Consider removing io_uring syscalls in from RuntimeDefault #9048
Description
What is the problem you're trying to solve
Security experts generally believe io_uring to be unsafe. In fact Google ChromeOS and Android have turned it off, plus all Google production servers turn it off. Based on the blog published by Google below it seems like a bunch of vulnerabilities related to io_uring can be exploited to breakout of the container.
https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html.
Other security reaserchers also hold this opinion: see https://i.blackhat.com/BH-US-23/Presentations/US-23-Lin-bad_io_uring.pdf for a blackhat presentation on io_uring exploits.
I think we should consider disallowing io_uring in the RuntimeDefault profile.
Describe the solution you'd like
io_uring_enter, io_uring_setup and io_uring_register are removed from the RuntimeDefault(https://github.com/containerd/containerd/blob/main/contrib/seccomp/seccomp_default.go) profile.
Additional context
https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html.
https://i.blackhat.com/BH-US-23/Presentations/US-23-Lin-bad_io_uring.pdf