disable io_uring without CAP_SYS_ADMIN or io_uring group

2025-06-02 13:35:12 -04:00 · 2024-07-01 23:11:17 -04:00 · 2024-07-01 23:11:17 -04:00 · 01201c0ece
commit 01201c0ece
parent 6e6957876e
2 changed files with 4 additions and 0 deletions
--- a/sysctl.d/local.conf
+++ b/sysctl.d/local.conf
@ -53,6 +53,9 @@ kernel.unprivileged_userns_clone = 0
 kernel.unprivileged_bpf_disabled = 1
 net.core.bpf_jit_harden = 2

+kernel.io_uring_disabled = 1
+kernel.io_uring_group = 2000
+
 kernel.kexec_load_disabled = 1

 fs.protected_regular = 2