search

keepassxreboot / keepassxc-browser

KeePassXC Browser Extension
GNU General Public License v3.0
1.78k stars 188 forks source link

KeePassXC-Browser addon not working with firejailed Firefox #2300

Closed skydreamer1 closed 3 months ago

skydreamer1 commented 3 months ago

Even after carefully reading the troubleshooting wiki and applying the specified profiles, the function does not work.

Expected Behavior

KeePassXC browser should work when Firefox is called within firejail Of course, this requires some profile modifications which are used by firejail afterwards Once profiles are customized or added and applied by firejail KeePassXC-Browser should work

Current Behavior

When KeePassXC is started and Firefox is started outside firejail (command-line firefox), KeePassXC browser plugin is green and functional. When KeePassXC is started and Firefox is started inside firejail (command-line firejail firefox), KeePassXC browser plugin indicates a problem and is not functional

Possible Solution

https://github.com/keepassxreboot/keepassxc-browser/wiki/Troubleshooting-guide#linux-firejail provides some guideline for Linux systems using firejail. The settings may not be sufficient. For example, if Firefox is called within firejail, no process keepassxc-proxy can be seen. The creation of this process could be prevented by firejail and thus cause the error

Steps to Reproduce (for bugs)

  1. install firejail + firejail-profiles (flatpak)
  2. add firejail profiles as shown within Troubleshooting-guide of above
  3. from the command-line run firefox and check keepassxc-browser function
  4. from the command-line run firejail firefox and check keepassxc-browser function again - it does not work, also process keepassxc-proxy doesn't exists

Debug info

KeePassXC - Version 2.7.9 KeePassXC-Browser - 1.9.1.1 Operating system: Linux Mint 21.3 Browser: Firefox 129.0

#profile /etc/firejail/firefox.local (according to troubleshooting-wiki) 

noblacklist ${RUNUSER}/app
mkdir ${RUNUSER}/app/org.keepassxc.KeePassXC
whitelist ${RUNUSER}/app/org.keepassxc.KeePassXC

#profile /etc/firejail/keepassxc.local (according to troubleshooting-wiki) 

noblacklist ${RUNUSER}/app
droidmonkey commented 3 months ago

Provide debug output for firejail pls

skydreamer1 commented 3 months ago

output of firejail --debug firefox debug.output.txt

droidmonkey commented 3 months ago

That appears to be the policy log, not the runtime log. You can also follow the strace portion of the troubleshooting guide to narrow in on what needs to be whitelisted.

skydreamer1 commented 3 months ago

oh, I wasn't aware of that, sorry maybe the following is more useful

  1. I first started firejail --allow-debuggers firefox which produced the following output output1.txt

  2. then I started sudo strace -f -p $(pgrep firefox) 2>&1 |grep keepass which did not produce any output at first, but after clicking on the plugin there was output output2.txt

  3. finally I clicked on the button reload of the plugin which created output output3.txt

droidmonkey commented 3 months ago

You likely need to whitelist: /var/lib/flatpak/exports/bin/org.keepassxc.KeePassXC

The strace is saying it cannot file that file. That means your .json file is pointing to the wrong binary (you need to go to the keepassxc settings and press OK again) or firejail is blocking access to it and that is being reported as a not found error.

skydreamer1 commented 3 months ago

I added whitelist ${RUNUSER}/var/lib/flatpak/exports/bin/org.keepassxc.KeePassXC to /etc/firejail/firefox.local output 3 now has changed to output3a.txt