[PATCH] tools/start-vmm: enable Cloud Hypervisor landlock

10 Nov 2025

We can't really predict the device paths or IOMMU groups statically,
so this is as good as it gets with landlock rules.  We'll be able to
do other things to further lock things down though, like running
different Cloud Hypervisor instances as different users, and changing
ownership of each IOMMU group in /dev/vfio/vfio to match.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 tools/start-vmm/ch.rs  |  8 ++++++++
 tools/start-vmm/lib.rs | 15 +++++++++++++--
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/tools/start-vmm/ch.rs b/tools/start-vmm/ch.rs
index 80e75dc..ed2d457 100644
--- a/tools/start-vmm/ch.rs
+++ b/tools/start-vmm/ch.rs
@@ -69,6 +69,12 @@ pub struct VsockConfig {
     pub socket: String,
 }
 
+#[derive(Serialize)]
+pub struct LandlockConfig {
+    pub path: String,
+    pub access: &'static str,
+}
+
 #[derive(Serialize)]
 pub struct VmConfig {
     pub console: ConsoleConfig,
@@ -80,6 +86,8 @@ pub struct VmConfig {
     pub payload: PayloadConfig,
     pub serial: ConsoleConfig,
     pub vsock: VsockConfig,
+    pub landlock_enable: bool,
+    pub landlock_rules: Vec<LandlockConfig>,
 }
 
 fn command(vm_dir: &Path, s: impl AsRef<OsStr>) -> Command {
diff --git a/tools/start-vmm/lib.rs b/tools/start-vmm/lib.rs
index 5dc5ae7..9a77780 100644
--- a/tools/start-vmm/lib.rs
+++ b/tools/start-vmm/lib.rs
@@ -14,8 +14,8 @@ use std::io::{self, ErrorKind};
 use std::path::Path;
 
 use ch::{
-    ConsoleConfig, DiskConfig, FsConfig, GpuConfig, MemoryConfig, PayloadConfig, VmConfig,
-    VsockConfig,
+    ConsoleConfig, DiskConfig, FsConfig, GpuConfig, LandlockConfig, MemoryConfig, PayloadConfig,
+    VmConfig, VsockConfig,
 };
 use net::net_setup;
 
@@ -130,6 +130,17 @@ pub fn vm_config(vm_dir: &Path) -> Result<VmConfig, String> {
             cid: 3,
             socket: vm_dir.join("vsock").into_os_string().into_string().unwrap(),
         },
+        landlock_enable: true,
+        landlock_rules: vec![
+            LandlockConfig {
+                path: "/sys/devices".to_owned(),
+                access: "rw",
+            },
+            LandlockConfig {
+                path: "/dev/vfio".to_owned(),
+                access: "rw",
+            },
+        ],
     })
 }
 

base-commit: 50f8db9cec022a60ea978bfdde0904a18718d161
-- 
2.51.0

    