[
https://issues.apache.org/jira/browse/DRILL-8359?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17647053#comment-17647053
]
ASF GitHub Bot commented on DRILL-8359:
---------------------------------------
jnturton commented on PR #2713:
URL: https://github.com/apache/drill/pull/2713#issuecomment-1351106936
@cgivre I've added a boot option that disables mount commands by default. So
to make your Drill servers vulnerable to malicious Drill admins you have to set
that in drill-override first. I can also add a message saying "think hard about
the OS privileges that your Drill process user has before switching this on" to
the docs for this feature and that's about all I can think to do for security
here...
> Add mount and unmount command support to the filesystem plugin
> --------------------------------------------------------------
>
> Key: DRILL-8359
> URL: https://issues.apache.org/jira/browse/DRILL-8359
> Project: Apache Drill
> Issue Type: Improvement
> Components: Storage - File
> Affects Versions: 1.20.2
> Reporter: James Turton
> Assignee: James Turton
> Priority: Minor
> Fix For: 2.0.0
>
>
> This Jira proposes optional mount and unmount commands in the filesystem
> plugin with the goal of enabling the dynamic definition of filesystem mounts
> in the storage configuration. It is mainly anticpiated that network and cloud
> filesystems that have FUSE drivers (sshfs, davfs, rclone, ...) will be used
> in this way but local device mounts and image/loop device mounts (ISO, IMG,
> squashfs, etc.) might also be of interest. Filesystems that can be mounted in
> this way become queryable by Drill cluster without burden of dedicated
> storage plugin development.
> The provided commands are executed in their own processes by the host OS and
> run under the OS user that is running the Drill JVM. The mount command will
> be executed when an enabled plugin is initialised (something that is done
> lazily) and whenever it transitions from disabled to enabled. The provided
> unmount command will be executed whenever a plugin transitions from enabled
> to disabled and when the Drillbit shuts down while the plugin has been
> initialised and is enabled.
> Example using udisks on Linux to mount and unmount an image of an ext4
> filesystem.
> {code:java}
> {
> "type" : "file",
> "connection" : "file:///",
> "mountCommand" : [ "sh", "-c", "udisksctl loop-setup -f /tmp/test.img &&
> udisksctl mount -b /dev/loop0" ],
> "unmountCommand" : [ "sh", "-c", "udisksctl unmount -b /dev/loop0 &&
> udisksctl loop-delete -b /dev/loop0" ],
> "workspaces" : {
> ...{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
