search

axboe / liburing

Library providing helpers for the Linux kernel io_uring support
MIT License
2.72k stars 393 forks source link

Permissions to run inside docker #1078

Open bgemmill opened 4 months ago

bgemmill commented 4 months ago

Good afternoon,

I'm trying to run io_uring inside a docker container on a vanilla ubuntu box, and wanted to check what permissions the container needed to run it properly.

By default, I see: io_uring_queue_init: Operation not permitted [system:1]

And can get around that by running the docker container with: --security-opt seccomp=unconfined

Doing that, sometimes I see hangs on suitably io-intensive programs, and remember a discussion a long while ago about memlock ulimits.

Is there a good set of parameters to run docker with that works?

Also, is it expected that an unconfined secomp is required to initialize a ring?

bgemmill commented 4 months ago

The first part looks like a docker allow list issue.