From d4c9e1028fb49c28a80ba6d67069336ecea70f5f Mon Sep 17 00:00:00 2001
From: Jamie Finnigan <jfinnigan@hashicorp.com>
Date: Tue, 3 Sep 2019 15:19:46 -0700
Subject: [PATCH] docs: task driver resource isolation & security

---
 website/source/docs/drivers/index.html.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/website/source/docs/drivers/index.html.md b/website/source/docs/drivers/index.html.md
index 0006c71f7..e6c791868 100644
--- a/website/source/docs/drivers/index.html.md
+++ b/website/source/docs/drivers/index.html.md
@@ -29,6 +29,15 @@ used in, and the resource isolation mechanisms available.
 For details on authoring a task driver plugin, please refer to the [plugin
 authoring guide][plugin_guide].
 
+Task driver resource isolation is intended to provide a degree of separation of
+Nomad client CPU / memory / storage between tasks. Resource isolation
+effectiveness is dependent upon individual task driver implementations and
+underlying client operating systems. Task drivers do include various security-
+related controls, but the Nomad client to task interface should not be
+considered a security boundary. See the [access control guide][acl_guide] for
+more information on how to protect Nomad cluster operations.
+
 [plugin]: /docs/configuration/plugin.html
 [docker_plugin]: /docs/drivers/docker.html#client-requirements
 [plugin_guide]: /docs/internals/plugins/index.html
+[acl_guide]: https://www.nomadproject.io/guides/security/acl.html