When executed on a computer, a program (also referred herein as a “resource owner”) creates one or more operating system (OS) resources and needs to restrict access to these resources from other programs. Typically, such restriction is required to have full control over the resource lifetime.
However, other programs may gain access to the OS resource without permission and unbeknownst to the resource owner. This problem is illustrated by FIG. 1, which shows an exemplary configuration of a computer system with uncontrolled access to OS resources. As shown by this illustration, a program may create a system resource (step 101) and launch an OS utility to handle the resource data (steps 102-104). When operation of the OS utility is finished, the resource is released, and control is passed back to the program. The program then destroys the resource (step 105). If some other program (e.g., a system monitor daemon) starts to work with the resource (step 106), the program call to destroy the resource (step 105) may never complete because the resource will be considered as “busy,” so that the resource may still remain available after the program terminates.
A typical solution for such problem is to configure system monitor daemons to avoid access to the resource(s). However, this is often very difficult because of differences in the configuration of the wide range of system monitor programs that may be installed and running on a given system. Moreover, this pre-configuration approach may not be an option, or may be impossible to implement effectively if one or more system monitor programs are installed after the installation of the resource owner. In view of these shortcomings, there is a need in the art for a more effective mechanism for controlling access to system resources.