Execution sandboxing is a security feature that enables you to secure user access to data file locations on the server. Through provisioning of Docker execution containers on a per user basis, users will only have access to their own file upload location, their own temporary execution data location, and the shared file upload location, ensuring that users cannot access each others data files.`
It is recommended that you keep the docker containers, up to date, to ensure these containers have the latest available updates. Follow the steps below to update docker images, depending on your deployed platform.
Update execution containers on Linux
Follow the steps in this section to update execution containers on Linux.
Prerequisites
- The user that runs Data360 Analyze is a member of the Docker group.
- Stop Data360 Analyze. If it is running, use the following command:
bin/stopData360Analyze.sh
- Login to the machine where Data360 Analyze is running, then perform the following, where the
<d3saProcUser>
is the O/S user which runs the Data360 Analyze server:cd <installDir>/
source .profile.lavastorm
bin/laeConfig executionContainers update --processingUser <d3saProcUser>
Note: Additionally, --dockerFile, --imageId and --tags options can be provided to the update command in the same manner as documented for the enable command - if they were provided to the enable command originally. - Log out of Data360 Analyze, then log in again.
- Restart Data360 Analyze by running the following command:
bin/launchData360Analyze.sh
Update execution containers on Windows
Follow the steps in this section to update execution containers on Windows.
Prerequisites
- The user that runs Data360 Analyze has permissions to create, start, stop and destroy containers in Docker.
-
Stop theData360 Analyze services. If they are running, see Starting / stopping the server on Windows Server.
- Login to the machine where Data360 Analyze is running.
- Open a cmd window and run the following:
cd <installDir>/bin
laeConfig.bat executionContainers update
Note: Additionally, --dockerFile, --imageId and --tags options can be provided to the update command in the same manner as documented for the enable command - if they were provided to the enable command originally. - Start the analyze services.