Hi, to the last update to Keepassxc i can’t open keepass file , i must do " /usr/bin/keepassxc" to open my keepass file , if someone can help , thx
What version of Parrot are you running? (security)
What method did you use to install Parrot? (Debian Standard
Configured to multiboot with other systems? ( no)
If there are any similar issues or solutions, link to them below:
If there are any error messages or relevant logs, post them below:
I think it’s keepassxc profile issue , but i don’t know resolv it , u can look keepassxc.profile :
include /etc/firejail/keepassxc.local
include /etc/firejail/globals.local
blacklist /run/user/*/bus
noblacklist ${HOME}/.kdb
noblacklist ${HOME}/.kdbx
noblacklist ${HOME}/.config/keepassxc
noblacklist ${HOME}/.keepassxc
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/whitelist-var-common.inc
caps.drop all
net none
no3d
nodvd
nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix
seccomp
shell none
private-bin keepassxc
private-dev
private-etc fonts,ld.so.cache,machine-id
private-tmp
memory-deny-write-execute
noexec ${HOME}
noexec /tmp
I cant open my passwords on USB anymore. Must run “firejail --noprofile keepassxc” in order to see them and use…So it’s definitely something with firejail profile
I’m not alone , so thx to give me your opinion. I’ll try to search a solution.
Hi! Did u find any solution yet?
I’m just post on Github , i’m waiting , So if @palinuro or other dev Parrot have a solution , we take it 
Hi , yes solution is here ! : Change in your keepassxc.profile :
include /etc/firejail/keepassxc.local
include /etc/firejail/globals.local
noblacklist ${HOME}/.kdb
noblacklist ${HOME}/.kdbx
noblacklist ${HOME}/.config/keepassxc
noblacklist ${HOME}/.keepassxc
noblacklist ${HOME}/.mozilla
blacklist /run/user/*/bus
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/whitelist-var-common.inc
caps.drop all
machine-id
net none
no3d
nodvd
nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix
seccomp
shell none
private-bin keepassxc
private-dev
private-etc fonts,ld.so.cache,machine-id
private-tmp
#memory-deny-write-execute
noexec ${HOME}
noexec /tmp#
Now it’s working .
Thank you for finding a solution for this problem that certainly has annoyed me for quite a while!
One thing I’d like to add: If I understand correctly, the file /etc/firejail/keepassxc.profile gets overwritten with each apt full-upgrade (please correct me if I’m wrong).
I recommend creating a local firejail profile that overrides the system default and saving it as:
~/.config/firejail/keepassxc.profile
What I did was:
I do not know, though, how much this might weaken the sandbox - maybe there is a better solution?
Thanks Jarfr very much!
I dont know how much this might weaken the sandbox, and how much is sanbox needed for keepassxc…I know and understand need for sandboxing browserS, but isn’t database as much safe as is its master password? If someone can compromise my keepassxc database when its opened, whats use of sanboxing it?
