dsg/cloud-hypervisor
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

vmm: fix landlock on aarch64

Browse source 
arch::aarch64::fdt::create_cpu_nodes will always look at this if it
exists.  (If it doesn't exist, this is a no-op —
add_rule_with_access() won't add rules for paths that don't exist.)

Fixes: b3e5738b4 ("vmm: Introduce ApplyLandlock trait")
Signed-off-by: Alyssa Ross <hi@alyssa.is>
This commit is contained in:
Alyssa Ross 2025-09-08 17:41:11 +02:00 committed by Rob Bradford
parent c7eac0f65a
commit 533d3a85d1
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
vmm/src/vm_config.rs
View file

@ -960,6 +960,11 @@ impl VmConfig {
pub(crate) fn apply_landlock(&self) -> LandlockResult<()> {
let mut landlock = Landlock::new()?;
#[cfg(target_arch = "aarch64")]
{
landlock.add_rule_with_access(Path::new("/sys/devices/system/cpu/cpu0/cache"), "r")?;
}
if let Some(mem_zones) = &self.memory.zones {
for zone in mem_zones.iter() {
zone.apply_landlock(&mut landlock)?;