include /etc/firejail/disable-common.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/whitelist-var-common.inc
caps.drop all
net none
no3d
nodvd
nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix
seccomp
shell none
I cant open my passwords on USB anymore. Must run “firejail --noprofile keepassxc” in order to see them and use…So it’s definitely something with firejail profile
2.2.4 needs this path when compiled with “Native messaging browser extension”
noblacklist ${HOME}/.mozilla
blacklist /run/user/*/bus
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/whitelist-var-common.inc
caps.drop all
machine-id
net none
no3d
nodvd
nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix
seccomp
shell none
Thank you for finding a solution for this problem that certainly has annoyed me for quite a while!
One thing I’d like to add: If I understand correctly, the file /etc/firejail/keepassxc.profile gets overwritten with each apt full-upgrade (please correct me if I’m wrong).
I recommend creating a local firejail profile that overrides the system default and saving it as:
~/.config/firejail/keepassxc.profile
What I did was:
copy /etc/firejail/keepassxc.profile into ~/.config/firejail/
open ~.config/firejail/keepassxc.profile and comment the line where it says “memory-deny-write-execute” (as you, @jarfr, described) and saved it.
open keepassxc - and it worked.
I do not know, though, how much this might weaken the sandbox - maybe there is a better solution?
Thanks Jarfr very much!
I dont know how much this might weaken the sandbox, and how much is sanbox needed for keepassxc…I know and understand need for sandboxing browserS, but isn’t database as much safe as is its master password? If someone can compromise my keepassxc database when its opened, whats use of sanboxing it?