主权项 |
1. A method, comprising:
receiving, by a processor, a request to create an isolated execution environment within a host environment controlled by an operating system executing on a computing system; creating, by the processor, a new process server to support communications with one or more processes to be executed in the isolated execution environment; assigning, by the processor, a security context to the new process server, wherein the creating of the new process server and the assigning of the security context to the new process server creates the isolated execution environment within the host environment, wherein the isolated execution environment is isolated from the host environment; creating, by the processor, a user interface for the isolated execution environment in communication with the new process server; displaying, by the processor, the user interface on a display device of the computing system; receiving, by the processor, identification of hardware resources of the computing system to be specified in a control group of the operating system, wherein the control group specifies an amount of each hardware resource of the hardware resources that are accessible to the isolated execution environment; and applying, by the processor, the control group to the isolated execution environment, the control group specifying hardware resources of the computing system that are accessible to the isolated execution environment. |