CN105160269A - Method and apparatus for accessing data in Docker container - Google Patents
Method and apparatus for accessing data in Docker container Download PDFInfo
- Publication number
- CN105160269A CN105160269A CN201510497067.5A CN201510497067A CN105160269A CN 105160269 A CN105160269 A CN 105160269A CN 201510497067 A CN201510497067 A CN 201510497067A CN 105160269 A CN105160269 A CN 105160269A
- Authority
- CN
- China
- Prior art keywords
- container
- docker
- path
- data
- request end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a method and an apparatus for accessing data in a Docker container. The method comprises: carrying out setting to enable a request end positioned outside a current Docker container to have an access permission on a mounting path and a container path which correspond to the data inside the current Docker container, and acquiring an access request of an external target request end for target data inside the current Docker container, wherein the request end positioned outside the current Docker container comprises one random type of files, catalogs, processes, registries and services; according to a preset access permission, judging whether the target request end has an access permission on a target mounting path and a target container path which correspond to the target data; and if a judgment result is yes, allowing the target request end to access the target data which corresponds to the target mounting path and the container path. According to the scheme, data security can be improved.
Description
Technical field
The present invention relates to field of information security technology, particularly the access method of data and device in a kind of Docker container.
Background technology
Along with the development of computer and network technologies, the widespread use of the Network Computing Platforms such as cloud computing, increasing key service system operates in Network Computing Platform.The service application of Network Computing Platform often has a large amount of personnel and user jointly to safeguard or uses a server, and the core of all service application is all the data of user, therefore user's private data isolation with share wait problem of data safety just highlight particularly important.
At present, system can create multiple Docker container, each Docker container is equivalent to a virtual machine, by user's private data is stored in different Docker internal tanks, the isolation of data in Docker container is realized by the isolation of Docker container, and allow the process of Docker internal tank can access data in Docker container, and allow the process of the access path knowing this Dccker container to conduct interviews.
But, if hacker learns the access path of Docker container, then can go to access the data in this Docker container according to this access path, thus bring impact to the safety of data in Docker container.
Summary of the invention
In view of this, the invention provides access method and the device of data in a kind of Docker container, to improve the security of data in Docker container.
The invention provides the access method of data in a kind of Docker container of material, the request end being positioned at current Docker external container is set there are access rights to the carry path corresponding to current Docker internal tank data and container path, wherein, this this request end being arranged in current Docker external container comprise file, catalogue, process, registration table and service any one, also comprise:
Obtain outside destination request end to the request of access of the target data of current Docker internal tank;
According to the access rights pre-set, judge whether described destination request end has the access rights to the target carry path corresponding to described target data and target container path;
When judged result is for being, described destination request end is allowed to access described target data corresponding to described target carry path and described container path.
Preferably, the request end that described setting is positioned at current Docker external container has the access rights to the carry path corresponding to current Docker internal tank data and container path, comprising:
The request end being positioned at current Docker external container is set there is read operation authority to the carry path corresponding to current Docker internal tank data and container path and/or write operation authority;
And/or,
Any one request end being positioned at current Docker external container is set not there are access rights to the carry path corresponding to the data of current Docker internal tank and container path;
And/or,
Arranging the request end being positioned at current Docker external container has in setting-up time section, to the access rights of the carry path corresponding to current Docker internal tank data and container path.
Preferably, described obtain outside destination request end to the request of access of the target data of current Docker internal tank before, comprise further:
Carry path correspondingly and container path are sent to the request end the being positioned at current Docker external container carry path corresponding to current Docker internal tank data and container path to access rights.
The invention provides the access means of data in a kind of Docker container, comprising:
Storage unit, for storing the request end being positioned at current Docker external container, there are access rights to the carry path corresponding to current Docker internal tank data and container path, wherein, this this request end being arranged in current Docker external container comprise file, catalogue, process, registration table and service any one;
Acquiring unit, for obtaining outside destination request end to the request of access of the target data of current Docker internal tank;
Judging unit, for according to the access rights pre-set, judges whether described destination request end has the access rights to the target carry path corresponding to described target data and target container path; When judged result is for being, described destination request end is allowed to access described target data corresponding to described target carry path and described container path.
Preferably, described storage unit, has read operation authority to the carry path corresponding to current Docker internal tank data and container path and/or write operation authority for storing the request end being positioned at current Docker external container; And/or, store any one request end being positioned at current Docker external container and not there are access rights to the carry path corresponding to the data of current Docker internal tank and container path; And/or, store the request end being positioned at current Docker external container and have in setting-up time section, to the access rights of the carry path corresponding to current Docker internal tank data and container path.
Preferably, comprise further:
Transmitting element, for being sent to the request end the being positioned at current Docker external container carry path corresponding to current Docker internal tank data and container path to access rights by carry path correspondingly and container path.
Embodiments provide access method and the device of data in a kind of Docker container, by arranging the request end being positioned at current Docker external container, there are access rights to the carry path corresponding to current Docker internal tank data and container path, even if there is hacker to learn carry path and the container path of data in Docker container, also this data cannot directly be accessed, by the access rights arranged, forced symmetric centralization is carried out to request of access, can conducting interviews to this target data to make, to carry path and container path, there is the external request end of access rights, thus further increase the security of data.
Accompanying drawing explanation
Fig. 1 is the method flow diagram that the embodiment of the present invention provides;
Fig. 2 is the method flow diagram that another embodiment of the present invention provides;
Fig. 3 is the hardware structure figure of the device place equipment that the embodiment of the present invention provides;
Fig. 4 is the apparatus structure schematic diagram that the embodiment of the present invention provides;
Fig. 5 is the apparatus structure schematic diagram that another embodiment of the present invention provides.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described.Obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
As shown in Figure 1, embodiments provide the access method of data in a kind of Docker container, the method can comprise the following steps:
Step 101: the request end being positioned at current Docker external container is set there are access rights to the carry path corresponding to current Docker internal tank data and container path, wherein, this this request end being arranged in current Docker external container comprise file, catalogue, process, registration table and service any one.
Step 102: obtain outside destination request end to the request of access of the target data of current Docker internal tank.
Step 103: according to the access rights pre-set, judges whether destination request end has the access rights to the target carry path corresponding to target data and target container path.
Step 104: when judged result is for being, allows destination request end access destination carry path and the target data corresponding to container path.
According to such scheme, by arranging the request end being positioned at current Docker external container, there are access rights to the carry path corresponding to current Docker internal tank data and container path, even if there is hacker to learn carry path and the container path of data in Docker container, also this data cannot directly be accessed, by the access rights arranged, forced symmetric centralization is carried out to request of access, can conducting interviews to this target data to make, to carry path and container path, there is the external request end of access rights, thus further increase the security of data.
For making the object, technical solutions and advantages of the present invention clearly, below in conjunction with drawings and the specific embodiments, the present invention is described in further detail.
As shown in Figure 2, embodiments provide the access method of data in a kind of Docker container, the method can comprise the following steps:
Step 201: the request end being positioned at current Docker external container is set there are access rights to the carry path corresponding to current Docker internal tank data and container path.
In the present embodiment, Docker container can ensure in the following way to inner private data security.
Wherein, Docker container is the virtual machine including a virtual opetrating system, for the Docker container that is being run, its operating system is all a Virtual File System from root directory, can comprise for the script file run in this Docker container:
Be all be mounted to below a catalogue in real system for the file system in container, this catalogue can be referred to as carry path :/var/lib/docker/containers/<image-long-idGre atT.GreaT.GT/rootfs.
For the data of Docker internal tank, such as ,/rootdf3880c17466 :/#ll/total68/drwxr-xr-x2rootroot4096Jul2222:51bin, can container path be referred to as.
All Docker containers are all managed by lxc, and the configuration file of lxc is stored in below in this catalogue :/var/lib/docker/containers/<image-long-idGre atT.GreaT.GT/config.lxc.According to the storage directory of lxc configuration file and the carry path of Docker container, lxc configuration file and Docker container be all be stored in/var/lib/docker/containers/<image-long-idGre atT.GreaT.GT under, but no longer same file folder under.
Wherein, image-long-id is the uniqueness coding that Docker container correspondence generates.Such as, the carry path of a Docker container can comprise :/var/lib/docker/containers/inspur0b17407575cd642a6b7da3c7 e417a55fad5bbd63152f89921925626d2b6/rootfs.
To sum up can know, in Docker container, the true catalogue of data needs to comprise container path and carry path.Such as ,/var/lib/docker/containers/<image-long-idGre atT.GreaT.GT/rootfs/rootdf3880c17466 :/#ll/total68/drwxr-xr-x2rootroot4096Jul2222:51bin.
For different Docker containers, mount point is different, and correspondingly, the mount directory of different Docker container is different.And Docker container can not pass through its root directory upper level to go the data of accessing other Docker containers, therefore, the isolation of file system accomplished by each Docker container, thus ensure that the security of data in Docker container.
In the present embodiment, in order to improve the security of data in Docker container further, can Docker container at all levels on increase one deck protection.One deck protection of this increase can comprise Mandatory Access Control, and therefore, the request end needing setting to be positioned at current Docker external container has the access rights to the carry path corresponding to current Docker internal tank data and container path.Wherein, this this request end being arranged in current Docker external container comprise file, catalogue, process, registration table and service any one.
The essential element of this Mandatory Access Control can comprise main body, object and authority; The semantic authority that can comprise main object and have.Such as main body is /bin/cat, and object is /home/testuser/cardinfo.txt reading, and expression/bin/cat can read/home/testuser/cardinfo.txt.
Wherein, following Mandatory Access Control can be set:
1, the request end being positioned at current Docker external container is set there is read operation authority to the carry path corresponding to current Docker internal tank data and container path and/or write operation authority.
Such as, arrange be positioned at current Docker external container /bin/cat ,/dockerapp have read-write operation authority to current Docker internal tank data/var/lib/docker/containers/<image-long-idGre atT.GreaT.GT/rootfs/rootdf3880c17466 :/#ll/total68/drwxr-xr-x2rootroot4096Jul2222:51bin.
2, any one request end being positioned at current Docker external container is set not there are access rights to the carry path corresponding to the data of current Docker internal tank and container path.
Such as, any one request end being positioned at current Docker external container is set not there are access rights to current Docker internal tank data/var/lib/docker/containers/<image-long-idGre atT.GreaT.GT/rootfs/rootdf3880c17466 :/#ll/total68/drwxr-xr-x2rootroot4096Jul2222:51bin.
3, arranging the request end being positioned at current Docker external container has in setting-up time section, to the access rights of the carry path corresponding to current Docker internal tank data and container path.
Such as, arrange be positioned at current Docker external container /bin/cat has in the time period of 12:00-18:00 every day, to the read-write operation authority of current Docker internal tank data/var/lib/docker/containers/<image-long-idGre atT.GreaT.GT/rootfs/rootdf3880c17466 :/#ll/total68/drwxr-xr-x2rootroot4096Jul2222:51bin.
Step 202: carry path correspondingly and container path are sent to the request end the being positioned at current Docker external container carry path corresponding to current Docker internal tank data and container path to access rights.
Carry path corresponding to Docker internal tank data and container path are not known in request end due to Docker external container, and have some request ends to need to access the data in Docker container, therefore, need the carry path corresponding to Docker internal tank data and container path to be sent to the request end being positioned at current Docker external container corresponding carry path and container path to access rights, thus the normal access that Docker external container has the request end of authority can be realized.
Step 203: obtain outside destination request end to the request of access of the target data of current Docker internal tank.
Such as, obtain outside destination request end and comprise/bin/cat, the target data of current Docker internal tank is /var/lib/docker/containers/<image-long-idGre atT.GreaT.GT/rootfs/rootdf3880c17466 :/#ll/total68/drwxr-xr-x2rootroot4096Jul2222:51bin, and its request of access carries out read operation to this target data.
Step 204: according to the access rights pre-set, judges whether described destination request end has the access rights to the target carry path corresponding to described target data and target container path.
Suppose, the access rights pre-set in the present embodiment comprise arrange be positioned at current Docker external container /bin/cat has in the time period of 12:00-18:00 every day, to the read-write operation authority of current Docker internal tank data/var/lib/docker/containers/<image-long-idGre atT.GreaT.GT/rootfs/rootdf3880c17466 :/#ll/total68/drwxr-xr-x2rootroot4096Jul2222:51bin.
So, need the access time determining current goal request end/bin/cat, if this access time be positioned at setting every day 12:00-18:00 time period, then determine/bin/cat has access rights to the target carry path corresponding to target data and target container path, otherwise, then determine/bin/cat do not have access rights to the target carry path corresponding to target data and target container path.
Step 205: when judged result is for being, allows destination request end access destination carry path and the target data corresponding to container path.
According to this programme, by arranging the request end being positioned at current Docker external container, there are access rights to the carry path corresponding to current Docker internal tank data and container path, even if there is hacker to learn carry path and the container path of data in Docker container, also this data cannot directly be accessed, by the access rights arranged, forced symmetric centralization is carried out to request of access, can conducting interviews to this target data to make, to carry path and container path, there is the external request end of access rights, thus further increase the security of data.
As shown in Figure 3, Figure 4, the access means of data in a kind of Docker container is embodiments provided.Device embodiment can pass through software simulating, also can be realized by the mode of hardware or software and hardware combining.Say from hardware view; as shown in Figure 3; for a kind of hardware structure diagram of the access means place equipment of data in embodiment of the present invention Docker container; except the processor shown in Fig. 3, internal memory, network interface and nonvolatile memory; in embodiment, the equipment at device place can also comprise other hardware usually, as the forwarding chip etc. of responsible process message.For software simulating, as shown in Figure 4, as the device on a logical meaning, be by the CPU of its place equipment, computer program instructions corresponding in nonvolatile memory is read operation in internal memory to be formed.In the Docker container that the present embodiment provides, the access means of data comprises:
Storage unit 401, for storing the request end being positioned at current Docker external container, there are access rights to the carry path corresponding to current Docker internal tank data and container path, wherein, this this request end being arranged in current Docker external container comprise file, catalogue, process, registration table and service any one;
Acquiring unit 402, for obtaining outside destination request end to the request of access of the target data of current Docker internal tank;
Judging unit 403, for according to the access rights pre-set, judges whether described destination request end has the access rights to the target carry path corresponding to described target data and target container path; When judged result is for being, described destination request end is allowed to access described target data corresponding to described target carry path and described container path.
Further, described storage unit 401, has read operation authority to the carry path corresponding to current Docker internal tank data and container path and/or write operation authority for storing the request end being positioned at current Docker external container; And/or, store any one request end being positioned at current Docker external container and not there are access rights to the carry path corresponding to the data of current Docker internal tank and container path; And/or, store the request end being positioned at current Docker external container and have in setting-up time section, to the access rights of the carry path corresponding to current Docker internal tank data and container path.
As shown in Figure 5, in the Docker container that provides of the embodiment of the present invention, the access means of data may further include:
Transmitting element 501, for being sent to the request end the being positioned at current Docker external container carry path corresponding to current Docker internal tank data and container path to access rights by carry path correspondingly and container path.
To sum up, the embodiment of the present invention at least can realize following beneficial effect:
1, by arranging the request end being positioned at current Docker external container, there are access rights to the carry path corresponding to current Docker internal tank data and container path, even if there is hacker to learn carry path and the container path of data in Docker container, also this data cannot directly be accessed, by the access rights arranged, forced symmetric centralization is carried out to request of access, can conducting interviews to this target data to make, to carry path and container path, there is the external request end of access rights, thus further increase the security of data.
The content such as information interaction, implementation between each unit in the said equipment, due to the inventive method embodiment based on same design, particular content can see in the inventive method embodiment describe, repeat no more herein.
It should be noted that, in this article, the relational terms of such as first and second and so on is only used for an entity or operation to separate with another entity or operational zone, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, article or equipment and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, article or equipment.When not more restrictions, the key element " being comprised " limited by statement, and be not precluded within process, method, article or the equipment comprising described key element and also there is other same factor.
One of ordinary skill in the art will appreciate that: all or part of step realizing said method embodiment can have been come by the hardware that programmed instruction is relevant, aforesaid program can be stored in the storage medium of embodied on computer readable, this program, when performing, performs the step comprising said method embodiment; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium in.
Finally it should be noted that: the foregoing is only preferred embodiment of the present invention, only for illustration of technical scheme of the present invention, be not intended to limit protection scope of the present invention.All any amendments done within the spirit and principles in the present invention, equivalent replacement, improvement etc., be all included in protection scope of the present invention.
Claims (6)
1. the access method of data in a Docker container, it is characterized in that, the request end being positioned at current Docker external container is set there are access rights to the carry path corresponding to current Docker internal tank data and container path, wherein, this this request end being arranged in current Docker external container comprise file, catalogue, process, registration table and service any one, also comprise:
Obtain outside destination request end to the request of access of the target data of current Docker internal tank;
According to the access rights pre-set, judge whether described destination request end has the access rights to the target carry path corresponding to described target data and target container path;
When judged result is for being, described destination request end is allowed to access described target data corresponding to described target carry path and described container path.
2. method according to claim 1, is characterized in that, the request end that described setting is positioned at current Docker external container has the access rights to the carry path corresponding to current Docker internal tank data and container path, comprising:
The request end being positioned at current Docker external container is set there is read operation authority to the carry path corresponding to current Docker internal tank data and container path and/or write operation authority;
And/or,
Any one request end being positioned at current Docker external container is set not there are access rights to the carry path corresponding to the data of current Docker internal tank and container path;
And/or,
Arranging the request end being positioned at current Docker external container has in setting-up time section, to the access rights of the carry path corresponding to current Docker internal tank data and container path.
3. method according to claim 1 and 2, is characterized in that, described obtain outside destination request end to the request of access of the target data of current Docker internal tank before, comprise further:
Carry path correspondingly and container path are sent to the request end the being positioned at current Docker external container carry path corresponding to current Docker internal tank data and container path to access rights.
4. the access means of data in Docker container, is characterized in that, comprising:
Storage unit, for storing the request end being positioned at current Docker external container, there are access rights to the carry path corresponding to current Docker internal tank data and container path, wherein, this this request end being arranged in current Docker external container comprise file, catalogue, process, registration table and service any one;
Acquiring unit, for obtaining outside destination request end to the request of access of the target data of current Docker internal tank;
Judging unit, for according to the access rights pre-set, judges whether described destination request end has the access rights to the target carry path corresponding to described target data and target container path; When judged result is for being, described destination request end is allowed to access described target data corresponding to described target carry path and described container path.
5. the access means of data in Docker container according to claim 4, it is characterized in that, described storage unit, has read operation authority to the carry path corresponding to current Docker internal tank data and container path and/or write operation authority for storing the request end being positioned at current Docker external container; And/or, store any one request end being positioned at current Docker external container and not there are access rights to the carry path corresponding to the data of current Docker internal tank and container path; And/or, store the request end being positioned at current Docker external container and have in setting-up time section, to the access rights of the carry path corresponding to current Docker internal tank data and container path.
6. the access means of data in the Docker container according to claim 4 or 5, is characterized in that, comprise further:
Transmitting element, for being sent to the request end the being positioned at current Docker external container carry path corresponding to current Docker internal tank data and container path to access rights by carry path correspondingly and container path.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510497067.5A CN105160269A (en) | 2015-08-13 | 2015-08-13 | Method and apparatus for accessing data in Docker container |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510497067.5A CN105160269A (en) | 2015-08-13 | 2015-08-13 | Method and apparatus for accessing data in Docker container |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105160269A true CN105160269A (en) | 2015-12-16 |
Family
ID=54801121
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510497067.5A Pending CN105160269A (en) | 2015-08-13 | 2015-08-13 | Method and apparatus for accessing data in Docker container |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105160269A (en) |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105607944A (en) * | 2015-12-18 | 2016-05-25 | 北京奇虎科技有限公司 | Method and device for sharing application environment |
CN106326699A (en) * | 2016-08-25 | 2017-01-11 | 广东七洲科技股份有限公司 | Method for reinforcing server based on file access control and progress access control |
CN106656980A (en) * | 2016-10-21 | 2017-05-10 | 郑州云海信息技术有限公司 | Method for automatically configuring accessing control of Docker container |
CN106844489A (en) * | 2016-12-24 | 2017-06-13 | 上海七牛信息技术有限公司 | A kind of file operation method, device and system |
CN106845183A (en) * | 2017-01-24 | 2017-06-13 | 郑州云海信息技术有限公司 | A kind of application container engine management method and system |
WO2017101252A1 (en) * | 2015-12-17 | 2017-06-22 | 腾讯科技(深圳)有限公司 | Docker-based container login method, server and system |
CN107480524A (en) * | 2017-08-18 | 2017-12-15 | 郑州云海信息技术有限公司 | A kind of security sandbox and its construction method |
CN107508795A (en) * | 2017-07-26 | 2017-12-22 | 中国联合网络通信集团有限公司 | Across the access process device and method of container cluster |
CN107577538A (en) * | 2017-10-23 | 2018-01-12 | 中国联合网络通信集团有限公司 | Container method for managing resource and system |
CN107766707A (en) * | 2017-10-16 | 2018-03-06 | 郑州云海信息技术有限公司 | The method and apparatus that user's request is responded in application container engine |
CN107870804A (en) * | 2017-11-03 | 2018-04-03 | 郑州云海信息技术有限公司 | A kind of DOCKER vessel safety means of defences based on SSR |
CN108021428A (en) * | 2017-12-05 | 2018-05-11 | 华迪计算机集团有限公司 | A kind of method and system that network target range is realized based on Docker |
WO2019128984A1 (en) * | 2017-12-29 | 2019-07-04 | 华为技术有限公司 | Container security policy handling method and related device |
US10360410B2 (en) | 2016-11-14 | 2019-07-23 | International Business Machines Corporation | Providing containers access to container daemon in multi-tenant environment |
US10585785B2 (en) | 2016-05-24 | 2020-03-10 | Red Hat, Inc. | Preservation of modifications after overlay removal from a container |
CN113778343A (en) * | 2021-09-24 | 2021-12-10 | 北京东方金信科技股份有限公司 | Storage implementation method for expanding data volume of docker container to HDFS (Hadoop distributed File System) |
CN114615064A (en) * | 2022-03-15 | 2022-06-10 | 北京旋极安辰计算科技有限公司 | Management and control method for creation and destruction of Docker container |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070016546A1 (en) * | 2005-07-15 | 2007-01-18 | Microsoft Corporation | Intelligent container index and search |
CN103065100A (en) * | 2012-12-26 | 2013-04-24 | 中国人民解放军总参谋部第六十一研究所 | Container-based method of users to protect private data |
-
2015
- 2015-08-13 CN CN201510497067.5A patent/CN105160269A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070016546A1 (en) * | 2005-07-15 | 2007-01-18 | Microsoft Corporation | Intelligent container index and search |
CN103065100A (en) * | 2012-12-26 | 2013-04-24 | 中国人民解放军总参谋部第六十一研究所 | Container-based method of users to protect private data |
Non-Patent Citations (1)
Title |
---|
网友: "Docker特性与原理解析", 《HTTP://WWW.CNBLOGS.COM/BOZH/P/3958469.HTML》 * |
Cited By (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106899544B (en) * | 2015-12-17 | 2020-04-03 | 腾讯科技(深圳)有限公司 | Container login method, device and system based on Docker |
WO2017101252A1 (en) * | 2015-12-17 | 2017-06-22 | 腾讯科技(深圳)有限公司 | Docker-based container login method, server and system |
CN106899544A (en) * | 2015-12-17 | 2017-06-27 | 腾讯科技(深圳)有限公司 | Container login method, device and system based on Docker |
CN105607944B (en) * | 2015-12-18 | 2018-12-25 | 北京奇虎科技有限公司 | A kind of method and device of sharing application environment |
CN105607944A (en) * | 2015-12-18 | 2016-05-25 | 北京奇虎科技有限公司 | Method and device for sharing application environment |
US10585785B2 (en) | 2016-05-24 | 2020-03-10 | Red Hat, Inc. | Preservation of modifications after overlay removal from a container |
CN106326699A (en) * | 2016-08-25 | 2017-01-11 | 广东七洲科技股份有限公司 | Method for reinforcing server based on file access control and progress access control |
CN106326699B (en) * | 2016-08-25 | 2020-02-07 | 广东七洲科技股份有限公司 | Server reinforcing method based on file access control and process access control |
CN106656980A (en) * | 2016-10-21 | 2017-05-10 | 郑州云海信息技术有限公司 | Method for automatically configuring accessing control of Docker container |
US10360410B2 (en) | 2016-11-14 | 2019-07-23 | International Business Machines Corporation | Providing containers access to container daemon in multi-tenant environment |
CN106844489A (en) * | 2016-12-24 | 2017-06-13 | 上海七牛信息技术有限公司 | A kind of file operation method, device and system |
CN106845183A (en) * | 2017-01-24 | 2017-06-13 | 郑州云海信息技术有限公司 | A kind of application container engine management method and system |
CN107508795A (en) * | 2017-07-26 | 2017-12-22 | 中国联合网络通信集团有限公司 | Across the access process device and method of container cluster |
CN107508795B (en) * | 2017-07-26 | 2020-03-13 | 中国联合网络通信集团有限公司 | Cross-container cluster access processing device and method |
CN107480524A (en) * | 2017-08-18 | 2017-12-15 | 郑州云海信息技术有限公司 | A kind of security sandbox and its construction method |
CN107766707B (en) * | 2017-10-16 | 2020-02-04 | 苏州浪潮智能科技有限公司 | Method and apparatus for responding to user request in application container engine |
CN107766707A (en) * | 2017-10-16 | 2018-03-06 | 郑州云海信息技术有限公司 | The method and apparatus that user's request is responded in application container engine |
CN107577538A (en) * | 2017-10-23 | 2018-01-12 | 中国联合网络通信集团有限公司 | Container method for managing resource and system |
CN107870804A (en) * | 2017-11-03 | 2018-04-03 | 郑州云海信息技术有限公司 | A kind of DOCKER vessel safety means of defences based on SSR |
CN108021428A (en) * | 2017-12-05 | 2018-05-11 | 华迪计算机集团有限公司 | A kind of method and system that network target range is realized based on Docker |
WO2019128984A1 (en) * | 2017-12-29 | 2019-07-04 | 华为技术有限公司 | Container security policy handling method and related device |
CN113778343A (en) * | 2021-09-24 | 2021-12-10 | 北京东方金信科技股份有限公司 | Storage implementation method for expanding data volume of docker container to HDFS (Hadoop distributed File System) |
CN114615064A (en) * | 2022-03-15 | 2022-06-10 | 北京旋极安辰计算科技有限公司 | Management and control method for creation and destruction of Docker container |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105160269A (en) | Method and apparatus for accessing data in Docker container | |
CN103957248B (en) | A kind of public real time data releasing cloud service platform based on Internet of Things | |
US10447610B1 (en) | Techniques for network redirection | |
CN107798038B (en) | Data response method and data response equipment | |
CN102891826B (en) | The control method of web page access, equipment and system | |
US11924247B1 (en) | Access control policy simulation and testing | |
CN103369022B (en) | Method and system for communication with memory device | |
CN105471581A (en) | Identity verification method and device | |
CN104601547A (en) | Illegal operation identification method and device | |
CN109889517A (en) | Data processing method, permissions data collection creation method, device and electronic equipment | |
KR102090982B1 (en) | How to identify malicious websites, devices and computer storage media | |
CN106033461A (en) | Sensitive information query method and apparatus | |
CN110839014B (en) | Authentication method, authentication device, computer equipment and readable storage medium | |
US11645424B2 (en) | Integrity verification in cloud key-value stores | |
CN105897663A (en) | Method for determining access authority, device and equipment | |
US10225152B1 (en) | Access control policy evaluation and remediation | |
CN103685244A (en) | Differentiated authentication method and differentiated authentication device | |
CN110278192A (en) | Method, apparatus, computer equipment and the readable storage medium storing program for executing of extranet access Intranet | |
CN105022939A (en) | Information verification method and device | |
CN105099983A (en) | Authorization method, authority setting method and devices | |
CN110008197A (en) | A kind of data processing method, system and electronic equipment and storage medium | |
CN109981569A (en) | Network system access method, device, computer equipment and readable storage medium storing program for executing | |
CN101908967B (en) | Configuration method and system of Linux virtual server | |
CN104580237A (en) | Method for logging into website, server used in method for logging into website, client terminal used in method for logging into website and peripheral used in method for logging into website | |
CN110061997B (en) | Intelligent account and password management system for browser |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20151216 |