Patents by Inventor Henri H. Van Riel
Henri H. Van Riel has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9767273Abstract: Terminating a process executing within a container is described. An access restriction applicable to the process is temporarily modified with a policy change that prevents creating new processes within the container. The policy change prevents operations that would allow processes within the container from performing a fork operation, or otherwise spawning new processes within the container. The policy change may be, for example, applied by means of a rule added or removed from an access restriction policy. While the processes are prevented from creating new processes, one specified process or all processes within the container are terminated. After termination of the process(es), the policy change can be reversed, allowing normal use of the container.Type: GrantFiled: November 26, 2008Date of Patent: September 19, 2017Assignee: Red Hat, Inc.Inventors: Henri H. van Riel, Daniel J. Walsh, Warren I. Togami, Jr.
-
Patent number: 8583770Abstract: A method of creating and managing virtual servers utilizes separate master copies of information such as operating systems, configuration files, and application programs. When a virtual server is created, it loads an appropriate operating system and configuration information. During the boot process, the virtual server is configured to provide a predetermined service. Appropriate application programs are subsequently loaded to support the service configuration. Multiple virtual servers can be created and configured using the master copies of information, thus reducing the amount of customization required by each virtual server. Virtual servers can be easily restarted from failures with minimal loss of data.Type: GrantFiled: February 16, 2005Date of Patent: November 12, 2013Assignee: Red Hat, Inc.Inventor: Henri H. van Riel
-
Patent number: 8479256Abstract: Application of a local instance of a general security policy is described. In a system with an instance of a program executing in a path container, a security policy applicable the the instance of the program is managed locally for the path container. The path container provides a confined execution environment for the program instance, and the security policy defines permitted operations for the program an all its instances. The instance of the security policy is associated with the path container, which allows the program instance to “see” management within the path container as though with the security policy, while entities having permissions outside the path container “see” the program instance limited to the path container and its associated security policy instance.Type: GrantFiled: November 26, 2008Date of Patent: July 2, 2013Assignee: Red Hat, Inc.Inventors: Henri H. van Riel, Daniel J. Walsh, Warren I. Togami, Jr.
-
Patent number: 8312085Abstract: A system is provided for detecting unsolicited bulk email (spam). A list server receives email from various senders as well as queries regarding the senders. A database is used for storing information corresponding to the amount of unsolicited bulk email received at the spamtrap addresses. The list server dynamically makes a determination as to which senders are transmitting a disproportionate amount of email and should be labeled as spammers. The determinations made by the list server are based on the amount of unsolicited bulk email received from senders relative to the total amount of email transmitted by senders.Type: GrantFiled: September 16, 2004Date of Patent: November 13, 2012Assignee: Red Hat, Inc.Inventor: Henri H. van Riel
-
Patent number: 8312195Abstract: A method and system for binding interrupts to central processing units (CPUs). An interrupt controller receives an interrupt that is generated by a device coupled to the computer system. The interrupt controller identifies a preferred CPU associated with the device based on a predetermined binding. If the preferred CPU is currently available, the interrupt is sent to the preferred CPU. If the preferred CPU is not currently available, the interrupt is sent to another CPU in the computer system that is currently available.Type: GrantFiled: February 18, 2010Date of Patent: November 13, 2012Assignee: Red Hat, Inc.Inventor: Henri H. van Riel
-
Patent number: 8312043Abstract: Preventing a process from traversing back a directory tree through its parent directories is described. In a system with a program executing in a path container, an access permission rule applicable to the instance of the program prevents the program from traversing the tree structure back through its parent directories towards an absolute root directory. The access permission rule may be a rule in an instance of a security policy applicable to the particular path container from which the process is executing.Type: GrantFiled: November 26, 2008Date of Patent: November 13, 2012Assignee: Red Hat, Inc.Inventors: Henri H. van Riel, Daniel J. Walsh, Warren I. Togami, Jr.
-
Patent number: 8239610Abstract: A method and system to handle an asynchronous page fault in a virtual machine system. A computer hosts a virtual machine that includes a virtual central processing unit (CPU). The virtual CPU requests access to a page that is not resident in memory. The host operating system of the computer receives an indication of a page fault, and informs the virtual CPU of the page fault. The host operating system provides an identifier associated with the page fault. The host operating system performs page swapping operating in parallel with a new task rescheduled by the virtual CPU, and sends a wake-up signal to the virtual CPU when the page has been brought back into the memory.Type: GrantFiled: October 29, 2009Date of Patent: August 7, 2012Assignee: Red Hat, Inc.Inventors: Henri H. van Riel, Gleb Natapov
-
Publication number: 20110202699Abstract: A method and system for binding interrupts to central processing units (CPUs). An interrupt controller receives an interrupt that is generated by a device coupled to the computer system. The interrupt controller identifies a preferred CPU associated with the device based on a predetermined binding. If the preferred CPU is currently available, the interrupt is sent to the preferred CPU. If the preferred CPU is not currently available, the interrupt is sent to another CPU in the computer system that is currently available.Type: ApplicationFiled: February 18, 2010Publication date: August 18, 2011Applicant: Red Hat, Inc.Inventor: Henri H. van Riel
-
Publication number: 20110107007Abstract: A method and system to handle an asynchronous page fault in a virtual machine system. A computer hosts a virtual machine that includes a virtual central processing unit (CPU). The virtual CPU requests access to a page that is not resident in memory. The host operating system of the computer receives an indication of a page fault, and informs the virtual CPU of the page fault. The host operating system provides an identifier associated with the page fault. The host operating system performs page swapping operating in parallel with a new task rescheduled by the virtual CPU, and sends a wake-up signal to the virtual CPU when the page has been brought back into the memory.Type: ApplicationFiled: October 29, 2009Publication date: May 5, 2011Applicant: Red Hat, Inc.Inventors: Henri H. van Riel, Gleb Natapov
-
Patent number: 7913116Abstract: An embodiment relates generally to a method of restoring data in storage systems. The method includes providing for a current snapshot of a primary storage system at a secondary storage system and mounting an empty volume in the primary storage system. The method also includes receiving a request for a selected block of data in the primary storage system and retrieving a restore block from the secondary storage system, where the restore block encompasses the selected block of data. The method further includes writing the restore block to the empty volume in the primary storage system as an incremental restore process.Type: GrantFiled: February 27, 2008Date of Patent: March 22, 2011Assignee: Red Hat, Inc.Inventors: Henri H. Van Riel, Herman Robert Kenna
-
Publication number: 20100132012Abstract: Application of a local instance of a general security policy is described. In a system with an instance of a program executing in a path container, a security policy applicable the the instance of the program is managed locally for the path container. The path container provides a confined execution environment for the program instance, and the security policy defines permitted operations for the program an all its instances. The instance of the security policy is associated with the path container, which allows the program instance to “see” management within the path container as though with the security policy, while entities having permissions outside the path container “see” the program instance limited to the path container and its associated security policy instance.Type: ApplicationFiled: November 26, 2008Publication date: May 27, 2010Applicant: Red Hat, Inc.Inventors: Henri H. van Riel, Daniel J. Walsh, Warren I. Togami, JR.
-
Publication number: 20100131559Abstract: Preventing a process from traversing back a directory tree through its parent directories is described. In a system with a program executing in a path container, an access permission rule applicable to the instance of the program prevents the program from traversing the tree structure back through its parent directories towards an absolute root directory. The access permission rule may be a rule in an instance of a security policy applicable to the particular path container from which the process is executing.Type: ApplicationFiled: November 26, 2008Publication date: May 27, 2010Applicant: Red Hat, Inc.Inventors: Henri H. van Riel, Daniel J. Walsh, Warren I. Togami, JR.
-
Publication number: 20100132013Abstract: Terminating a process executing within a container is described. An access restriction applicable to the process is temporarily modified with a policy change that prevents creating new processes within the container. The policy change prevents operations that would allow processes within the container from performing a fork operation, or otherwise spawning new processes within the container. The policy change may be, for example, applied by means of a rule added or removed from an access restriction policy. While the processes are prevented from creating new processes, one specified process or all processes within the container are terminated. After termination of the process(es), the policy change can be reversed, allowing normal use of the container.Type: ApplicationFiled: November 26, 2008Publication date: May 27, 2010Applicant: Red Hat, Inc.Inventors: Henri H. van Riel, Daniel J. Walsh, Warren I. Togami, JR.
-
Publication number: 20090217085Abstract: An embodiment relates generally to a method of restoring data in storage systems. The method includes providing for a current snapshot of a primary storage system at a secondary storage system and mounting an empty volume in the primary storage system. The method also includes receiving a request for a selected block of data in the primary storage system and retrieving a restore block from the secondary storage system, where the restore block encompasses the selected block of data. The method further includes writing the restore block to the empty volume in the primary storage system as an incremental restore process.Type: ApplicationFiled: February 27, 2008Publication date: August 27, 2009Inventors: Henri H. Van Riel, Herman Robert Kenna