On 11/10/25 13:49, Alyssa Ross wrote:
> We can't really predict the device paths or IOMMU groups statically,
> so this is as good as it gets with landlock rules.  We'll be able to
> do other things to further lock things down though, like running
> different Cloud Hypervisor instances as different users, and changing
> ownership of each IOMMU group in /dev/vfio/vfio to match.

QEMU supports passing all the needed files via file descriptors, which
might avoid this problem.  It would require changes to Cloud Hypervisor,
though.

> Signed-off-by: Alyssa Ross <hi@alyssa.is>
> ---
>  tools/start-vmm/ch.rs  |  8 ++++++++
>  tools/start-vmm/lib.rs | 15 +++++++++++++--
>  2 files changed, 21 insertions(+), 2 deletions(-)
> 
> diff --git a/tools/start-vmm/ch.rs b/tools/start-vmm/ch.rs
> index 80e75dc..ed2d457 100644
> --- a/tools/start-vmm/ch.rs
> +++ b/tools/start-vmm/ch.rs
> @@ -69,6 +69,12 @@ pub struct VsockConfig {
>      pub socket: String,
>  }
>  
> +#[derive(Serialize)]
> +pub struct LandlockConfig {
> +    pub path: String,
> +    pub access: &'static str,
> +}
> +
>  #[derive(Serialize)]
>  pub struct VmConfig {
>      pub console: ConsoleConfig,
> @@ -80,6 +86,8 @@ pub struct VmConfig {
>      pub payload: PayloadConfig,
>      pub serial: ConsoleConfig,
>      pub vsock: VsockConfig,
> +    pub landlock_enable: bool,
> +    pub landlock_rules: Vec<LandlockConfig>,
>  }
>  
>  fn command(vm_dir: &Path, s: impl AsRef<OsStr>) -> Command {
> diff --git a/tools/start-vmm/lib.rs b/tools/start-vmm/lib.rs
> index 5dc5ae7..9a77780 100644
> --- a/tools/start-vmm/lib.rs
> +++ b/tools/start-vmm/lib.rs
> @@ -14,8 +14,8 @@ use std::io::{self, ErrorKind};
>  use std::path::Path;
>  
>  use ch::{
> -    ConsoleConfig, DiskConfig, FsConfig, GpuConfig, MemoryConfig, PayloadConfig, VmConfig,
> -    VsockConfig,
> +    ConsoleConfig, DiskConfig, FsConfig, GpuConfig, LandlockConfig, MemoryConfig, PayloadConfig,
> +    VmConfig, VsockConfig,
>  };
>  use net::net_setup;
>  
> @@ -130,6 +130,17 @@ pub fn vm_config(vm_dir: &Path) -> Result<VmConfig, String> {
>              cid: 3,
>              socket: vm_dir.join("vsock").into_os_string().into_string().unwrap(),
>          },
> +        landlock_enable: true,
> +        landlock_rules: vec![
> +            LandlockConfig {
> +                path: "/sys/devices".to_owned(),
> +                access: "rw",
> +            },
> +            LandlockConfig {
> +                path: "/dev/vfio".to_owned(),
> +                access: "rw",
> +            },
> +        ],
>      })
>  }
>  
> 
> base-commit: 50f8db9cec022a60ea978bfdde0904a18718d161

I don't have much context for this, but the change itself
looks good.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)