When you first set up Cloudera Data Science Workbench, you are asked to create a wildcard DNS entry for the Cloudera Data Science Workbench domain. This means user workloads can run in complete isolationįor more details on the Docker security model, see Docker Security Overview. New container each time a session/job/experiment/model is Cloudera Data Science Workbench creates a Isolated Process Namespace: Docker containers cannotĪffect any processes running either on the host operating system They will not otherwise haveĪccess to the underlying host filesystem. The project files, and any specific host volumes you have chosen This means a user launchingĪ Cloudera Data Science Workbench session will only have access to Provided by the container and any host volumes that you haveĮxplicitly mounted into the container. The host file system, but instead sees only the filesystem Isolated File System: The Docker container does not see
The underlying host operating system, but are isolated from the rest of Start shell of running /]# hadoop fs -ls /ĭrwxrwxrwx - hdfs supergroup 0 02:26 /benchmarksĭrwxr-xr-x - hbase supergroup 0 05:03 /hbaseĭrwxrwxrwt - hdfs supergroup 0 05:47 /tmpĭrwxr-xr-x - hdfs supergroup 0 12:06 /userĭrwxr-xr-x - hdfs supergroup 0 02:27 /]# hadoop fs -ls /userĭrwxr-xr-x - cloudera cloudera 0 02:25 /user/clouderaĭrwxr-xr-x - hdfs supergroup 0 12:06 /user/hdfsĭrwxr-xr-x - mapred hadoop 0 02:26 /user/historyĭrwxrwxrwx - hive supergroup 0 02:27 /user/hiveĭrwxrwxrwx - hue supergroup 0 02:26 /user/hueĭrwxrwxrwx - jenkins supergroup 0 02:26 /user/jenkinsĭrwxrwxrwx - oozie supergroup 0 02:27 /user/oozieĭrwxrwxrwx - root supergroup 0 02:26 /user/rootĭrwxr-xr-x - hdfs supergroup 0 02:27 /]# hadoop fs -ls /user/hiveĭrwxrwxrwx - hive supergroup 0 12:07 /user/hive/warehouseĪccess important services running under docker container using browser.