Get the latest tech news
Io_uring and seccomp (2022)
T-Minus 15.193792102158E+9 years until the universe closes!
You can read the results off another buffer called the completion queue without making additional syscalls to the kernel. Suppose we want to prevent our application from making outbound network requests by blocking the connect(2) syscall. It turns out you can setup io_uring with an allowlist (counterintuitively referred to as a "restriction"), and this is supported by the io_uring crate we used above if we dig enough to find the method.
Or read this on Hacker News