Docker Containerization for R Scripts
Scripts running in a container have full access to the Docker container and have permission to do anything that is possible to do from within the container. The level of isolation a container provides depends on the Docker installation and the privileges given to these containers.
| Configuration | Description |
|---|---|
| R service host isolation | Scripts are prohibited from accessing the file system of the host computer running the Spotfire Service for R. |
| User isolation | The use of engine containers ensures that the same execution environment is not re-used for multiple data functions initiated by different users. |
| Network isolation | Depending on configuration, the R scripts can access external network and other Docker containers that are available from within a container. In many cases, a default installation with engine containers lets scripts access the external network, including the internet, and to access other Docker containers. To restrict access to the network, the Docker containers must be configured to restrict network access. The container options should not be used without additional network configuration, if network isolation is needed. |