[go: up one dir, main page]

CN115543549A - A container whose application running effect is consistent with that of the host - Google Patents

A container whose application running effect is consistent with that of the host Download PDF

Info

Publication number
CN115543549A
CN115543549A CN202211523031.6A CN202211523031A CN115543549A CN 115543549 A CN115543549 A CN 115543549A CN 202211523031 A CN202211523031 A CN 202211523031A CN 115543549 A CN115543549 A CN 115543549A
Authority
CN
China
Prior art keywords
container
application
host
user
directory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211523031.6A
Other languages
Chinese (zh)
Other versions
CN115543549B (en
Inventor
王弈宸
唐稳
王强
王峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 15 Research Institute
Original Assignee
CETC 15 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 15 Research Institute filed Critical CETC 15 Research Institute
Priority to CN202211523031.6A priority Critical patent/CN115543549B/en
Publication of CN115543549A publication Critical patent/CN115543549A/en
Application granted granted Critical
Publication of CN115543549B publication Critical patent/CN115543549B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45562Creating, deleting, cloning virtual machine instances
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45583Memory management, e.g. access or allocation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention provides a container with the application running effect consistent with that of a host machine, which can ensure that a user is consistent with the host machine in application use habit, and the container is kept transparent and unaware, so that inconvenience and burden are not brought to the use of the user of final application. The container can ensure that the application use habit of a user is consistent with that of a host machine, the container can be completely shielded in the application installation and operation process, so that the container-based application installed and operated by the user is basically consistent with the common application on the host machine, the transparency and the no perception are realized, and the learning cost of the common user is obviously reduced.

Description

一种应用运行效果与宿主机一致的容器A container whose application running effect is consistent with that of the host

技术领域technical field

本发明涉及软件设计开发技术领域,具体涉及一种应用运行效果与宿主机一致的容器。The invention relates to the technical field of software design and development, in particular to a container whose application operation effect is consistent with that of a host computer.

背景技术Background technique

容器技术是一种内核轻量级的操作系统层虚拟化技术,与虚拟机的硬件抽象层虚拟化方式不同,容器技术提供了一种共享操作系统内核的虚拟化方法,在执行容器时不用重复加载内核,且容器的内核与宿主机共享,从而能够把硬件资源转化为更多的计算资源。容器主要由Namespace和Cgroup两大机制来保证实现。Namespace:Linux Namespace,命名空间,用于对Linux内核资源进行隔离;Cgroup:Control group,控制组群,用于管理Linux内核资源.具体地,命名空间是在当前运行的系统环境中隔离另一个进程的运行环境出来,并在此运行环境中将一些必要的系统全局资源进行虚拟化。进程可以运行在指定的命名空间中,命名空间中的每个进程都认为自己拥有所有这些虚拟化的全局资源。控制组群就是对命名空间资源进行管理的Linux内核功能,其可以用来限制、控制与分离一个进程组的资源,如CPU、内存、磁盘输入输出等。Container technology is a lightweight operating system layer virtualization technology for the kernel. Different from the hardware abstraction layer virtualization method of the virtual machine, the container technology provides a virtualization method for sharing the operating system kernel, which does not need to be repeated when executing the container. The kernel is loaded, and the kernel of the container is shared with the host, so that hardware resources can be converted into more computing resources. The container is mainly guaranteed by the two mechanisms of Namespace and Cgroup. Namespace: Linux Namespace, namespace, used to isolate Linux kernel resources; Cgroup: Control group, control group, used to manage Linux kernel resources. Specifically, namespace is to isolate another process in the currently running system environment In this operating environment, some necessary system global resources are virtualized. Processes can run in a specified namespace, and each process in the namespace thinks it owns all these virtualized global resources. A control group is a Linux kernel function that manages namespace resources, which can be used to limit, control, and separate resources of a process group, such as CPU, memory, and disk input and output.

一般情况下,容器与宿主机、容器与容器之间的资源是相互隔离的,容器需要单独使用命令行的方式启动,与宿主机各种文件不共享,无法做到无感知运行应用程序。由此可见,容器是目前软件部署、运行的常用工具,一般运行在服务器上,其特征是容器与容器之间、容器与宿主机之间是资源隔离的,其主要目的是保证容器之间不会互相干扰,保证容器数据的安全性。但是将容器技术引入客户机时,由于经常需要使用命令行操作容器,部分常见操作还需要进入容器内部完成,容器内部的命令行配套工具也不齐全,导致非专业用户使用、学习容器的难度极大。同时容器与宿主机的数据独立、资源隔离,会导致部分为客户端开发的应用无法正常使用。Under normal circumstances, the resources between the container and the host, and between the container and the container are isolated from each other. The container needs to be started by using the command line alone. It does not share various files with the host, and it is impossible to run applications without awareness. It can be seen that the container is a common tool for software deployment and operation at present. It generally runs on the server. It is characterized by resource isolation between the container and the container, and between the container and the host. They will interfere with each other to ensure the security of container data. However, when the container technology is introduced into the client machine, because the container is often used to operate the container, some common operations need to be completed inside the container, and the command line supporting tools inside the container are not complete, which makes it extremely difficult for non-professional users to use and learn containers. Big. At the same time, the data independence and resource isolation between the container and the host machine will cause some applications developed for the client to fail to work normally.

综上,部分用户可能想要在客户机上使用容器技术运行其应用,然而将容器技术引入客户机时,用户启动应用、观察应用运行状态、导入导出文件、手动读写文件等常见操作都需要使用命令行工具完成,甚至大部分操作需要进入容器内部完成,而容器内部的各种配套工具往往不齐全,需要用户自行安装,这就给用户使用基于容器运行的应用带来了极大的困难。由于容器资源隔离,部分客户机上常见操作可能无法在容器中实现,比如办公软件打开一份文档,或者是使用聊天软件下载一份资料并保存到指定目录,亦或是将某些文件拷贝至U盘等等。这导致相当一部分应用无法在客户机上基于容器使用。To sum up, some users may want to use container technology to run their applications on the client. However, when container technology is introduced into the client, common operations such as starting the application, observing the running status of the application, importing and exporting files, and manually reading and writing files need to use The command line tool is completed, and even most of the operations need to be completed inside the container, and the various supporting tools inside the container are often incomplete and need to be installed by the user, which brings great difficulties to the user to use the application based on the container. Due to the isolation of container resources, some common operations on the client may not be implemented in the container, such as opening a document with office software, or downloading a document with chat software and saving it to a specified directory, or copying some files to U disk and so on. As a result, quite a few applications cannot be used on the client based on containers.

发明内容Contents of the invention

有鉴于此,本发明提出了一种应用运行效果与宿主机一致的容器,能够确保用户在应用使用习惯上与宿主机一致,保持容器是透明无感知的,从而不对最终应用的用户使用带来任何不便与负担。In view of this, the present invention proposes a container whose application running effect is consistent with that of the host machine, which can ensure that the user's application usage habits are consistent with the host machine, and keep the container transparent and non-perceptual, so as not to bring any harm to the user of the final application. Any inconvenience and burden.

为实现上述目的,本发明的技术方案为:To achieve the above object, the technical solution of the present invention is:

一种应用运行效果与宿主机一致的容器,所述容器的用户、网络、挂载、主机名、进程间通信和进程上下文与宿主机系统完全一致,进而使容器进程能和宿主机以及其他容器的进程进行通信,并接受宿主机操作系统对进程的统一管理;所述容器的应用窗口与宿主机窗口系统完全融合;所述容器与宿主机系统用户环境完全一致,在宿主机系统和容器中都能看到用户数据的实时变化,其中所述容器通过挂载当前用户的home目录,确保存取当前登录用户的数据;所述容器中包括功能完备的系统库,使得应用的运行与在宿主机上比没有差异;所述容器中包括bash shell、ssh、ftp、浏览器与httpd系统工具;所述容器配置信息与应用同步;所述容器支持快捷方式,提供创建快捷方式的接口。A container whose application running effect is consistent with that of the host machine. The user, network, mount, host name, inter-process communication, and process context of the container are completely consistent with the host system, so that the container process can communicate with the host machine and other containers communicate with the process of the host machine, and accept the unified management of the process by the host operating system; the application window of the container is completely integrated with the window system of the host machine; Can see the real-time changes of user data, wherein the container ensures access to the data of the currently logged-in user by mounting the home directory of the current user; the container includes a system library with complete functions, so that the operation of the application There is no difference on the host computer; the container includes bash shell, ssh, ftp, browser and httpd system tools; the container configuration information is synchronized with the application; the container supports shortcuts and provides an interface for creating shortcuts.

其中,所述容器只创建虚拟的根文件系统外,不构造其他名字空间,同时,将相应的配置文件都挂载到容器的根文件系统中,使得用户、网络、挂载和主机名配置信息与宿主机的完全一致;Wherein, the container only creates a virtual root file system, and does not construct other name spaces. Exactly the same as that of the host machine;

其中,所述根文件系统包括应用运行过程中对系统的修改形成的状态目录、应用镜像包含和自带的目录、内核文件系统目录、宿主机相关文件系统目录四个来源,所述容器把所述四个来源进行整合,体现为一个完整的根文件系统。Wherein, the root file system includes four sources: the state directory formed by the modification of the system during the application running process, the directory contained in and included in the application image, the kernel file system directory, and the host-related file system directory. The above four sources are integrated to form a complete root file system.

其中,对于2D图形,容器内应用通过X11客户端的Socket实现与宿主机图形服务的通信,并向宿主机图形服务发送图形数据来展示图形界面;对于3D图形,容器内预置了mesa图形库,应用调用mesa库来使用本机的GPU,从而展示3D图形。Among them, for 2D graphics, the application in the container communicates with the host graphics service through the Socket of the X11 client, and sends graphics data to the host graphics service to display the graphics interface; for 3D graphics, the mesa graphics library is preset in the container. The application calls the mesa library to use the local GPU to display 3D graphics.

其中,所述容器通过选取/etc目录挂载内容,部分mount部分自建的方式,控制应用配置信息仅限于应用所安装的文件系统中可见,防止容器中和宿主机操作系统中出现多余的配置信息。Among them, the container selects the /etc directory to mount the content, and some mounts and some self-built methods control the application configuration information to be visible only in the file system installed by the application, so as to prevent redundant configurations in the container and the host operating system information.

其中,快捷方式通过双击执行的方式启动关联的应用;开发人员制作好应用镜像后,编写安装脚本,在安装脚本中调用本发明容器的加载镜像命令以及创建快捷方式命令。Wherein, the shortcut is executed by double-clicking to start the associated application; after the developer makes the application image, he writes the installation script, and calls the image loading command and the shortcut creation command of the container of the present invention in the installation script.

有益效果:Beneficial effect:

1、本发明容器能够确保用户在应用使用习惯上与宿主机一致,可以在应用安装、运行的过程中完全屏蔽掉容器的存在,使得用户安装、运行基于容器的应用与普通在宿主机上的应用基本一致,实现透明无感知,显著降低了普通用户的学习成本。1. The container of the present invention can ensure that the user's application usage habits are consistent with the host machine, and can completely shield the existence of the container during the application installation and running process, so that the user installs and runs the application based on the container. The application is basically the same, transparent and imperceptible, which significantly reduces the learning cost of ordinary users.

2、本发明容器除了必要的应用目录外,其他目录均与宿主机共享,使得应用运行在容器中与运行在宿主机上表现一致,提高了容器在客户机上的可用性。2. Except for the necessary application directory, the container of the present invention shares other directories with the host computer, so that the performance of the application running in the container is consistent with that running on the host computer, and the usability of the container on the client computer is improved.

3、本发明容器提供自己的根文件系统,把包括应用运行过程中对系统的修改形成的状态目录、应用镜像包含和自带的目录、内核文件系统目录以及宿主机相关文件系统目录四个来源进行整合,体现为一个完整的根文件系统。3. The container of the present invention provides its own root file system, including the state directory formed by the modification of the system during the application running process, the directory contained in the application image and its own directory, the kernel file system directory, and the host-related file system directory. It is integrated and embodied as a complete root file system.

具体实施方式detailed description

下面举实施例,对本发明进行详细描述。Examples are given below to describe the present invention in detail.

为了更好的说明本发明的工作过程,对以下概念进行解释:In order to better illustrate the working process of the present invention, the following concepts are explained:

挂载是指由操作系统使一个存储设备(诸如硬盘、CD-ROM或共享资源)上的计算机文件和目录可供用户通过计算机的文件系统访问的一个过程。对于Linux系统,一般来说当计算机开机时,被第一个挂载的文件系统叫做根文件系统,它也是内核映像所在的文件系统。其余所有的文件系统都需要挂载到根文件系统下的某个目录中才可以访问;当计算机关机时,每个已挂载存储都将经历一次卸载,以确保所有排队的数据被写入,并保证介质上文件系统结构的完整性。当进行挂载时,操作系统会做两件事情,一是将被挂载文件系统的超级块读入内存;二是将超级块的挂载字段设置成挂载点的相关信息,以记录该文件系统的挂载位置。Mounting refers to the process by which the operating system makes computer files and directories on a storage device (such as a hard disk, CD-ROM, or shared resource) available to users through the computer's file system. For Linux systems, generally speaking, when the computer is turned on, the first mounted file system is called the root file system, which is also the file system where the kernel image is located. All other file systems need to be mounted in a directory under the root file system before they can be accessed; when the computer is shut down, each mounted storage will undergo an unmount to ensure that all queued data is written, And ensure the integrity of the file system structure on the medium. When mounting, the operating system will do two things, one is to read the super block of the mounted file system into the memory; the other is to set the mount field of the super block to the relevant information of the mount point to record the Where to mount the file system.

本发明提供了一种应用运行效果与宿主机一致的容器,主要面向客户端应用,可以在应用安装、运行的过程中完全屏蔽掉容器的存在,使得用户安装、运行基于容器的应用与普通在宿主机上的应用基本一致,确保用户在应用使用习惯上与宿主机一致,保持容器是透明无感知的,从而不对最终应用的用户使用带来任何不便与负担,显著降低了普通用户的学习成本。本发明容器除了必要的应用目录外,其他目录均与宿主机共享,使得应用运行在容器中与运行在宿主机上表现一致,提高了容器在客户机上的可用性。本发明容器具体如下:The present invention provides a container whose application operation effect is consistent with that of the host machine, which is mainly oriented to client applications, and can completely shield the existence of the container during the process of application installation and operation, so that users can install and run container-based applications in the same way as ordinary The application on the host machine is basically the same, ensuring that the user's application habits are consistent with the host machine, and keeping the container transparent and insensitive, so as not to bring any inconvenience and burden to the user of the final application, and significantly reducing the learning cost of ordinary users . Except for the necessary application directory, the container of the present invention shares other directories with the host computer, so that the performance of the application running in the container is consistent with that of running on the host computer, and the usability of the container on the client computer is improved. Container of the present invention is specifically as follows:

1)本发明容器的用户、网络、挂载、主机名、进程间通信和进程上下文与宿主机系统完全一致,进而使容器进程能和宿主机以及其他容器的进程进行通信,并接受宿主机操作系统对进程的统一管理。为了达到这个效果,容器除了创建虚拟的根文件系统外,不构造其他名字空间(namespace),包括User、PID、network、mount、ipc、uts和cgroup,同时,将相应的配置文件都挂载到容器的根文件系统中,使得用户、网络、挂载和主机名等配置信息与宿主机的完全一致。其中,容器需要提供自己的根文件系统,它有四个来源,包括应用运行过程中对系统的修改形成的状态目录、应用镜像包含和自带的目录、内核文件系统目录、宿主机相关文件系统目录,容器需要把以上来源进行整合,体现为一个完整的根文件系统,如表1所示。1) The user, network, mount, host name, inter-process communication, and process context of the container of the present invention are completely consistent with the host system, so that the container process can communicate with the host and other container processes, and accept host operations Unified management of the process by the system. In order to achieve this effect, in addition to creating a virtual root file system, the container does not construct other namespaces (namespace), including User, PID, network, mount, ipc, uts and cgroup, and at the same time, mount the corresponding configuration files to In the root file system of the container, the configuration information such as user, network, mount, and host name is exactly the same as that of the host machine. Among them, the container needs to provide its own root file system, which has four sources, including the state directory formed by the modification of the system during the application running process, the directory contained in and brought by the application image, the kernel file system directory, and the host-related file system Directories and containers need to integrate the above sources into a complete root file system, as shown in Table 1.

表1根文件系统表Table 1 root file system table

目录名称directory name 创建方式Creation method 备注Remark 应用及其状态目录Application and its state directory 容器镜像自带目录The container image comes with its own directory 包含应用运行所依赖的文件,以及应用运行过程中存储应用状态的文件。Contains the files that the application depends on and the files that store the state of the application while the application is running. 内核文件系统目录kernel file system directory 挂载mount 包含所有提供设备信息的目录Contains all directories providing device information 与应用运行环境相关目录Directory related to the application runtime environment 挂载mount 包含用户目录、主机环境目录、主机媒体目录、主机块设备目录、主机临时目录、主机配置目录等等,这些目录提供容器内应用与宿主机的资源和状态共享能力。Contains user directory, host environment directory, host media directory, host block device directory, host temporary directory, host configuration directory, etc. These directories provide resource and status sharing capabilities between applications in containers and the host. 应用运行库及加载策略相关目录Application runtime and loading strategy related directories 容器镜像自带目录The container image comes with its own directory 这些目录决定应用能否正常运行,各应用不一致,需由容器镜像自带 These directories determine whether the application can run normally. Each application is inconsistent and needs to be provided by the container image.

2)本发明容器的应用窗口与宿主机窗口系统完全融合,用户在应用启停、界面操作等过程中感觉不到容器的存在。对于2D图形,容器内应用通过X11客户端的Socket实现与宿主机图形服务的通信,并向宿主机图形服务发送图形数据来展示图形界面;对于3D图形,容器内预置了mesa图形库,应用可以调用mesa库来使用本机的GPU,从而展示3D图形;对于界面输入、窗口管理器、任务栏等其他界面能力,只要沙箱内应用能够基于X11实现与宿主机图形服务的通信,就可以被宿主机图形服务统一管理。2) The application window of the container of the present invention is completely integrated with the host window system, and the user does not feel the existence of the container during the process of application startup and stop, interface operation, etc. For 2D graphics, the application in the container communicates with the host graphics service through the Socket of the X11 client, and sends graphics data to the host graphics service to display the graphics interface; for 3D graphics, the mesa graphics library is preset in the container, and the application can Call the mesa library to use the local GPU to display 3D graphics; for interface input, window manager, taskbar and other interface capabilities, as long as the application in the sandbox can communicate with the host graphics service based on X11, it can be used Unified management of host graphics services.

3)本发明容器与宿主机系统用户环境完全一致,在宿主机系统和容器中都能看到用户数据的实时变化。容器通过挂载当前用户的home目录,确保可以存取当前登录用户的数据。3) The container of the present invention is completely consistent with the user environment of the host system, and real-time changes of user data can be seen in both the host system and the container. The container ensures that the data of the currently logged-in user can be accessed by mounting the home directory of the current user.

4)本发明容器中包括功能完备的系统库,使得应用的运行与在宿主机上比没有差异。容器通过集成功能完备的系统库,涵盖包管理、系统管理、系统交互等10多个方面,满足上层应用对系统库的绝大部分需求。4) The container of the present invention includes a system library with complete functions, so that there is no difference between the operation of the application and that on the host computer. By integrating a system library with complete functions, the container covers more than 10 aspects such as package management, system management, and system interaction, and meets most of the needs of upper-level applications for the system library.

5)本发明容器中包括方便易用的系统工具,降低用户进入、使用和管理容器的难度。本实施例容器通过提供bash shell、ssh、ftp、浏览器与httpd等容器内系统工具,降低用户进入、使用和管理容器的难度。5) The container of the present invention includes convenient and easy-to-use system tools, reducing the difficulty for users to enter, use and manage the container. The container in this embodiment reduces the difficulty for users to enter, use and manage the container by providing system tools in the container such as bash shell, ssh, ftp, browser, and httpd.

6)本发明容器配置信息与应用同步,部分应用在/etc目录下存放与之相关的配置信息,由于宿主机上的应用无法被容器直接访问与控制,反之亦然,所以需要防止容器中和宿主机操作系统中出现多余的配置信息,给用户和应用的使用带来不便。本发明容器通过选取/etc目录挂载内容,部分mount部分自建的方式,控制应用配置信息仅限于应用所安装的文件系统中可见,防止容器中和宿主机操作系统中出现多余的配置信息。6) The container configuration information of the present invention is synchronized with the application, and some applications store related configuration information in the /etc directory. Since the application on the host machine cannot be directly accessed and controlled by the container, and vice versa, it is necessary to prevent the container from being neutralized. Redundant configuration information appears in the host operating system, which brings inconvenience to users and applications. The container of the present invention selects the /etc directory to mount the content, and partially mounts and partially builds itself to control the application configuration information to be visible only in the file system installed by the application, preventing redundant configuration information from appearing in the container and the host operating system.

7)本发明容器支持快捷方式,提供创建快捷方式的接口,快捷方式可以通过双击执行的方式启动关联的应用。开发人员制作好应用镜像后,可以编写安装脚本,在安装脚本中调用本发明容器的加载镜像命令以及创建快捷方式命令,从而在用户安装、使用过程完全屏蔽“容器”这一概念的存在,实现透明无感知。7) The container of the present invention supports shortcuts and provides an interface for creating shortcuts. The shortcuts can be executed by double-clicking to start associated applications. After the developer makes the application image, he can write the installation script, and call the image loading command and the shortcut creation command of the container of the present invention in the installation script, so as to completely shield the existence of the concept of "container" in the process of user installation and use, and realize Transparent and imperceptible.

综上所述,以上仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。To sum up, the above are only preferred embodiments of the present invention, and are not intended to limit the protection scope of the present invention. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included within the protection scope of the present invention.

Claims (5)

1.一种应用运行效果与宿主机一致的容器,其特征在于,所述容器的用户、网络、挂载、主机名、进程间通信和进程上下文与宿主机系统完全一致,进而使容器进程能和宿主机以及其他容器的进程进行通信,并接受宿主机操作系统对进程的统一管理;所述容器的应用窗口与宿主机窗口系统完全融合;所述容器与宿主机系统用户环境完全一致,在宿主机系统和容器中都能看到用户数据的实时变化,其中所述容器通过挂载当前用户的home目录,确保存取当前登录用户的数据;所述容器中包括功能完备的系统库,使得应用的运行与在宿主机上比没有差异;所述容器中包括bash shell、ssh、ftp、浏览器与httpd系统工具;所述容器配置信息与应用同步;所述容器支持快捷方式,提供创建快捷方式的接口。1. A container whose application operation effect is consistent with that of the host machine, characterized in that the user, network, mount, host name, inter-process communication, and process context of the container are completely consistent with the host machine system, so that the container process can Communicate with the process of the host and other containers, and accept the unified management of the process by the host operating system; the application window of the container is completely integrated with the window system of the host; the container is completely consistent with the user environment of the host system. Real-time changes of user data can be seen in both the host system and the container, wherein the container ensures access to the data of the currently logged-in user by mounting the home directory of the current user; the container includes a system library with complete functions, so that There is no difference between the operation of the application and that on the host machine; the container includes bash shell, ssh, ftp, browser and httpd system tools; the configuration information of the container is synchronized with the application; the container supports shortcuts and provides shortcuts for creating way interface. 2.如权利要求1所述的容器,其特征在于,所述容器只创建虚拟的根文件系统外,不构造其他名字空间,同时,将相应的配置文件都挂载到容器的根文件系统中,使得用户、网络、挂载和主机名配置信息与宿主机的完全一致;2. The container according to claim 1, wherein the container only creates a virtual root file system and does not construct other namespaces, and at the same time, mounts the corresponding configuration files into the root file system of the container , so that the user, network, mount and hostname configuration information are exactly the same as those of the host machine; 其中,所述根文件系统包括应用运行过程中对系统的修改形成的状态目录、应用镜像包含和自带的目录、内核文件系统目录、宿主机相关文件系统目录四个来源,所述容器把所述四个来源进行整合,体现为一个完整的根文件系统。Wherein, the root file system includes four sources: the state directory formed by the modification of the system during the application running process, the directory contained in and included in the application image, the kernel file system directory, and the host-related file system directory. The above four sources are integrated to form a complete root file system. 3.如权利要求1或2所述的容器,其特征在于,对于2D图形,容器内应用通过X11客户端的Socket实现与宿主机图形服务的通信,并向宿主机图形服务发送图形数据来展示图形界面;对于3D图形,容器内预置了mesa图形库,应用调用mesa库来使用本机的GPU,从而展示3D图形。3. The container according to claim 1 or 2, wherein, for 2D graphics, the application in the container communicates with the graphics service of the host machine through the Socket of the X11 client, and sends graphics data to the graphics service of the host machine to display the graphics Interface; for 3D graphics, the mesa graphics library is preset in the container, and the application calls the mesa library to use the local GPU to display 3D graphics. 4.如权利要求1或2所述的容器,其特征在于,所述容器通过选取/etc目录挂载内容,部分mount部分自建的方式,控制应用配置信息仅限于应用所安装的文件系统中可见,防止容器中和宿主机操作系统中出现多余的配置信息。4. The container according to claim 1 or 2, wherein the container selects the /etc directory to mount the content, and partially mounts and partially builds itself, so that the control application configuration information is limited to the file system installed by the application It can be seen that redundant configuration information is prevented from appearing in the container and the host operating system. 5.如权利要求1或2所述的容器,其特征在于,快捷方式通过双击执行的方式启动关联的应用;开发人员制作好应用镜像后,编写安装脚本,在安装脚本中调用本发明容器的加载镜像命令以及创建快捷方式命令。5. The container according to claim 1 or 2, wherein the shortcut starts the associated application by double-clicking it; after the developer makes the application image, he writes an installation script, and calls the container of the present invention in the installation script. Load image command and create shortcut command.
CN202211523031.6A 2022-12-01 2022-12-01 Container with application running effect consistent with host machine Active CN115543549B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211523031.6A CN115543549B (en) 2022-12-01 2022-12-01 Container with application running effect consistent with host machine

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211523031.6A CN115543549B (en) 2022-12-01 2022-12-01 Container with application running effect consistent with host machine

Publications (2)

Publication Number Publication Date
CN115543549A true CN115543549A (en) 2022-12-30
CN115543549B CN115543549B (en) 2023-04-07

Family

ID=84721869

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211523031.6A Active CN115543549B (en) 2022-12-01 2022-12-01 Container with application running effect consistent with host machine

Country Status (1)

Country Link
CN (1) CN115543549B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117076005A (en) * 2023-10-16 2023-11-17 龙芯中科技术股份有限公司 Application running method and device, electronic equipment and storage medium
CN118963846A (en) * 2024-10-17 2024-11-15 湖北芯擎科技有限公司 Container-based operating system control method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107229509A (en) * 2017-06-09 2017-10-03 山东超越数控电子有限公司 The creation method of container type virtual machine under a kind of platform of soaring
US10055578B1 (en) * 2016-05-17 2018-08-21 Sprint Communications Company L.P. Secure software containers
CN110308968A (en) * 2019-06-26 2019-10-08 深圳前海微众银行股份有限公司 Maintain host and the consistent method, apparatus of container group #, equipment and medium
CN113852573A (en) * 2021-10-18 2021-12-28 杭州安恒信息技术股份有限公司 Container cross-host communication method, device, equipment and medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10055578B1 (en) * 2016-05-17 2018-08-21 Sprint Communications Company L.P. Secure software containers
CN107229509A (en) * 2017-06-09 2017-10-03 山东超越数控电子有限公司 The creation method of container type virtual machine under a kind of platform of soaring
CN110308968A (en) * 2019-06-26 2019-10-08 深圳前海微众银行股份有限公司 Maintain host and the consistent method, apparatus of container group #, equipment and medium
CN113852573A (en) * 2021-10-18 2021-12-28 杭州安恒信息技术股份有限公司 Container cross-host communication method, device, equipment and medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陆志刚等: "基于分片复用的多版本容器镜像加载方法", 《软件学报》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117076005A (en) * 2023-10-16 2023-11-17 龙芯中科技术股份有限公司 Application running method and device, electronic equipment and storage medium
CN117076005B (en) * 2023-10-16 2024-03-01 龙芯中科技术股份有限公司 Application running method and device, electronic equipment and storage medium
CN118963846A (en) * 2024-10-17 2024-11-15 湖北芯擎科技有限公司 Container-based operating system control method

Also Published As

Publication number Publication date
CN115543549B (en) 2023-04-07

Similar Documents

Publication Publication Date Title
US8707305B2 (en) Failure management for a virtualized computing environment
US8904081B1 (en) Composing a virtual disk using application delta disk images
US8505006B1 (en) Resource management in virtual machines using dynamic table for performing resource queries
US9116680B2 (en) Dynamically building locale objects or subsections of locale objects based on historical data
US5842226A (en) Virtual memory management for a microkernel system with multiple operating systems
US8725689B1 (en) Method and system for creation, analysis and navigation of virtual snapshots
US9465518B1 (en) Method and system for creation, analysis and navigation of virtual snapshots
US7409694B2 (en) Highly componentized system architecture with loadable virtual memory manager
US6301582B1 (en) System and method for storage of shared persistent objects
US9189436B2 (en) Abstracting special file interfaces to concurrently support multiple operating system levels
US6792606B2 (en) Method and apparatus for object persistence
US20170123996A1 (en) Direct Mapped Files in Virtual Address-Backed Virtual Machines
US8484641B2 (en) Implementing a versioned virtualized application runtime environment
US20120089650A1 (en) System and method for a storage system
US20030033441A1 (en) Highly componentized system architecture with a demand-loading namespace and programming model
FR2910985A1 (en) Client physical address translating apparatus i.e. bare platform hardware, for partitioning information processing system e.g. personal computer, has logics translating two addresses to other addresses in partitions, respectively
CN1790294A (en) System and method to preserve a cache of a virtual machine
CN115543549B (en) Container with application running effect consistent with host machine
IE980480A1 (en) System and Method for Updating partition Mappings to Logical Drives in a Computer Memory Device.
US12443401B2 (en) Hybrid approach to performing a lazy pull of container images
US20140082275A1 (en) Server, host and method for reading base image through storage area network
US20070288682A1 (en) Computer system and method providing a memory buffer for use with native and platform-independent software code
US9141352B2 (en) Dynamically building locale objects at run-time
US8677354B2 (en) Controlling kernel symbol visibility and accessibility across operating system linkage spaces
CN115309511A (en) Xen-based data interaction method and device, storage medium and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant