diff options
| author | Alois Wohlschlager <alois1@gmx-topmail.de> | 2024-07-01 09:18:01 +0200 |
|---|---|---|
| committer | Alois Wohlschlager <alois1@gmx-topmail.de> | 2024-07-25 18:24:45 +0200 |
| commit | e7188e211a5a2ac0ba34635a846569560bb5f000 (patch) | |
| tree | 4d42560d44069fb8a4ecc43d983d0c5956302832 /doc/manual | |
| parent | 127ee1a101e3f5ebab39ad98cbe58fefcd52eca5 (diff) | |
libstore/build: block io_uring
Unfortunately, io_uring is totally opaque to seccomp, and while currently there
are no dangerous operations implemented, there is no guarantee that it remains
this way. This means that io_uring should be blocked entirely to ensure that
the sandbox is future-proof. This has not been observed to cause issues in
practice.
Change-Id: I45d3895f95abe1bc103a63969f444c334dbbf50d
Diffstat (limited to 'doc/manual')
| -rw-r--r-- | doc/manual/rl-next/block-io-uring.md | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/doc/manual/rl-next/block-io-uring.md b/doc/manual/rl-next/block-io-uring.md new file mode 100644 index 000000000..6ebba9a20 --- /dev/null +++ b/doc/manual/rl-next/block-io-uring.md @@ -0,0 +1,12 @@ +--- +synopsis: "Block io_uring in the Linux sandbox" +cls: 1611 +credits: alois31 +category: Breaking Changes +--- + +The io\_uring API has the unfortunate property that it is not possible to selectively decide which operations should be allowed. +This, together with the fact that new operations are routinely added, makes it a hazard to the proper function of the sandbox. + +Therefore, any access to io\_uring has been made unavailable inside the sandbox. +As such, attempts to execute any system calls forming part of this API will fail with the error `ENOSYS`, as if io\_uring support had not been configured into the kernel. |