Gabriel Krisman Bertazi <krisman@xxxxxxx> writes: > Matteo Rizzo <matteorizzo@xxxxxxxxxx> writes: > >> diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst >> index d85d90f5d000..3c53a238332a 100644 >> --- a/Documentation/admin-guide/sysctl/kernel.rst >> +++ b/Documentation/admin-guide/sysctl/kernel.rst >> @@ -450,6 +450,20 @@ this allows system administrators to override the >> ``IA64_THREAD_UAC_NOPRINT`` ``prctl`` and avoid logs being flooded. >> >> >> +io_uring_disabled >> +========================= >> + >> +Prevents all processes from creating new io_uring instances. Enabling this >> +shrinks the kernel's attack surface. >> + >> += ============================================================= >> +0 All processes can create io_uring instances as normal. This is the default >> + setting. >> +1 io_uring is disabled. io_uring_setup always fails with -EPERM. Existing >> + io_uring instances can still be used. >> += ============================================================= > > I had an internal request for something like this recently. If we go > this route, we could use a intermediary option that limits io_uring > to root processes only. This is all regrettable, but this option makes the most sense to me. Testing for CAP_SYS_ADMIN or CAP_SYS_RAW_IO would work for that third option, I think. -Jeff
