US 12,277,434 B2
Hypervisor assisted security of dangling volumes for containers
Zubraj Singha, Bangalore (IN); Tanay Ganguly, Bangalore (IN); Goresh Musalay, Bangalore (IN); and Sanoj Ku, Bangalore (IN)
Assigned to VMware LLC, Palo Alto, CA (US)
Filed by VMware LLC, Palo Alto, CA (US)
Filed on Feb. 9, 2022, as Appl. No. 17/667,547.
Claims priority of application No. 202141058903 (IN), filed on Dec. 17, 2021.
Prior Publication US 2023/0195494 A1, Jun. 22, 2023
Int. Cl. G06F 9/455 (2018.01)
CPC G06F 9/45558 (2013.01) [G06F 2009/45583 (2013.01); G06F 2009/45587 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
receiving a request to retain a first persistent volume used to maintain data for one or more first containers on a host, when the one or more first containers are removed from the host;
receiving a first container image associated with one of the one or more first containers;
generating a first key for reserving the first persistent volume, the first key based, at least in part, on the first container image; and
reserving the first persistent volume for exclusive access by the hypervisor using the first key;
receiving a request, from a container, for access to the first persistent volume;
calculating a first hash using at least the first container image;
receiving a second hash from the container, wherein the second hash is based, at least in part, on a second container image associated with the container;
verifying the first hash matches the second hash;
releasing the reservation on the first persistent volume using the first key; and
granting the container access to the first persistent volume.