Mesos will let you run in docker containers, so you get filesystem isolation, and we're about to merge CNI support: https://github.com/apache/spark/pull/15740, which would allow you to set up network policies. Though you might be able to achieve whatever network isolation you need without CNI, depending on your requirements.
As far as unauthenticated HDFS clusters, I would recommend against running untrusted code on the same network as your secure HDFS cluster. On Fri, Nov 4, 2016 at 4:13 PM, blazespinnaker <blazespinna...@gmail.com> wrote: > In particular, we need to make sure the RDDs execute the lambda functions > securely as they are provided by user code. > > > > -- > View this message in context: http://apache-spark-user-list. > 1001560.n3.nabble.com/sanboxing-spark-executors-tp28014p28024.html > Sent from the Apache Spark User List mailing list archive at Nabble.com. > > --------------------------------------------------------------------- > To unsubscribe e-mail: user-unsubscr...@spark.apache.org > > -- Michael Gummelt Software Engineer Mesosphere