mirror of
https://github.com/cloud-hypervisor/cloud-hypervisor.git
synced 2024-12-22 13:45:20 +00:00
docs: Minor doc update
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
This commit is contained in:
parent
be9f57dcf9
commit
026e2c6aa8
@ -27,16 +27,13 @@ $ sudo dmesg | grep -w landlock
|
|||||||
```
|
```
|
||||||
Linux kernel confirms Landlock support with above message in dmesg.
|
Linux kernel confirms Landlock support with above message in dmesg.
|
||||||
|
|
||||||
## Implementation Details
|
|
||||||
|
|
||||||
To enable Landlock, Cloud-Hypervisor process needs the full list of files it
|
|
||||||
needs to access over its lifetime. Most of these files are received as VM
|
|
||||||
Configuration (`struct VmConfig`). Landlock is enabled in `vm_create` stage, as
|
|
||||||
this is the earliest stage in guest boot sequence which has access to guest's
|
|
||||||
VM Configuration.
|
|
||||||
|
|
||||||
## Enable Landlock
|
## Enable Landlock
|
||||||
|
|
||||||
|
At the time of enabling Landlock, Cloud-Hypervisor process needs the complete
|
||||||
|
list of files it accesses over its lifetime. So, Landlock is enabled `vm_create`
|
||||||
|
stage of guest boot.
|
||||||
|
|
||||||
|
### Command Line
|
||||||
Append `--landlock` to Cloud-Hypervisor's command line to enable Landlock
|
Append `--landlock` to Cloud-Hypervisor's command line to enable Landlock
|
||||||
support.
|
support.
|
||||||
|
|
||||||
@ -44,6 +41,28 @@ If you expect guest to access additional paths after it boots
|
|||||||
(ex: during hotplug), those paths can be passed using `--landlock-rules` command
|
(ex: during hotplug), those paths can be passed using `--landlock-rules` command
|
||||||
line parameter.
|
line parameter.
|
||||||
|
|
||||||
|
### API
|
||||||
|
Landlock can also be enabled during `vm.create` request by passing a config like below:
|
||||||
|
|
||||||
|
```
|
||||||
|
{
|
||||||
|
...
|
||||||
|
"landlock_enable": true,
|
||||||
|
"landlock_rules": [
|
||||||
|
{
|
||||||
|
"path": "/tmp/disk1",
|
||||||
|
"access": "rw"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"path": "/tmp/disk2",
|
||||||
|
"access": "rw"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
...
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
## Usage Examples
|
## Usage Examples
|
||||||
|
|
||||||
To enable Landlock:
|
To enable Landlock:
|
||||||
|
Loading…
Reference in New Issue
Block a user