diff --git a/src/main.rs b/src/main.rs
index 0cf5b0fa0..8fffa7464 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -652,6 +652,7 @@ fn start_vmm(cmd_arguments: ArgMatches) -> Result<Option<String>, Error> {
     let vm_debug_evt = EventFd::new(EFD_NONBLOCK).map_err(Error::CreateDebugEventFd)?;
 
     let exit_evt = EventFd::new(EFD_NONBLOCK).map_err(Error::CreateExitEventFd)?;
+    let landlock_enable = cmd_arguments.get_flag("landlock");
 
     #[allow(unused_mut)]
     let mut event_monitor = cmd_arguments
@@ -721,6 +722,7 @@ fn start_vmm(cmd_arguments: ArgMatches) -> Result<Option<String>, Error> {
         vmm::start_event_monitor_thread(
             monitor,
             &seccomp_action,
+            landlock_enable,
             hypervisor.hypervisor_type(),
             exit_evt.try_clone().unwrap(),
         )
diff --git a/vmm/src/lib.rs b/vmm/src/lib.rs
index fa0ea4a15..584e781d1 100644
--- a/vmm/src/lib.rs
+++ b/vmm/src/lib.rs
@@ -18,6 +18,7 @@ use crate::config::{
 };
 #[cfg(all(target_arch = "x86_64", feature = "guest_debug"))]
 use crate::coredump::GuestDebuggable;
+use crate::landlock::Landlock;
 use crate::memory_manager::MemoryManager;
 #[cfg(all(feature = "kvm", target_arch = "x86_64"))]
 use crate::migration::get_vm_snapshot;
@@ -29,6 +30,7 @@ use anyhow::anyhow;
 use api::dbus::{DBusApiOptions, DBusApiShutdownChannels};
 use api::http::HttpApiHandle;
 use console_devices::{pre_create_console_devices, ConsoleInfo};
+use landlock::LandlockError;
 use libc::{tcsetattr, termios, EFD_NONBLOCK, SIGINT, SIGTERM, TCSANOW};
 use memory_manager::MemoryManagerSnapshotData;
 use pci::PciBdf;
@@ -196,6 +198,14 @@ pub enum Error {
 
     #[error("Failed to join on threads: {0:?}")]
     ThreadCleanup(std::boxed::Box<dyn std::any::Any + std::marker::Send>),
+
+    /// Cannot create Landlock object
+    #[error("Error creating landlock object: {0}")]
+    CreateLandlock(LandlockError),
+
+    /// Cannot apply landlock based sandboxing
+    #[error("Error applying landlock: {0}")]
+    ApplyLandlock(LandlockError),
 }
 pub type Result<T> = result::Result<T, Error>;
 
@@ -328,6 +338,7 @@ pub fn feature_list() -> Vec<String> {
 pub fn start_event_monitor_thread(
     mut monitor: event_monitor::Monitor,
     seccomp_action: &SeccompAction,
+    landlock_enable: bool,
     hypervisor_type: hypervisor::HypervisorType,
     exit_event: EventFd,
 ) -> Result<thread::JoinHandle<Result<()>>> {
@@ -348,6 +359,17 @@ pub fn start_event_monitor_thread(
                         e
                     })?;
             }
+            if landlock_enable {
+                Landlock::new()
+                    .map_err(Error::CreateLandlock)?
+                    .restrict_self()
+                    .map_err(Error::ApplyLandlock)
+                    .map_err(|e| {
+                        error!("Error applying landlock to event monitor thread: {:?}", e);
+                        exit_event.write(1).ok();
+                        e
+                    })?;
+            }
 
             std::panic::catch_unwind(AssertUnwindSafe(move || {
                 while let Ok(event) = monitor.rx.recv() {