Comment by accelbred
12 hours ago
It still does not hook up to seccomp, so needs to be blocked by things doing syscall filtering. Its blocked by docker/podman. It may also be disabled with hardened kconfig or selinux.
If it ever integrates with LSMs, then it may be time to give it another look.
I suppose landlock works with is_uring, doesn't it?