US 12,001,867 B2
Method and system for improving software container performance and isolation
Zhiming Shen, Ithaca, NY (US); Robbert van Renesse, Ithaca, NY (US); and Hakim Weatherspoon, Ithaca, NY (US)
Assigned to Cornell University, Ithaca, NY (US)
Appl. No. 17/046,632
Filed by Cornell University, Ithaca, NY (US)
PCT Filed Apr. 11, 2019, PCT No. PCT/US2019/026995
§ 371(c)(1), (2) Date Oct. 9, 2020,
PCT Pub. No. WO2019/200102, PCT Pub. Date Oct. 17, 2019.
Claims priority of provisional application 62/656,051, filed on Apr. 11, 2018.
Prior Publication US 2021/0109775 A1, Apr. 15, 2021
Int. Cl. G06F 9/455 (2018.01); G06F 9/54 (2006.01)
CPC G06F 9/45558 (2013.01) [G06F 9/4555 (2013.01); G06F 9/545 (2013.01); G06F 2009/45587 (2013.01)] 23 Claims
OG exemplary drawing
 
1. A method comprising:
implementing a kernel-based isolation layer;
configuring a software container on the kernel-based isolation layer to include a dedicated operating system kernel as a library operating system; and
executing one or more user processes in the software container,
wherein the method is performed by a processing platform comprising a plurality of processing devices each comprising a processor coupled to a memory, and
wherein the library operating system runs in the software container at a privilege level that is the same as a privilege level of the one or more user processes executing in the software container.