| CPC G06F 21/44 (2013.01) | 18 Claims |
|
1. A method, comprising:
receiving, by a processing device, an execute function invocation request from a second application to run an executable file of a first application, wherein the second application is a parent process and the first application is a child process executed under the parent process, and wherein the second application is executed in a user space;
in response to receiving the execute function invocation request, determining a shared working directory shared by the second application and the first application, wherein the shared working directory is a directory of a file system used by processes of the second application and the first application;
identifying, in a kernel space, an extended attribute value associated with the shared working directory, wherein the extended attribute value comprises a first session identifier identifying a session comprising one or more processes; and
determining, by comparing the first session identifier to a second session identifier associated with the first application, whether the first application has permission to use the shared working directory.
|