kernel and affecting all containers of the entire host, applications in the container are usually prohibited from directly accessing the host kernel and the host For example, it is forbidden to start the daemon service process running on the host; it is forbidden to load and unload kernel modules, it is forbidden to modify kernel parameters, and it is forbidden to directly access devices mounted on the host; it is forbidden to access dynamically created device and kernel resources. [0003] Cu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F9/455
CPCG06F9/45558G06F2009/45595
Inventor 万垚奇李泽玺邱剑
Owner 北京云联壹云技术有限公司