io_uring_register_restrictions(3) liburing Manual io_uring_register_restrictions(3)

io_uring_register_restrictions - register restrictions with io_uring

#include <liburing.h>
int io_uring_register_restrictions(struct io_uring *ring,
                                   struct io_uring_restriction *res,
                                   unsigned int nr_res);

The io_uring_register_restrictions(3) function registers restrictions with the io_uring instance specified by ring. The res argument is a pointer to an array of struct io_uring_restriction of nr_res entries.

Restrictions allow limiting which opcodes, register operations, or SQE flags are allowed on a ring. This can be used to sandbox io_uring usage.

Restrictions can only be registered if the io_uring ring was started in a disabled state (with IORING_SETUP_R_DISABLED specified in the call to io_uring_setup(2)). All restrictions must be registered in a single call before enabling the ring with io_uring_enable_rings(3).

See io_uring_register(2) for a description of the IORING_REGISTER_RESTRICTIONS operation and the restriction structure.

Returns 0 on success. On error, a negative errno value is returned.

io_uring_enable_rings(3), io_uring_register(2), io_uring_setup(2)

January 18, 2025 liburing-2.4