I'm trying to run io_uring inside a docker container on a vanilla ubuntu box, and wanted to check what permissions the container needed to run it properly.
By default, I see:
io_uring_queue_init: Operation not permitted [system:1]
And can get around that by running the docker container with:
--security-opt seccomp=unconfined
Doing that, sometimes I see hangs on suitably io-intensive programs, and remember a discussion a long while ago about memlock ulimits.
Is there a good set of parameters to run docker with that works?
Also, is it expected that an unconfined secomp is required to initialize a ring?
Good afternoon,
I'm trying to run io_uring inside a docker container on a vanilla ubuntu box, and wanted to check what permissions the container needed to run it properly.
By default, I see:
io_uring_queue_init: Operation not permitted [system:1]
And can get around that by running the docker container with:
--security-opt seccomp=unconfined
Doing that, sometimes I see hangs on suitably io-intensive programs, and remember a discussion a long while ago about
memlock
ulimits.Is there a good set of parameters to run docker with that works?
Also, is it expected that an unconfined secomp is required to initialize a ring?