The io_uring subsystem is not much over one
year old, having been merged for the 5.1 kernel in May 2019. It was
initially added as a better way to perform asynchronous
I/O from user space; over time it has gained numerous features and support
for functionality beyond just moving bits around. What it has not yet gained
is any sort of security mechanism beyond what the kernel already provides
for the underlying system calls. That may be about to change, though, as
the result of this
patch set from Stefano Garzarella adding a set of user-configurable
restrictions to io_uring.

Source: LWN.net – [$] Operations restrictions for io_uring