←back to thread

Io_uring, kTLS and Rust for zero syscall HTTPS server

(blog.habets.se)
495 points guntars | 5 comments | 22 Aug 25 03:51 UTC | HN request time: 0.803s | source
1. alde ◴[22 Aug 25 14:30 UTC] No.44985140[source]
Unfortunately io_uring is disabled by default on most cloud workload orchestrators, like CloudRun, GKE, EKS and even local Docker. Hope this will change soon, but until then it will remain very niche.
replies(2): >>44986488 #>>44988690 #
2. nicce ◴[22 Aug 25 16:26 UTC] No.44986488[source]
Back to self-hosting!
3. superb_dev ◴[22 Aug 25 19:17 UTC] No.44988690[source]
Why do they disable io_uring?
replies(2): >>44990499 #>>44999134 #
4. arianvanp ◴[22 Aug 25 22:14 UTC] No.44990499[source]
Sandboxing like gvisor is based on syscalls and iouring makes your code syscallless
5. alpb ◴[23 Aug 25 21:05 UTC] No.44999134[source]
Security reasons. https://news.ycombinator.com/item?id=44632240 There are also other edge cases around cgroups accounting that renders some isolation/throttling mechanisms not fully effective.