dsg/cloud-hypervisor
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

vmm: tighten landlock rule for PmemConfig

Browse source 
when discard_writes is true, only grant read access in landlock

Signed-off-by: Andrew Consroe <aconz2@gmail.com>
This commit is contained in:
Andrew Consroe 2025-03-18 16:16:04 -05:00 committed by Wei Liu
parent 5aa1540c5d
commit a38b4c7f17
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
vmm/src/vm_config.rs
View file

@ -486,7 +486,8 @@ pub struct PmemConfig {
impl ApplyLandlock for PmemConfig {
fn apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()> {
landlock.add_rule_with_access(self.file.to_path_buf(), "rw")?;
let access = if self.discard_writes { "r" } else { "rw" };
landlock.add_rule_with_access(self.file.to_path_buf(), access)?;
Ok(())
}
}