Initial support for landlock

Fixes: #73

Signed-off-by: Morten Linderud <[email protected]>

Author: Foxboron

agent/agent.go

@@ -275,17 +275,11 @@ func (a *Agent) AddKey(k *key.SSHTPMKey) error {
 	return nil
 }
 
-func (a *Agent) LoadKeys(keyDir string) error {
+func (a *Agent) LoadKeys(keys []key.SSHTPMKeys) {
 	slog.Debug("called loadkeys")
 	a.mu.Lock()
 	defer a.mu.Unlock()
-	keys, err := LoadKeys(keyDir)
-	if err != nil {
-		return err
-	}
-
-	a.keys = keys
-	return nil
+	a.keys = append(a.keys, keys...)
 }
 
 func (a *Agent) AddHierarchyKeys(hier string) error {

askpass/askpass.go

@@ -162,7 +162,7 @@ func SshAskPass(prompt, hint string) ([]byte, error) {
 	}
 
 	if err != nil {
-		return []byte{}, nil
+		return []byte{}, err
 	}
 	return bytes.TrimSpace(out), nil
 }

cmd/ssh-tpm-add/main.go

@@ -11,10 +11,12 @@ import (
 	"strings"
 
 	"github.com/foxboron/ssh-tpm-agent/agent"
+	"github.com/foxboron/ssh-tpm-agent/internal/lsm"
 	"github.com/foxboron/ssh-tpm-agent/key"
 	"github.com/foxboron/ssh-tpm-agent/utils"
 	"github.com/foxboron/ssh-tpm-ca-authority/client"
 	"github.com/google/go-tpm/tpm2/transport/linuxtpm"
+	"github.com/landlock-lsm/go-landlock/landlock"
 	"golang.org/x/crypto/ssh"
 	sshagent "golang.org/x/crypto/ssh/agent"
 )
@@ -41,9 +43,7 @@ func main() {
 		fmt.Println(usage)
 	}
 
-	var (
-		caURL, host, user string
-	)
+	var caURL, host, user string
 
 	flag.StringVar(&caURL, "ca", "", "ca authority")
 	flag.StringVar(&host, "host", "", "ssh hot")
@@ -56,6 +56,32 @@ func main() {
 		os.Exit(1)
 	}
 
+	lsm.RestrictAdditionalPaths(landlock.RWFiles(socket))
+
+	var ignorefile bool
+	var paths []string
+	if len(os.Args) == 1 {
+		sshdir := utils.SSHDir()
+		paths = []string{
+			fmt.Sprintf("%s/id_ecdsa.tpm", sshdir),
+			fmt.Sprintf("%s/id_rsa.tpm", sshdir),
+		}
+		ignorefile = true
+	} else if len(os.Args) != 1 {
+		paths = os.Args[1:]
+	}
+
+	lsm.RestrictAdditionalPaths(
+		// RW on socket
+		landlock.RWFiles(socket),
+		// RW on files we should encode/decode
+		landlock.RWFiles(paths...),
+	)
+
+	if err := lsm.Restrict(); err != nil {
+		log.Fatal(err)
+	}
+
 	conn, err := net.Dial("unix", socket)
 	if err != nil {
 		log.Fatal(err)
@@ -88,19 +114,6 @@ func main() {
 		os.Exit(0)
 	}
 
-	var ignorefile bool
-	var paths []string
-	if len(os.Args) == 1 {
-		sshdir := utils.SSHDir()
-		paths = []string{
-			fmt.Sprintf("%s/id_ecdsa.tpm", sshdir),
-			fmt.Sprintf("%s/id_rsa.tpm", sshdir),
-		}
-		ignorefile = true
-	} else if len(os.Args) != 1 {
-		paths = os.Args[1:]
-	}
-
 	for _, path := range paths {
 		b, err := os.ReadFile(path)
 		if err != nil {

cmd/ssh-tpm-agent/main.go

@@ -17,9 +17,11 @@ import (
 	"github.com/foxboron/ssh-tpm-agent/agent"
 	"github.com/foxboron/ssh-tpm-agent/askpass"
 	"github.com/foxboron/ssh-tpm-agent/internal/keyring"
+	"github.com/foxboron/ssh-tpm-agent/internal/lsm"
 	"github.com/foxboron/ssh-tpm-agent/key"
 	"github.com/foxboron/ssh-tpm-agent/utils"
 	"github.com/google/go-tpm/tpm2/transport"
+	"github.com/landlock-lsm/go-landlock/landlock"
 	sshagent "golang.org/x/crypto/ssh/agent"
 	"golang.org/x/term"
 )
@@ -180,6 +182,7 @@ func main() {
 	var agents []sshagent.ExtendedAgent
 
 	for _, s := range sockets.Value {
+		lsm.RestrictAdditionalPaths(landlock.RWFiles(s))
 		conn, err := net.Dial("unix", s)
 		if err != nil {
 			slog.Error(err.Error())
@@ -188,6 +191,8 @@ func main() {
 		agents = append(agents, sshagent.NewClient(conn))
 	}
 
+	// Ensure we can rw socket path
+	lsm.RestrictAdditionalPaths(landlock.RWFiles(socketPath))
 	listener, err := createListener(socketPath)
 	if err != nil {
 		slog.Error("creating listener", slog.String("error", err.Error()))
@@ -203,6 +208,21 @@ func main() {
 		log.Fatal(err)
 	}
 
+	// We need to pre-read all the keys before we run landlock
+	var keys []key.SSHTPMKeys
+	if !noLoad {
+		keys, err = agent.LoadKeys(keyDir)
+		if err != nil {
+			log.Fatalf("can't preload keys from ~/.ssh: %v", err)
+		}
+	}
+
+	// Try to landlock everything before we run the agent
+	lsm.RestrictAgentFiles()
+	if err := lsm.Restrict(); err != nil {
+		log.Fatal(err)
+	}
+
 	agent := agent.NewAgent(listener, agents,
 
 		// Keyring Callback
@@ -243,6 +263,7 @@ func main() {
 				keyInfo := fmt.Sprintf("Enter passphrase for (%s): ", key.GetDescription())
 				// TODOt kjk: askpass should box the byte slice
 				userauth, err := askpass.ReadPassphrase(keyInfo, askpass.RP_USE_ASKPASS)
+				fmt.Println(err)
 				if !noCache && err == nil {
 					slog.Debug("caching userauth for key in keyring", slog.String("fp", key.Fingerprint()))
 					if err := agentkeyring.AddKey(key.Fingerprint(), userauth); err != nil {
@@ -266,9 +287,7 @@ func main() {
 	}()
 
 	if !noLoad {
-		if err := agent.LoadKeys(keyDir); err != nil {
-			slog.Error("loading keys", slog.String("error", err.Error()))
-		}
+		agent.LoadKeys(keys)
 	}
 
 	if hierarchy != "" {

go.mod

@@ -10,6 +10,7 @@ require (
 	github.com/foxboron/ssh-tpm-ca-authority v0.0.0-20240831163633-e92b30331d2d
 	github.com/google/go-tpm v0.9.3
 	github.com/google/go-tpm-tools v0.4.4
+	github.com/landlock-lsm/go-landlock v0.0.0-20241014143150-479ddab4c04c
 	github.com/rogpeppe/go-internal v1.13.1
 	golang.org/x/crypto v0.36.0
 	golang.org/x/sys v0.31.0
@@ -20,11 +21,12 @@ require (
 require (
 	github.com/coreos/go-oidc/v3 v3.12.0 // indirect
 	github.com/go-jose/go-jose/v3 v3.0.3 // indirect
-	github.com/go-jose/go-jose/v4 v4.0.4 // indirect
-	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
+	github.com/go-jose/go-jose/v4 v4.0.2 // indirect
+	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
 	github.com/segmentio/ksuid v1.0.4 // indirect
 	github.com/sigstore/sigstore v1.8.15 // indirect
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
 	golang.org/x/oauth2 v0.26.0 // indirect
 	golang.org/x/tools v0.22.0 // indirect
+	kernel.org/pub/linux/libs/security/libcap/psx v1.2.70 // indirect
 )

go.sum

@@ -5,8 +5,6 @@ github.com/coreos/go-oidc/v3 v3.12.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDh
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/foxboron/go-tpm-keyfiles v0.0.0-20250316175136-9675e468e3e2 h1:NAAT+tsS5ZgJ1n+ZP3zAPHbD9HRxGEd4xZhNoO03/So=
-github.com/foxboron/go-tpm-keyfiles v0.0.0-20250316175136-9675e468e3e2/go.mod h1:uAyTlAUxchYuiFjTHmuIEJ4nGSm7iOPaGcAyA81fJ80=
 github.com/foxboron/go-tpm-keyfiles v0.0.0-20250318194951-cba49fbf70fa h1:2wXSGCPVpdFEi+SjcY1+SY0A0a1nbFzz/3HYuirLpX0=
 github.com/foxboron/go-tpm-keyfiles v0.0.0-20250318194951-cba49fbf70fa/go.mod h1:uAyTlAUxchYuiFjTHmuIEJ4nGSm7iOPaGcAyA81fJ80=
 github.com/foxboron/ssh-tpm-ca-authority v0.0.0-20240831163633-e92b30331d2d h1:hz0L1k0eZgHkJIgFj3Uyd0LSn7UXIwWJq9Xjj/8iGJM=
@@ -15,8 +13,8 @@ github.com/foxboron/swtpm_test v0.0.0-20230726224112-46aaafdf7006 h1:50sW4r0Pcvl
 github.com/foxboron/swtpm_test v0.0.0-20230726224112-46aaafdf7006/go.mod h1:eIXCMsMYCaqq9m1KSSxXwQG11krpuNPGP3k0uaWrbas=
 github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k=
 github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
-github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E=
-github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc=
+github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk=
+github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
 github.com/go-rod/rod v0.116.2 h1:A5t2Ky2A+5eD/ZJQr1EfsQSe5rms5Xof/qj296e+ZqA=
 github.com/go-rod/rod v0.116.2/go.mod h1:H+CMO9SCNc2TJ2WfrG+pKhITz57uGNYU43qYHh438Mg=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
@@ -38,10 +36,12 @@ github.com/google/logger v1.1.1 h1:+6Z2geNxc9G+4D4oDO9njjjn2d0wN5d7uOo0vOIW1NQ=
 github.com/google/logger v1.1.1/go.mod h1:BkeJZ+1FhQ+/d087r4dzojEg1u2ZX+ZqG1jTUrLM+zQ=
 github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
 github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/landlock-lsm/go-landlock v0.0.0-20241014143150-479ddab4c04c h1:nwPp7v5drD5P9tUDUGF5P6Mrg7qb/oCEJBmmjlMIwG0=
+github.com/landlock-lsm/go-landlock v0.0.0-20241014143150-479ddab4c04c/go.mod h1:RSub3ourNF8Hf+swvw49Catm3s7HVf4hzdFxDUnEzdA=
 github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw=
 github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
-github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
-github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
+github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU=
+github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@@ -91,9 +91,9 @@ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
@@ -127,3 +127,5 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+kernel.org/pub/linux/libs/security/libcap/psx v1.2.70 h1:HsB2G/rEQiYyo1bGoQqHZ/Bvd6x1rERQTNdPr1FyWjI=
+kernel.org/pub/linux/libs/security/libcap/psx v1.2.70/go.mod h1:+l6Ee2F59XiJ2I6WR5ObpC1utCQJZ/VLsEbQCD8RG24=

internal/lsm/lsm.go

@@ -0,0 +1,53 @@
+package lsm
+
+import (
+	"log/slog"
+	"os"
+
+	"github.com/foxboron/ssh-tpm-agent/askpass"
+	"github.com/landlock-lsm/go-landlock/landlock"
+)
+
+var rules []landlock.Rule
+
+func HasLandlock() bool {
+	_, ok := os.LookupEnv("SSH_TPM_LANDLOCK")
+	return ok
+}
+
+func RestrictAdditionalPaths(r ...landlock.Rule) {
+	rules = append(rules, r...)
+}
+
+func RestrictAgentFiles() {
+	RestrictAdditionalPaths(
+		// Probably what we need to do for most askpass binaries
+		landlock.RWDirs(
+			"/usr/lib",
+		).IgnoreIfMissing(),
+		// Default Go paths
+		landlock.ROFiles(
+			"/proc/sys/net/core/somaxconn",
+			"/etc/localtime",
+			"/dev/null",
+		),
+		// We almost always want to read the TPM
+		landlock.RWFiles(
+			"/dev/tpm0",
+			"/dev/tpmrm0",
+		),
+		// Ensure we can read+exec askpass binaries
+		landlock.ROFiles(
+			askpass.SSH_ASKPASS_DEFAULTS...,
+		).IgnoreIfMissing(),
+	)
+}
+
+func Restrict() error {
+	slog.Debug("sandboxing with landlock")
+	for _, r := range rules {
+		slog.Debug("landlock", slog.Any("rule", r))
+	}
+	landlock.V5.BestEffort().RestrictNet()
+	return landlock.V5.BestEffort().RestrictPaths(rules...)
+}