From f055fe5da2219b68f46c3c577d79fcfd7e79cfc6 Mon Sep 17 00:00:00 2001
From: Raja Grewal <rg_public@proton.me>
Date: Fri, 15 Dec 2023 08:33:36 +0000
Subject: [PATCH] Disable asynchronous I/O

io_uring creation is disabled for all processes. io_uring_setup always fails with -EPERM. Existing io_uring instances can still be used.
---
 usr/lib/sysctl.d/990-security-misc.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/usr/lib/sysctl.d/990-security-misc.conf b/usr/lib/sysctl.d/990-security-misc.conf
index 04e9e31..f660d54 100644
--- a/usr/lib/sysctl.d/990-security-misc.conf
+++ b/usr/lib/sysctl.d/990-security-misc.conf
@@ -67,6 +67,9 @@ kernel.randomize_va_space=2
 kernel.unprivileged_bpf_disabled=1
 net.core.bpf_jit_harden=2
 
+## Disable asynchronous I/O for all processes.
+kernel.io_uring_disabled=2
+
 #### meta start
 #### project Kicksecure
 #### category networking and security