docs: Minor doc update

Signed-off-by: Praveen K Paladugu <[email protected]>

docs/landlock.md

@@ -30,20 +30,42 @@ Linux kernel confirms Landlock support with above message in dmesg.
 ## Implementation Details
 
 To enable Landlock, Cloud-Hypervisor process needs the full list of files it
-needs to access over its lifetime. Most of these files are received as VM
-Configuration (`struct VmConfig`). Landlock is enabled in `vm_create` stage, as
+needs to access over its lifetime. Landlock is enabled in `vm_create` stage, as
 this is the earliest stage in guest boot sequence which has access to guest's
 VM Configuration.
 
 ## Enable Landlock
 
+### cmdline
 Append `--landlock` to Cloud-Hypervisor's command line to enable Landlock
 support.
 
 If you expect guest to access additional paths after it boots
 (ex: during hotplug), those paths can be passed using `--landlock-rules` command
 line parameter.
 
+### API
+Landlock can also be enabled during `vm.create` request by passing a config like below:
+
+```
+{
+...
+    "landlock_enable": true,
+    "landlock_config": [
+      {
+        "path": "/tmp/disk1",
+        "access": "rw"
+      },
+      {
+        "path": "/tmp/disk2",
+        "access": "rw"
+      }
+    ]
+...
+}
+```
+
+
 ## Usage Examples
 
 To enable Landlock: