1. Technical Field
The present application relates generally to an improved data processing system and method. More specifically, the present application is directed to a system and method to manage device access in a software partition.
2. Description of Related Art
As described by Poul-Henning Kamp in “Building Systems to be Shared Securely,” ACM Queue, vol. 2, no. 5, July/August 2004, from the advent of multitasking, file-sharing, and virtual machines on desktop computing devices, to the use of large-scale sharing of server-class Internet Service Provider (ISP) hardware in collocation centers, the issue of safely sharing hardware between mutually untrusting parties has become of considerable concern. As a result, there has been a strong continuing interest in access control and separation technologies to support safe yet efficient sharing of computing systems.
One such access control and separation technology that has been receiving attention recently is generally referred to as software partitions. A software partition is a virtual instance of an operating system, i.e. a virtual system image, which runs using the same operating system kernel running in the host system. There may be multiple software partitions, i.e. virtual instances of an operating system, that share the operating system kernel, libraries, and the like, of the host system. Typically, with such software partitions, processes may not affect other processes or resources outside of the software partition. In this way, each software partition is isolated from every other software partition. However, the software partitions may share operating system resources and other system resources. Examples of software partitioning mechanisms include FreeBSD Jails™ and Solaris Zones/Containers™. More information about FreeBSD Jails™ may be found in “BSD Jail as a Lightweight VM”. More information about Solaris Zones™ may be found in “Solaris Zones”.
Software partitions allow multiple instances of an operating system to be spawned such that multiple applications may be provided using the same shared operating system and system resources. Thus, there are many potential uses of software partitioning. In particular, software partitions are frequently used in Internet Service Provider (ISP) environments to provide virtual “sand-boxes” that are isolated from one another such that the ISP host may be able to increase its service quality guarantee by offering each customer the guaranteed system resources, e.g., CPU, RAM, disk space, etc., in accordance with the customer's needs.
While software partitions, from a cursory viewpoint, seem similar to logical partitions, they are in fact quite different. A logical partition has its own operating system and resources that are allocated and dedicated to it and which are not accessible by other logical partitions. Thus, there is a strong isolation associated with logical partitions. On the other hand, software partitions have virtual instances of the same operating system and may share operating system and other system resources. Moreover, software partitions are much faster to configure, e.g., there is no need to lay down a new installation of most filesets, and easier to maintain, e.g., maintenance performed on the hosting system can be easily applied to the hosted software partitions. While there are mechanisms for isolating the virtual instances of the operating systems and the system resources associated with the software partition, these isolation mechanisms are not as strong as logical partitioning because the operating system and other system resources are not exclusively dedicated to the software partition, instead they are virtualized.