alt Hacker NewsBoth Docker and containerd have started to block io_uring in the default profile for about a year now due to too many security issues with it.
Replies
hinkley • 10/11/2024
Has anyone speculated yet about how much slower a secure io_uring has to be? Is it still a net win once you lock it down fully?
➕ show 2 replies
And Google, in ChromeOS, Android, and purportedly, Google production servers, for around a year and a half, as well. For this reason it's also disabled in several of the kernelCTF configurations and in the ones where it remains (GKE), it only pays out at half-rate in bug bounty.