UDFs can run as a containerized or non-containerized UDF. A containerized UDF runs in an Open Container Initiative (OCI) container that strictly controls access to machine resources such as disk, network, and memory. UDFs running in this environment have access only to resources that are specifically granted to the UDF through the container.

A non-containerized UDF lacks the access controls of the container to machine resources and allows UDF code to access server resources. After installing Vector, UDFs are all non-containerized. Additional steps are required to enable containerized UDFs.

Running within a container ensures UDFs have access only to resources that are specifically enabled for UDF access. Security concerns apply to Python UDFs as Vector imposes no limits on the Python code users can execute.

In a development or test environment, UDFs can run as non-containerized or containerized.