[$] Operations restrictions for io_uring

The io_uring subsystem is not much over oneyear old, having been merged for the 5.1 kernel in May 2019. It wasinitially added as a better way to perform asynchronous I/O from user space; over time it has gained numerous features and supportfor functionality beyond just moving bits around. What it has not yet gainedis any sort of security mechanism beyond what the kernel already providesfor the underlying system calls. That may be about to change, though, asthe result of thispatch set from Stefano Garzarella adding a set of user-configurablerestrictions to io_uring.