[
https://issues.apache.org/jira/browse/HDFS-8736?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14623377#comment-14623377
]
Steve Loughran commented on HDFS-8736:
--------------------------------------
This would only work if you were running the hadoop client code in a Java
sandbox which denied access to forbidden operations (java.io) , including the
file operations for local files, and the network operations which allow you to
open a TCP port. It'd require the hadoop team to attempt to implement the
sandboxing, which is not anything that we're willing to take on (AFAIK).
Purvesh: what problem are you trying to solve here?
> ability to deny access to different filesystems
> -----------------------------------------------
>
> Key: HDFS-8736
> URL: https://issues.apache.org/jira/browse/HDFS-8736
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.5.0
> Reporter: Purvesh Patel
> Priority: Minor
> Labels: security
> Attachments: Patch.pdf
>
>
> In order to run in a secure context, ability to deny access to different
> filesystems(specifically the local file system) to non-trusted code this
> patch adds a new SecurityPermission class(AccessFileSystemPermission) and
> checks the permission in FileSystem#get before returning a cached file system
> or creating a new one. Please see attached patch.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
