Comment by Asmod4n 7 months ago There should be no issue with disabling it altogether by banning its setup and usage syscalls. 4 comments Asmod4n Reply holowoodman 7 months ago Which would be prone to misconfiguration, accidents and exploits. Better to not include it at all. Asmod4n 7 months ago Are you saying it’s impossible to misuse disabling the accept syscall but it’s prone to misconfiguration with disabling io_uring_enter? holowoodman 7 months ago I'm saying that just compiling a kernel with stuff not compiled in is misuse-proof. That way you can disable io_uring entirely (but not accept()). accelbred 7 months ago Yup, but that leads to io-uring devs complaining that people dislike software using io-uring because it doesn't run in containers/etc blocking io-uring entirely
holowoodman 7 months ago Which would be prone to misconfiguration, accidents and exploits. Better to not include it at all. Asmod4n 7 months ago Are you saying it’s impossible to misuse disabling the accept syscall but it’s prone to misconfiguration with disabling io_uring_enter? holowoodman 7 months ago I'm saying that just compiling a kernel with stuff not compiled in is misuse-proof. That way you can disable io_uring entirely (but not accept()).
Asmod4n 7 months ago Are you saying it’s impossible to misuse disabling the accept syscall but it’s prone to misconfiguration with disabling io_uring_enter? holowoodman 7 months ago I'm saying that just compiling a kernel with stuff not compiled in is misuse-proof. That way you can disable io_uring entirely (but not accept()).
holowoodman 7 months ago I'm saying that just compiling a kernel with stuff not compiled in is misuse-proof. That way you can disable io_uring entirely (but not accept()).
accelbred 7 months ago Yup, but that leads to io-uring devs complaining that people dislike software using io-uring because it doesn't run in containers/etc blocking io-uring entirely
Which would be prone to misconfiguration, accidents and exploits. Better to not include it at all.
Are you saying it’s impossible to misuse disabling the accept syscall but it’s prone to misconfiguration with disabling io_uring_enter?
I'm saying that just compiling a kernel with stuff not compiled in is misuse-proof. That way you can disable io_uring entirely (but not accept()).
Yup, but that leads to io-uring devs complaining that people dislike software using io-uring because it doesn't run in containers/etc blocking io-uring entirely