liburing icon indicating copy to clipboard operation
liburing copied to clipboard

Published 20 hours ago verified publisher icon axboe

Permissions to run inside docker

Open bgemmill opened this issue 1 year ago • 1 comments
trafficstars

Good afternoon,

I'm trying to run io_uring inside a docker container on a vanilla ubuntu box, and wanted to check what permissions the container needed to run it properly.

By default, I see: io_uring_queue_init: Operation not permitted [system:1]

And can get around that by running the docker container with: --security-opt seccomp=unconfined

Doing that, sometimes I see hangs on suitably io-intensive programs, and remember a discussion a long while ago about memlock ulimits.

Is there a good set of parameters to run docker with that works?

Also, is it expected that an unconfined secomp is required to initialize a ring?

bgemmill avatar Mar 01 '24 20:03 bgemmill

The first part looks like a docker allow list issue.

bgemmill avatar Mar 08 '24 03:03 bgemmill