Re: [PATCH] tools/start-vmm: enable Cloud Hypervisor landlock

10 Nov 2025

On 11/10/25 13:49, Alyssa Ross wrote:
...
We can't really predict the device paths or IOMMU groups statically,
so this is as good as it gets with landlock rules.  We'll be able to
do other things to further lock things down though, like running
different Cloud Hypervisor instances as different users, and changing
ownership of each IOMMU group in /dev/vfio/vfio to match.
QEMU supports passing all the needed files via file descriptors, which
might avoid this problem.  It would require changes to Cloud Hypervisor,
though.
...
Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 tools/start-vmm/ch.rs  |  8 ++++++++
 tools/start-vmm/lib.rs | 15 +++++++++++++--
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/tools/start-vmm/ch.rs b/tools/start-vmm/ch.rs
index 80e75dc..ed2d457 100644
--- a/tools/start-vmm/ch.rs
+++ b/tools/start-vmm/ch.rs
@@ -69,6 +69,12 @@ pub struct VsockConfig {
     pub socket: String,
 }
+#[derive(Serialize)]
+pub struct LandlockConfig {
+    pub path: String,
+    pub access: &'static str,
+}
+
 #[derive(Serialize)]
 pub struct VmConfig {
     pub console: ConsoleConfig,
@@ -80,6 +86,8 @@ pub struct VmConfig {
     pub payload: PayloadConfig,
     pub serial: ConsoleConfig,
     pub vsock: VsockConfig,
+    pub landlock_enable: bool,
+    pub landlock_rules: Vec<LandlockConfig>,
 }
fn command(vm_dir: &Path, s: impl AsRef<OsStr>) -> Command {
diff --git a/tools/start-vmm/lib.rs b/tools/start-vmm/lib.rs
index 5dc5ae7..9a77780 100644
--- a/tools/start-vmm/lib.rs
+++ b/tools/start-vmm/lib.rs
@@ -14,8 +14,8 @@ use std::io::{self, ErrorKind};
 use std::path::Path;
use ch::{
-    ConsoleConfig, DiskConfig, FsConfig, GpuConfig, MemoryConfig, PayloadConfig, VmConfig,
-    VsockConfig,
+    ConsoleConfig, DiskConfig, FsConfig, GpuConfig, LandlockConfig, MemoryConfig, PayloadConfig,
+    VmConfig, VsockConfig,
 };
 use net::net_setup;
@@ -130,6 +130,17 @@ pub fn vm_config(vm_dir: &Path) -> Result<VmConfig, String> {
             cid: 3,
             socket: vm_dir.join("vsock").into_os_string().into_string().unwrap(),
         },
+        landlock_enable: true,
+        landlock_rules: vec![
+            LandlockConfig {
+                path: "/sys/devices".to_owned(),
+                access: "rw",
+            },
+            LandlockConfig {
+                path: "/dev/vfio".to_owned(),
+                access: "rw",
+            },
+        ],
     })
 }
base-commit: 50f8db9cec022a60ea978bfdde0904a18718d161
I don't have much context for this, but the change itself
looks good.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)

    