Comment by superb_dev 6 months ago Why do they disable io_uring? 2 comments superb_dev Reply arianvanp 6 months ago Sandboxing like gvisor is based on syscalls and iouring makes your code syscallless alpb 6 months ago Security reasons. https://news.ycombinator.com/item?id=44632240 There are also other edge cases around cgroups accounting that renders some isolation/throttling mechanisms not fully effective.
arianvanp 6 months ago Sandboxing like gvisor is based on syscalls and iouring makes your code syscallless
alpb 6 months ago Security reasons. https://news.ycombinator.com/item?id=44632240 There are also other edge cases around cgroups accounting that renders some isolation/throttling mechanisms not fully effective.
Sandboxing like gvisor is based on syscalls and iouring makes your code syscallless
Security reasons. https://news.ycombinator.com/item?id=44632240 There are also other edge cases around cgroups accounting that renders some isolation/throttling mechanisms not fully effective.