top | item 46518792

(no title)

We also wrote up a very concise, high-level summary here, if you want the short version: https://toziegler.github.io/2025-12-08-io-uring/

discuss

topspin|1 month ago

In your high level "You might not want to use it if" points, you mention Docker but not why, and that's odd. I happen to know why: io_uring syscalls are blocked by default in Docker, because io_uring is a large surface area for attacks, and this has proven to be a real problem in practice. Others won't know this, however. They also won't know that io_uring is similarly blocked in widely used cloud sandboxes, Android, and elsewhere. Seems like a fine place to point this stuff out: anyone considering io_uring would want to know about these issues.

melhindi|1 month ago

Very good point! You’re absolutely right: The fact that io_uring is blocked by default in Docker and other sandboxes due to security concerns is important context, and we should have mentioned it explicitly there. We'll update the post, and happy to incorporate any other caveats you think are worth calling out.

abc123def456|1 month ago

Do you know if this still applies if you run a docker container with host networking enabled?

hayd|1 month ago

Is this something likely to ever change?

scott_w|1 month ago

Thanks! This explained to me very simply what the benefits are in a way no article I’ve read before has.

to_ziegler|1 month ago

That’s great to hear! We are happy it helped.