[
https://issues.apache.org/jira/browse/HDFS-8736?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14619543#comment-14619543
]
Allen Wittenauer commented on HDFS-8736:
----------------------------------------
A) Please see https://wiki.apache.org/hadoop/HowToContribute on how to format a
patch.
B) Plus I'm not convinced this will actually work. You've already hinted at
one problem:
bq. Note that this doesn't prevent clients from creating their own
instances:this may require additional permissions to be withheld
But what's to prevent me from using Java NIO (or whatever) directly, bundling
some JNI, or even including my own FileSystem/FileContext class+definition in
my code? If you don't want people to have access to the local file system, one
is MUCH better off using something like Docker.
> ability to deny access to different filesystems
> -----------------------------------------------
>
> Key: HDFS-8736
> URL: https://issues.apache.org/jira/browse/HDFS-8736
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.5.0
> Reporter: Purvesh Patel
> Priority: Minor
> Labels: security
> Attachments: Patch.pdf
>
>
> In order to run in a secure context, ability to deny access to different
> filesystems(specifically the local file system) to non-trusted code this
> patch adds a new SecurityPermission class(AccessFileSystemPermission) and
> checks the permission in FileSystem#get before returning a cached file system
> or creating a new one. Please see attached patch.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
