[Impact]
io_uring has been an important attack vector in the recent years in local privilege escalation attacks. Allowing admins that don't use io_uring to disable it in their systems allows them to reduce their attack surface.
[Test case]
sysctl -w kernel.io_uring_disabled=1
then try to use io_uring from an unprivileged user, then try it with privileges (CAP_SYS_ADMIN)
[Potential regression]
Uses can be denied from using io_uring.
[Impact]
io_uring has been an important attack vector in the recent years in local privilege escalation attacks. Allowing admins that don't use io_uring to disable it in their systems allows them to reduce their attack surface.
[Test case] io_uring_ disabled= 1
sysctl -w kernel.
then try to use io_uring from an unprivileged user, then try it with privileges (CAP_SYS_ADMIN)
[Potential regression]
Uses can be denied from using io_uring.