Hacker News new | ask | show | jobs
by insanitybit 10 hours ago
It's still seccomp'd off in most environments because io-uring is still a seccomp bypass that doesn't play well with kernel security systems (audit subsystem), even if it weren't also like the #1 or #2 exploit vector for privesc.
1 comments
Asmod4n 7 hours ago
That’s solved as of last week, you can use cBPF now to disable functionality.
link
insanitybit 2 hours ago
How solved? AFAIK it's not meaningfully shipped but happy to hear otherwise.
link