Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This action is responsive to the amendment filed 07/21/2021. In the instant amendment, claims 1, 8-9 and 15 have been amended. Claims 21-29 are newly added.
Claims 1-3, 8-10, 15-17, and 21-29 have been examined, and all remained pending claims are allowed.

Examiner’s Statement of Reasons for Allowance
Prior Arts:
US 2018/0144123 to Levin 
[0021] Some embodiments disclosed herein also include a host device for securing execution of software containers using security profiles. The host device comprises a processing circuitry; and a memory, the memory containing instructions that, when executed by the processing circuitry, configure the host device to: receive an event indicating that a container image requires profiling, wherein the container image includes resources utilized to execute a corresponding application container; generate a security profile for the container image when the event is received, wherein the generated security profile indicates at least networking ports that are allowed for at least one of: access to the application container, and access by the application container; monitor an operation of a runtime execution of the application container; and detect a violation of the security profile based on the monitored operation. 

US 2009/0271472 to Scheifler
[0131] In this example, all that is left to do is to connect the servlet containers out to the Internet, making them accessible through a load balancer. In this example, a Layer-4 load balancer will be set up to manage distribution of work between the replicas that were created. The example code below includes instructions that, when executed, may create and configure the load balancer, according to one embodiment. As shown below, the code includes an operation to create an empty configuration, and a system call to allocate an Internet address for the service, naming the resource 

US 2016/0359955 to Gill
 [0067] Returning to the discussion of the shown control virtual machine 130.sub.1, in addition to the aforementioned configuration and control functions pertaining to user containers, the control virtual machine 130.sub.1 includes functionality to populate one or more container service machines with preconfigured executable containers 165 that are retrieved from a container repository and registry 164. A set of user containers might be selected, and downloaded, and configured individually and collectively into an application group 151. The set of user containers in application group 151 can be configured individually and/or collectively so as to function as a group, possibly to carry out a serializable series of operations (e.g., as a pipeline of operations), and/or to carry out a series of parallelizable or partially parallelizable operations (e.g., a fork-join operation). The aforementioned container agent can perform configuration and other operations autonomously, or in conjunction with the control virtual machine.

The prior art of record (Duan in view of Chugtu, Levin, Scheifler, and Gill) does not disclose and/or fairly suggest at least claimed limitations recited in such manners in independent claim 1 "... opening a stored manifest for the application container, the stored manifest comprising configuration settings for the newly added application container, wherein the stored manifest for the application data further comprises information indicating an image file in which executable code for the application container is stored, incoming and outgoing ports for the application container, services to which the application container connects, and user credentials to access the services; retrieving running services information regarding the application container, the running services information including information provided by the container service about the application container running on the container system; generating a security policy for the application container, the security policy defining a set of actions for which the application container can perform, the set of actions determined using the manifest and the running service information associated with the application container; loading the security policy at a security container, the security container configured to, upon loading the security policy, block an action performed by the application container in response to determining that the action performed by the application container does not match any action in the set of actions defined in the security policy for the application container ...” and similarly recited in such manners in other independent claim 8, 15, 21, 24 and 27.
These claimed limitations are not present in the prior art of record and would not have been obvious, thus all pending claims 1-3, 8-10, 15-17, and 21-29 are allowed.
Any comments considered necessary by Applicants must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".

Conclusion
Any inquiry concerning this communication should be directed to examiner Tuan Dao, whose telephone/fax numbers are (571) 270 3387, respectively. The examiner can normally be reached on every Monday-Thursday, and the second Friday of the bi-week from 7:30AM to 5:00PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, 
Chat Do, can be reached at (571) 272 3721.
The fax phone number for the organization where this application or proceeding is assigned is (571) 273 8300.
Any inquiry of a general nature of relating to the status of this application or proceeding should be directed to the TC 2100 Group receptionist whose telephone number is (571) 272 2100.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/TUAN C DAO/Primary Examiner, Art Unit 2193