CPC G06F 21/604 (2013.01) [G06F 12/0806 (2013.01); G06F 12/1491 (2013.01); G06F 2212/1052 (2013.01)] | 13 Claims |
1. An information handling system comprising:
at least one processor; and
a memory;
wherein the information handling system is configured to:
host a container;
execute a containerized application within the container, wherein the containerized application executes with privileges associated with a container-internal user;
determine an association between the container-internal user and a host user associated with an operating system external to the container, wherein the determining is based on a cache that maintains a mapping between container-internal users and host users; and
grant privileges to the containerized application based on the host user, wherein:
the cache is configured to listen for start and stop events associated with containers that are hosted by the information handling system;
in response to a start event associated with a starting container, the cache is configured to query for a user ID shift associated with the starting container and create a cache entry based on the user ID shift; and
in response to a stop event associated with a stopping container, the cache is configured to remove a cache entry associated with the stopping container.
|