github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #3200] firefox: keepassxc browser addon: Key exchange not successful #1999

New issue
Closed
opened 2026-05-05 08:40:17 -06:00 by gitea-mirror · 8 comments
gitea-mirror commented 2026-05-05 08:40:17 -06:00
Owner
Copy link

Originally created by @ericschdt on GitHub (Feb 3, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3200

If I start the Firefox with Firejail and try to connect the KeepassXC browser addon to the KeepassXC app, the addon says "key exchange unsuccessfull".

If however the Firefox is started outside of Firejail, everything is fine.

Any idea?

Additional notes

The KDEconnect browser addon runs fine with default settings + the ignore nodebus "trick".

System

FF 72.0.2
firejail 0.9.62
KeePassXC 2.5.2
KeepassXC Browser Addon 1.5.4
Archlinux

Originally created by @ericschdt on GitHub (Feb 3, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3200 If I start the Firefox with Firejail and try to connect the KeepassXC browser addon to the KeepassXC app, the addon says "key exchange unsuccessfull". If however the Firefox is started outside of Firejail, everything is fine. Any idea? #### Additional notes The KDEconnect browser addon runs fine with default settings + the ignore nodebus "trick". #### System FF 72.0.2 firejail 0.9.62 KeePassXC 2.5.2 KeepassXC Browser Addon 1.5.4 Archlinux
gitea-mirror commented 2026-05-05 08:40:20 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Feb 3, 2020):

@ericschdt I've installed keepassxc on Arch together with its browser addon and did some testing. With the firejail profiles from current git (which is what I use daily) I could reproduce. Editing the firejail options didn't do much in this context. And then I noticed this:

$ cat ~/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json
{
    "allowed_extensions": [
        "keepassxc-browser@keepassxc.org"
    ],
    "description": "KeePassXC integration with native messaging support",
    "name": "org.keepassxc.keepassxc_browser",
    "path": "/usr/local/bin/keepassxc-proxy",
    "type": "stdio"
}

On my system /usr/local/bin/keepassxc-proxy does not exist, /usr/bin/keepassxc-proxy does. As soon as I edited in the correct path and restarted Firefox the problem was gone. This was my first time ever using KeepassXC, so this might be beginners luck :)

<!-- gh-comment-id:581651122 --> @ghost commented on GitHub (Feb 3, 2020): @ericschdt I've installed keepassxc on Arch together with its browser addon and did some testing. With the firejail profiles from current git (which is what I use daily) I could reproduce. Editing the firejail options didn't do much in this context. And then I noticed this: ``` $ cat ~/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json { "allowed_extensions": [ "keepassxc-browser@keepassxc.org" ], "description": "KeePassXC integration with native messaging support", "name": "org.keepassxc.keepassxc_browser", "path": "/usr/local/bin/keepassxc-proxy", "type": "stdio" } ``` On my system /usr/local/bin/keepassxc-proxy does not exist, /usr/bin/keepassxc-proxy does. As soon as I edited in the correct path and restarted Firefox the problem was gone. This was my first time ever using KeepassXC, so this might be beginners luck :)
gitea-mirror commented 2026-05-05 08:40:21 -06:00
Author
Owner
Copy link

@ericschdt commented on GitHub (Feb 4, 2020):

With the firejail profiles from current git (which is what I use daily) I could reproduce.

That's good, however unfortunately

On my system /usr/local/bin/keepassxc-proxy does not exist, /usr/bin/keepassxc-proxy does.

both exist on my system:

-rwxr-xr-x 1 root root 30624  4. Jan 23:00 /usr/bin/keepassxc-proxy*
lrwxrwxrwx 1 root root 17  2. Feb 15:03 /usr/local/bin/keepassxc-proxy -> /usr/bin/firejail*

and

 diff ~/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json
{
    "allowed_extensions": [
        "keepassxc-browser@keepassxc.org"
    ],
    "description": "KeePassXC integration with native messaging support",
    "name": "org.keepassxc.keepassxc_browser",
-   "path": "/usr/bin/keepassxc-proxy",
+   "path": "/usr/local/bin/keepassxc-proxy",
    "type": "stdio"
}

did not help me. :-(

I also found out that the KeepassXC browser addon always says "unsuccessful key exchange", no matter if KeepassXC is running and/or unlocked in the background.

This was my first time ever using KeepassXC, so this might be beginners luck :)

Definitely!

<!-- gh-comment-id:581841053 --> @ericschdt commented on GitHub (Feb 4, 2020): > With the firejail profiles from current git (which is what I use daily) I could reproduce. That's good, however unfortunately > On my system /usr/local/bin/keepassxc-proxy does not exist, /usr/bin/keepassxc-proxy does. both exist on my system: ``` -rwxr-xr-x 1 root root 30624 4. Jan 23:00 /usr/bin/keepassxc-proxy* lrwxrwxrwx 1 root root 17 2. Feb 15:03 /usr/local/bin/keepassxc-proxy -> /usr/bin/firejail* ``` and ```  diff ~/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json { "allowed_extensions": [ "keepassxc-browser@keepassxc.org" ], "description": "KeePassXC integration with native messaging support", "name": "org.keepassxc.keepassxc_browser", - "path": "/usr/bin/keepassxc-proxy", + "path": "/usr/local/bin/keepassxc-proxy", "type": "stdio" } ``` did not help me. :-( I also found out that the KeepassXC browser addon always says "unsuccessful key exchange", no matter if KeepassXC is running and/or unlocked in the background. > This was my first time ever using KeepassXC, so this might be beginners luck :) Definitely!
gitea-mirror commented 2026-05-05 08:40:22 -06:00
Author
Owner
Copy link

@ericschdt commented on GitHub (Feb 4, 2020):

With the firejail profiles from current git (which is what I use daily) I could reproduce.

I replaced the profiles with their git counterparts and now it works! :)

<!-- gh-comment-id:581845305 --> @ericschdt commented on GitHub (Feb 4, 2020): > With the firejail profiles from **current git** (which is what I use daily) I could reproduce. I replaced the profiles with their git counterparts and now it works! :)
gitea-mirror commented 2026-05-05 08:40:22 -06:00
Author
Owner
Copy link

@ericschdt commented on GitHub (Feb 5, 2020):

Okay, now it no longer works. I don't know what's happening and I will have to investigate more later.

<!-- gh-comment-id:582628162 --> @ericschdt commented on GitHub (Feb 5, 2020): Okay, now it no longer works. I don't know what's happening and I will have to investigate more later.
gitea-mirror commented 2026-05-05 08:40:23 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Feb 6, 2020):

@ericschdt Feel free to re-open this if after additional investigation the issue persists.

<!-- gh-comment-id:583128302 --> @ghost commented on GitHub (Feb 6, 2020): @ericschdt Feel free to re-open this if after additional investigation the issue persists.
gitea-mirror commented 2026-05-05 08:40:24 -06:00
Author
Owner
Copy link

@ericschdt commented on GitHub (Feb 9, 2020):

Feel free to re-open this if after additional investigation the issue persists.

I could resolve the issue by adding keepassxc-proxy to the private-bin line in the firefox.profile file:

private-bin bash,dbus-launch,dbus-send,env,firefox,sh,which,keepassxc-proxy

Alternatively one could have uncommented
include firefox-common-addons.inc in firefox-common.profile
AND
private-bin keepassxc-proxy in firefox-common-addons.inc

<!-- gh-comment-id:583832980 --> @ericschdt commented on GitHub (Feb 9, 2020): > Feel free to re-open this if after additional investigation the issue persists. I could resolve the issue by adding `keepassxc-proxy` to the private-bin line in the `firefox.profile` file: ``` private-bin bash,dbus-launch,dbus-send,env,firefox,sh,which,keepassxc-proxy ``` Alternatively one could have uncommented `include firefox-common-addons.inc` in `firefox-common.profile` AND `private-bin keepassxc-proxy` in `firefox-common-addons.inc`
gitea-mirror commented 2026-05-05 08:40:25 -06:00
Author
Owner
Copy link

@saddy001 commented on GitHub (Oct 17, 2021):

For me this worked:

cat ~/.config/firejail/firefox.profile
private-bin bash,dbus-launch,dbus-send,env,firefox,sh,which,keepassxc-proxy
whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
include /etc/firejail/firefox.profile

Then restart Firefox. Also see #3952

<!-- gh-comment-id:945145026 --> @saddy001 commented on GitHub (Oct 17, 2021): For me this worked: ``` cat ~/.config/firejail/firefox.profile private-bin bash,dbus-launch,dbus-send,env,firefox,sh,which,keepassxc-proxy whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer include /etc/firejail/firefox.profile ``` Then restart Firefox. Also see #3952
gitea-mirror commented 2026-05-05 08:40:25 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Oct 17, 2021):

Also see https://github.com/keepassxreboot/keepassxc/discussions/6741#discussioncomment-1154242.

<!-- gh-comment-id:945154666 --> @rusty-snake commented on GitHub (Oct 17, 2021): Also see https://github.com/keepassxreboot/keepassxc/discussions/6741#discussioncomment-1154242.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1999
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?