Bo Chen

Also, it is a separate issue that Cloud Hypervisor can not launch a guest when AMX is not enabled (default configuration) on a AMX capable host. I opened a new...

> Closing now, reopen if you encounter issue with above referred kernel as well. @rveerama1 The issue was closed by mistake. This feature requires changes from both kvm-bindings and Cloud...

@rveerama1 I just took a look at the upstream kvm-bindings and the main branch was already updated to kernel v6.2 that contains support for `KVM_CAP_XSAVE2` [1]. This is also true...

@russell-islam The changes are mainly MSHV exclusive. Can you please take a look first?

@praveen-pk Thank you for looking into this. Some questions below. Are we able to refine the ruleset for each child thread that was spawned after applying `landlock_restrict_self` in the main...

> Sounds sensible. I think you'll also need to consider VFIO device paths too. To extend this list, the following options may use a file: * memory-zone * pmem *...

> > Are we able to refine the ruleset for each child thread that was spawned after applying `landlock_restrict_self` in the main thread? Say, virtio-blk thread would only need to...

> > As a sandboxing tool, sounds like `minijail` can be used to enforce Landlock ruleset on Cloud Hypervisor at process level. What's the additional benefits of integrating landlock support...

PR also needs a rebase to trigger the GH actions of integration tests.

> ``` > + impl Default for GsiAllocator { > + fn default() -> Self { > + Self::new() > + } > + } > ``` > This should...