Resource View Isolation Mechanism On Micro-kernel Operating System Minix

With the development of cloud computing,edge computing is becoming more and more popular,which leads to increasing demand for container technology in edge environment.Because of their outstanding framework advantages,operating systems based on micro-kernel architecture have wide application prospects in the edge scenarios.However,up till now micro-kernel operating systems generally have no support for containers,which not only hinders the implementation of container technology on them,but also their application in the cloud ecology.To solve the above problems,a method to realize process resource isolation on micro-kernel operating system Minix is proposed.Inspired by the concept of namespace from Linux,this method divides the user process space into multiple spaces for the resources to be isolated and ensure each space with an independent view of that resource.Each user process is assigned to a space and can only read and write the resource in its own space.Taking advantage of the module encapsulation and inter-process communication features of micro-kernel operating systems,by modifying the logic of corresponding service modules,view isolation of two system resources are realized with two structures of the process-namespace mapping table and namespace-resources mapping table: 1)The Hostname View Isolation mechanism is realized.To solve the problem that there is only one global unique hostname in original Minix,by modifying the Basic Information Management server,Minix user space is logically divided into multiple hostname spaces,each with one hostname shared by processes within it.This enables Minix to support the need of container for an independent hostname.2)The File Mount View Isolation mechanism.To solve the problem that there is only one file mount view in original Minix,by modifying the Virtual File System server,user space is logically divided into multiple file mount namespaces,each with a local file mount view for processes in the space to share.This mechanism satisfies the container's need to have an independent file mount view.We carry out comparative experiments on the above isolation functions respectively.The experimental results show that the improved Minix can effectively implement the above two isolation mechanisms.The impact on performance would not affect actual use.