System and method to manage device access in a software partition
Abstract
A system and method to manage device access in a software partition are provided. The illustrative embodiments provide a mechanism for exporting resources/devices from an administrator partition to a software partition in its purview. A trusted device list data structure is provided that identifies which devices are permitted to be exported into a software partition from an administrative partition. This trusted device list data structure also identifies which of the devices in the list of devices should be exported by default when exporting devices to a software partition, i.e. if no overrides are specified. In addition, a user-specifiable mechanism to override the entries in the trusted device list data structure is provided. For security purposes, this mechanism may not be used to export devices not listed in the trusted device list data structure. The mechanism may also be used to prevent the exporting of devices which are exported by default.
Claims
exact text as granted — not AI-modified1 . A method, in a data processing system, for exporting a device to a software partition, comprising:
accessing a trusted devices data structure providing a first list of one or more devices that are permitted to be exported to a plurality of software partitions; accessing an override data structure providing a second list of one or more devices that are to be exported to the software partition; and exporting at least one device to the software partition based on the trusted devices data structure and the override data structure.
2 . The method of claim 1 , wherein the at least one device that is exported to the software partition is at least one device that is identified in the trusted devices data structure and is not blocked from being exported to the software partition by an entry in the override data structure.
3 . The method of claim 1 , wherein the trusted devices data structure applies to all software partitions in the plurality of software partitions.
4 . The method of claim 1 , wherein the override data structure applies to only a subset of the plurality of software partitions.
5 . The method of claim 1 , wherein the trusted devices data structure applies to all software partitions created by the data processing system, and wherein the override data structure is specific to and applies only to one software partition created by the data processing system.
6 . The method of claim 1 , wherein the first list of one or more devices identifies at least one default device that is exported to the plurality of software partitions by default.
7 . The method of claim 6 , wherein the second list of one or more devices includes at least one device in the first list of one or more devices in addition to the at least one default device.
8 . The method of claim 6 , wherein the second list of one or more devices blocks exportation of at least one of the default devices.
9 . The method of claim 1 , wherein the devices in the second list of one or more devices are a subset of the first list of one or more devices, and wherein devices not listed in the first list of one or more devices are prohibited from being present in the second list of one or more devices.
10 . The method of claim 1 , further comprising:
performing one or more verification operations to determine if a user of the software partition is authorized to access a device that is determined to be intended for export to the software partition.
11 . The method of claim 10 , wherein the one or more verification operations include at least one of a check of major/minor number associated with the device, a check of ownership of the device, or a check of permissions associated with the device.
12 . The method of claim 1 , further comprising:
checking, for each device to be exported to the software partition as determined by the trusted device data structure and the override data structure, a legal number of instances attribute associated with the device that identifies how many copies of a particular device may be exported into software partitions, wherein exporting the at least one device is performed for only those devices to be exported whose total current number of instances in software partitions is less than the legal number of instances attributes associated with those devices.
13 . A computer program product comprising a computer useable medium having a computer readable program, wherein the computer readable program, when executed on a computing device, causes the computing device to:
access a trusted devices data structure providing a first list of one or more devices that are permitted to be exported to a plurality of software partitions; access an override data structure providing a second list of one or more devices that are to be exported to an identified software partition; and export at least one device to the identified software partition based on the trusted devices data structure and the override data structure.
14 . The computer program product of claim 13 , wherein the at least one device that is exported to the identified software partition is at least one device that is identified in the trusted devices data structure and is not blocked from being exported to the identified software partition by an entry in the override data structure.
15 . The computer program product of claim 13 , wherein the trusted devices data structure applies to all software partitions in the plurality of software partitions.
16 . The computer program product of claim 13 , wherein the override data structure applies to only a subset of the plurality of software partitions.
17 . The computer program product of claim 13 , wherein the trusted devices data structure applies to all software partitions created by the data processing system, and wherein the override data structure is specific to and applies only to one software partition created by the data processing system.
18 . The computer program product of claim 13 , wherein the first list of one or more devices identifies at least one default device that is exported to the plurality of software partitions by default.
19 . The computer program product of claim 18 , wherein the second list of one or more devices includes at least one device in the first list of one or more devices in addition to the at least one default device.
20 . The computer program product of claim 18 , wherein the second list of one or more devices blocks exportation of at least one of the default devices.
21 . The computer program product of claim 13 , wherein the devices in the second list of one or more devices are a subset of the first list of one or more devices, and wherein devices not listed in the first list of one or more devices are prohibited from being present in the second list of one or more devices.
22 . The computer program product of claim 13 , wherein the computer readable program further causes the computing device to:
perform one or more verification operations to determine if a user of the software partition is authorized to access a device that is determined to be intended for export to the software partition.
23 . The computer program product of claim 22 , wherein the one or more verification operations include at least one of a check of major/minor number associated with the device, a check of ownership of the device, or a check of permissions associated with the device.
24 . The computer program product of claim 13 , wherein the computer readable program further causes the computing device to:
check, for each device to be exported to the software partition as determined by the trusted device data structure and the override data structure, a legal number of instances attribute associated with the device that identifies how many copies of a particular device may be exported into software partitions, wherein exporting the at least one device is performed for only those devices to be exported whose total current number of instances in software partitions is less than the legal number of instances attributes associated with those devices.
25 . A system for exporting a device to a software partition, comprising:
a processor; and a memory coupled to the processor, wherein the memory contains instructions which, when executed by the processor, cause the processor to: access a trusted devices data structure providing a first list of one or more devices that are permitted to be exported to a plurality of software partitions; access an override data structure providing a second list of one or more devices that are to be exported to an identified software partition; and export at least one device to the identified software partition based on the trusted devices data structure and the override data structure.
26 . The system of claim 25 , wherein the at least one device that is exported to the identified software partition is at least one device that is identified in the trusted devices data structure and is not blocked from being exported to the identified software partition by an entry in the override data structure.
27 . The system of claim 25 , wherein the trusted devices data structure applies to all software partitions in the plurality of software partitions.
28 . The system of claim 25 , wherein the override data structure applies to only a subset of the plurality of software partitions.
29 . The system of claim 25 , wherein the first list of one or more devices identifies at least one default device that is exported to the plurality of software partitions by default.
30 . The system of claim 29 , wherein the second list of one or more devices includes at least one device in the first list of one or more devices in addition to the at least one default device.
31 . The system of claim 29 , wherein the second list of one or more devices blocks exportation of at least one of the default devices.
32 . The system of claim 25 , wherein the devices in the second list of one or more devices are a subset of the first list of one or more devices, and wherein devices not listed in the first list of one or more devices are prohibited from being present in the second list of one or more devices.
33 . The system of claim 25 , wherein the instructions further cause the processor to:
perform one or more verification operations to determine if a user of the software partition is authorized to access a device that is determined to be intended for export to the software partition.
34 . The system of claim 33 , wherein the one or more verification operations include at least one of a check of major/minor number associated with the device, a check of ownership of the device, or a check of permissions associated with the device.
35 . The system of claim 25 , wherein the instructions further cause the processor to:
check, for each device to be exported to the software partition as determined by the trusted device data structure and the override data structure, a legal number of instances attribute associated with the device that identifies how many copies of a particular device may be exported into software partitions, wherein exporting the at least one device is performed for only those devices to be exported whose total current number of instances in software partitions is less than the legal number of instances attributes associated with those devices.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.