Firejail: KeepassXC 2.3.0: Failed to connect to socket /run/user/1000/bus: Permission denied
Hello,
Please check this issue in the KeepassXC repo: https://github.com/keepassxreboot/keepassxc/issues/1582
I've found that whenever KeepassXC is ran under firejail, it doesn't work. This is the output:
Reading profile /etc/firejail/keepassxc.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 18812, child pid 18813
Private /etc installed in 7.05 ms
Child process initialized in 106.20 ms
qt5ct: using qt5ct plugin
(keepassxc:8): GConf-WARNING **: Client failed to connect to the D-BUS daemon:
Failed to connect to socket /run/user/1000/bus: Permission denied
qt5ct: D-Bus system tray: no
libGL error: failed to open drm device: No such file or directory
libGL error: failed to load driver: i965
My firejail's version is the following:
firejail version 0.9.52
Compile time support:
- AppArmor support is enabled
- AppImage support is enabled
- bind support is enabled
- chroot support is enabled
- file and directory whitelisting support is enabled
- file transfer support is enabled
- git install support is disabled
- networking support is enabled
- overlayfs support is enabled
- private-home support is enabled
- seccomp-bpf support is enabled
- user namespace support is enabled
- X11 sandboxing support is enabled
qazip
All 10 comments
You can try creating /etc/firejail/keepassxc.local file with noblacklist /run/user/*/bus line inside.
Vincent43
on 1 Mar 2018
@qazip What version of firejail are you using?
Fred-Barclay
on 2 Mar 2018
@Fred-Barclay, so sorry, I normally don't forget that. I've edited my post with my firejail version. It's 0.9.52.
qazip
on 2 Mar 2018
@qazip did you tried what I suggested?
Vincent43
on 2 Mar 2018
@Vincent43, I have now. It's still giving me the error:
Reading profile /etc/firejail/keepassxc.profile
Reading profile /etc/firejail/keepassxc.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 17583, child pid 17585
Private /etc installed in 5.13 ms
Child process initialized in 53.46 ms
qt5ct: using qt5ct plugin
(keepassxc:8): GConf-WARNING **: Client failed to connect to the D-BUS daemon:
Failed to connect to socket /tmp/dbus-FyLuCtiUoy: Connection refused
qt5ct: D-Bus system tray: no
libGL error: failed to open drm device: No such file or directory
libGL error: failed to load driver: i965
My keepassxc.local only has noblacklist /run/user/*/bus, nothing else.
qazip
on 2 Mar 2018
Failed to connect to socket /tmp/dbus-FyLuCtiUoy: Connection refused
should be fixed by commenting net none and blacklist /run/user/*/bus
libGL error: failed to open drm device: No such file or directory
is expected due to no3d
SkewedZeppelin
on 2 Mar 2018
@qazip another line that is known to cause problems is memory-deny-write-execute (see discussion in #1631).
Does firejail --ignore=memory-deny-write-execute keepassxc restore functionality?
smitsohu
on 5 Mar 2018
@smitsohu I'm running Arch Linux and have the same issue. Removing the memory-deny-write-execute option made it working again.
elvetemedve
on 6 Mar 2018
Yes indeed, that seems to work. It would be good if someone made a PR to keepassxc's profile.. Should I close this issue?
qazip
on 6 Mar 2018
@qazip @elvetemedve Thanks, I think we can close the issue then.
It is already fixed for the upcoming release in 38e798e2d66a50a2de0bc4f257e75c7bd57142ea.
smitsohu
on 6 Mar 2018
Related issues
francoism90
路
4Comments
HulaHoopWhonix
路
4Comments
reinerh
路
3Comments
ghost
路
3Comments
dandelionred
路
3Comments
Most helpful comment
@qazip @elvetemedve Thanks, I think we can close the issue then.
It is already fixed for the upcoming release in 38e798e2d66a50a2de0bc4f257e75c7bd57142ea.