[GH-ISSUE #3549] keepassxc: program does not start on BSPWM

gitea-mirror commented

2026-05-05 08:54:54 -06:00

Owner

Originally created by @seniorm0ment on GitHub (Jul 26, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3549

The profile firecfg grabbed for Keepassxc seems to not want to allow it to open? If I run ps aux | grep keepassxc
I notice two entries relating to /usr/bin/keepassxc and one called [keepassxc] defunct, If I killall keepassxc they all go away.

I can't get keepassxc open and this is problematic for me lol.
Would appreciate some help, am still new to using Firejail.

I'm running Artix x86_64, 5.7.8.a-1-hardened kernel, BSPWM, Firejail 0.9.62

Originally created by @seniorm0ment on GitHub (Jul 26, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3549 The profile firecfg grabbed for Keepassxc seems to not want to allow it to open? If I run ps aux | grep keepassxc I notice two entries relating to /usr/bin/keepassxc and one called [keepassxc] defunct, If I killall keepassxc they all go away. I can't get keepassxc open and this is problematic for me lol. Would appreciate some help, am still new to using Firejail. I'm running Artix x86_64, 5.7.8.a-1-hardened kernel, BSPWM, Firejail 0.9.62

gitea-mirror added the

information_old

label 2026-05-05 08:54:54 -06:00

gitea-mirror commented

2026-05-05 08:54:55 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jul 26, 2020):

firejail version?

@rusty-snake commented on GitHub (Jul 26, 2020): firejail version?

gitea-mirror commented

2026-05-05 08:54:56 -06:00

Author

Owner

@seniorm0ment commented on GitHub (Jul 26, 2020):

@rusty-snake 0.9.62

@seniorm0ment commented on GitHub (Jul 26, 2020): @rusty-snake 0.9.62

gitea-mirror commented

2026-05-05 08:54:57 -06:00

Author

Owner

@bbhtt commented on GitHub (Jul 26, 2020):

This is too obvious but have you configured the symlinks or tried with firejail --profile=name.profile /usr/bin/program,firejail --noprofile /usr/bin/program or its default profile on a terminal? If so are there any errors?

@bbhtt commented on GitHub (Jul 26, 2020): This is too obvious but have you configured the symlinks or tried with `firejail --profile=name.profile /usr/bin/program`,`firejail --noprofile /usr/bin/program` or its default profile on a terminal? If so are there any errors?

gitea-mirror commented

2026-05-05 08:54:59 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jul 26, 2020):

firejail --profile=name.profile /usr/bin/program

firejail --profile=name /usr/bin/program

default profile

Why should it be tested with default.profile if it has a own profile?

[keepassxc] defunct

defunct is often caused by seccomp (seccomp, protocol, mdwe). If you use hardened-malloc it could also be private-etc.

@rusty-snake commented on GitHub (Jul 26, 2020): > firejail --profile=name.profile /usr/bin/program `firejail --profile=name /usr/bin/program` > default profile Why should it be tested with `default.profile` if it has a own profile? > [keepassxc] defunct defunct is often caused by seccomp (seccomp, protocol, mdwe). If you use hardened-malloc it could also be private-etc.

gitea-mirror commented

2026-05-05 08:55:00 -06:00

Author

Owner

@seniorm0ment commented on GitHub (Jul 26, 2020):

@kortewegdevries Again, am new to Firejail so not too obvious my bad. firejail --noprofile /usr/bin/keepassxc did launch it no issues.
If I run firejail --profile=keepassxc.profile, it gives me an error inaccessible profile file. I can see and read the profile no issues in /etc/firejail/keepassxc.profile.
As for symlinks, I thought firecfg did this? I do see it under firecfg --list, /usr/local/bin/keepassxc so it seems to be linked.

And even if not, I did setup the hooks file as found in the Arch wiki which seemed it did this on install uograde and removal for anything.
https://wiki.archlinux.org/index.php/Firejail#Using_Firejail_by_default

@seniorm0ment commented on GitHub (Jul 26, 2020): @kortewegdevries Again, am new to Firejail so not too obvious my bad. firejail --noprofile /usr/bin/keepassxc did launch it no issues. If I run firejail --profile=keepassxc.profile, it gives me an error inaccessible profile file. I can see and read the profile no issues in /etc/firejail/keepassxc.profile. As for symlinks, I thought firecfg did this? I do see it under firecfg --list, /usr/local/bin/keepassxc so it seems to be linked. And even if not, I did setup the hooks file as found in the Arch wiki which seemed it did this on install uograde and removal for anything. https://wiki.archlinux.org/index.php/Firejail#Using_Firejail_by_default

gitea-mirror commented

2026-05-05 08:55:01 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jul 26, 2020):

Again, am new to Firejail so not too obvious my bad.

If you had followed the issue template ...

If I run firejail --profile=keepassxc.profile, it gives me an error inaccessible profile file. I can see and read the profile no issues in /etc/firejail/keepassxc.profile.

--profile=keepassxc.profile tells firejail to look for keepassxc.profile in the current working directory. --profile=keepassxc tells firejail to look for keepassxc in . then for keepassxc.profile in ~/.config/firejail and then in /etc/firejail.

So anything in the terminal / syslog?

@rusty-snake commented on GitHub (Jul 26, 2020): > Again, am new to Firejail so not too obvious my bad. If you had followed the issue template ... > If I run firejail --profile=keepassxc.profile, it gives me an error inaccessible profile file. I can see and read the profile no issues in /etc/firejail/keepassxc.profile. `--profile=keepassxc.profile` tells firejail to look for `keepassxc.profile` in the current working directory. `--profile=keepassxc` tells firejail to look for `keepassxc` in `.` then for `keepassxc.profile` in ~/.config/firejail and then in /etc/firejail. ---- So anything in the terminal / syslog?

gitea-mirror commented

2026-05-05 08:55:02 -06:00

Author

Owner

@bbhtt commented on GitHub (Jul 26, 2020):

Why should it be tested with default.profile if it has a own profile?

I meant to try with firejail --profile... with the profile it comes with, not the "default.profile". It was missing an "its" :)
The pacman hook should work.

@bbhtt commented on GitHub (Jul 26, 2020): > Why should it be tested with default.profile if it has a own profile? I meant to try with `firejail --profile...` with the profile it comes with, not the "`default.profile`". It was missing an "its" :) The pacman hook should work.

gitea-mirror commented

2026-05-05 08:55:03 -06:00

Author

Owner

@seniorm0ment commented on GitHub (Jul 26, 2020):

If you followed the issue template

I was not provided with an issue template when creating an issue.

--profile=keepassxc.profile tells firejail to look for keepassxc.profile in the current working directory. --profile=keepassxc tells firejail to look for keepassxc in . then for keepassxc.profile in ~/.config/firejail and then in /etc/firejail.

Oh, in that case, if I run firejail --profile=keepassxc
It shows a list of reading profile commands which relate to the include commands in the /etc/firejail/keepassxc.profile, then says warning noroot option is not available, then gived an error: shell=none configured, but no program specified

@seniorm0ment commented on GitHub (Jul 26, 2020): > If you followed the issue template I was not provided with an issue template when creating an issue. > --profile=keepassxc.profile tells firejail to look for keepassxc.profile in the current working directory. --profile=keepassxc tells firejail to look for keepassxc in . then for keepassxc.profile in ~/.config/firejail and then in /etc/firejail. Oh, in that case, if I run firejail --profile=keepassxc It shows a list of reading profile commands which relate to the include commands in the /etc/firejail/keepassxc.profile, then says warning noroot option is not available, then gived an error: shell=none configured, but no program specified

gitea-mirror commented

2026-05-05 08:55:04 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jul 26, 2020):

I was not provided with an issue template when creating an issue.

How do you opened the issue?

I meant to try with ……

To say "default profile" in firejail context is always confusing, best is "default.profile" or "foo.profile" or "its profile" (no default).

Oh, in that case, if I run firejail --profile=keepassxc

is lost somewher: full command is firejail --profile=keepassxc /usr/bin/keepassxc

@rusty-snake commented on GitHub (Jul 26, 2020): > I was not provided with an issue template when creating an issue. How do you opened the issue? > I meant to try with …… To say "default profile" in firejail context is always confusing, best is "default.profile" or "foo.profile" or "its profile" (no default). > Oh, in that case, if I run firejail --profile=keepassxc is lost somewher: full command is `firejail --profile=keepassxc /usr/bin/keepassxc`

gitea-mirror commented

2026-05-05 08:55:06 -06:00

Author

Owner

@seniorm0ment commented on GitHub (Jul 26, 2020):

@rusty-snake

How do you opened the issue?
Fasthub-Libre, am on my phone. Usually when creating issues it has no problem grabbing templates, nothing showed when making an issue here.

full command is firejail --profile=keepassxc /usr/bin/keepassxc

Ah, my bad. It shows reading profile from /etc/firejail/keepassxc, and reading profile from all the includes like disable-common, disable-devel, etc as specified within the keepassxc profile.
Then it shows the parent and child pid.
Then says Skipping alternatives for private /etc.
Then 3 programs installed in 29.70ms.
Then warning /sbin dir link was not blacklisted.
Then /usr/sbin dir link was not blacklisted.
Then blacklist violations are logged to syslog.
Child process initialized in 125ms.

Sorry I can't copy paste, am on my phone lol.
I'm not seeing anything relating to keepassxc or firejail in /var/log/syslog, however in /var/log/messages.log I see

Kernel: audit: type=1326 audit(long number): auir=1000 uid=1000 gid=1000 ses=1 pid=8066 comm=keepassxc exe=/usr/bin/keepassxc sig=31 arch=c000003e syscall=303 compat=0 ip=longhex code=0x0

@seniorm0ment commented on GitHub (Jul 26, 2020): @rusty-snake > How do you opened the issue? Fasthub-Libre, am on my phone. Usually when creating issues it has no problem grabbing templates, nothing showed when making an issue here. > full command is firejail --profile=keepassxc /usr/bin/keepassxc Ah, my bad. It shows reading profile from /etc/firejail/keepassxc, and reading profile from all the includes like disable-common, disable-devel, etc as specified within the keepassxc profile. Then it shows the parent and child pid. Then says Skipping alternatives for private /etc. Then 3 programs installed in 29.70ms. Then warning /sbin dir link was not blacklisted. Then /usr/sbin dir link was not blacklisted. Then blacklist violations are logged to syslog. Child process initialized in 125ms. Sorry I can't copy paste, am on my phone lol. I'm not seeing anything relating to keepassxc or firejail in /var/log/syslog, however in /var/log/messages.log I see ``` Kernel: audit: type=1326 audit(long number): auir=1000 uid=1000 gid=1000 ses=1 pid=8066 comm=keepassxc exe=/usr/bin/keepassxc sig=31 arch=c000003e syscall=303 compat=0 ip=longhex code=0x0 ```

gitea-mirror commented

2026-05-05 08:55:07 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jul 26, 2020):

Try to add seccomp !name_to_handle_at to keepassxc (replace seccomp).

@rusty-snake commented on GitHub (Jul 26, 2020): Try to add `seccomp !name_to_handle_at` to keepassxc (replace `seccomp`).

gitea-mirror commented

2026-05-05 08:55:08 -06:00

Author

Owner

@seniorm0ment commented on GitHub (Jul 26, 2020):

@rusty-snake You're suggesting replacing to

seccomp !keepassxc

?
Upon doing that, and running firejail --profile=keepassxc /usr/bin/keepassxc at the bottom of the previously stated output, I now see

post-exec seccomp protector enabled
Seccomp list in: !keepassxc, check list: @default-keep, child process initalized.

Still not opening keepassxc though.

@seniorm0ment commented on GitHub (Jul 26, 2020): @rusty-snake You're suggesting replacing to ``` seccomp !keepassxc ``` ? Upon doing that, and running firejail --profile=keepassxc /usr/bin/keepassxc at the bottom of the previously stated output, I now see ``` post-exec seccomp protector enabled Seccomp list in: !keepassxc, check list: @default-keep, child process initalized. ``` Still not opening keepassxc though.

gitea-mirror commented

2026-05-05 08:55:08 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jul 26, 2020):

No, seccomp !name_to_handel_at.

@rusty-snake commented on GitHub (Jul 26, 2020): No, `seccomp !name_to_handel_at`.

gitea-mirror commented

2026-05-05 08:55:09 -06:00

Author

Owner

@seniorm0ment commented on GitHub (Jul 26, 2020):

Ah, it removed the seccomp line from output so seemed to work, but still not launching.
The only notable error left I see is the

Error: --shell=none configured, but no program specified

@seniorm0ment commented on GitHub (Jul 26, 2020): Ah, it removed the seccomp line from output so seemed to work, but still not launching. The only notable error left I see is the ``` Error: --shell=none configured, but no program specified ```

gitea-mirror commented

2026-05-05 08:55:09 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jul 26, 2020):

Start it with firejail --profile=keepassxc /usr/bin/keepassxc, firejail keepassxc or keepassxc (firecfg).

@rusty-snake commented on GitHub (Jul 26, 2020): Start it with `firejail --profile=keepassxc /usr/bin/keepassxc`, `firejail keepassxc` or `keepassxc` (firecfg).

gitea-mirror commented

2026-05-05 08:55:10 -06:00

Author

Owner

@seniorm0ment commented on GitHub (Jul 26, 2020):

@rusty-snake

firejail --profile=keepassxc /usr/bin/keepassxc

Doesn't work, that's what gave the shell error.

firejail keepassxc

This worked, how come when just launching through Rofi it has issues? When launching other programs through Rofi, it uses firejail no issue if they have a profile.
Also this doesn't follow my bspc (bspwmrc) rule to send keepassxc to desktop 10, no issues with other programs using firejail?
bspc rule -a keepassxc desktop='^10' follow=on focus=on

keepassxx (firecfg)

Are you suggesting just keepassxc? If so it does the same as the previous.

@seniorm0ment commented on GitHub (Jul 26, 2020): @rusty-snake > firejail --profile=keepassxc /usr/bin/keepassxc Doesn't work, that's what gave the shell error. >firejail keepassxc This worked, how come when just launching through Rofi it has issues? When launching other programs through Rofi, it uses firejail no issue if they have a profile. Also this doesn't follow my bspc (bspwmrc) rule to send keepassxc to desktop 10, no issues with other programs using firejail? `bspc rule -a keepassxc desktop='^10' follow=on focus=on` > keepassxx (firecfg) Are you suggesting just `keepassxc`? If so it does the same as the previous.

gitea-mirror commented

2026-05-05 08:55:10 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jul 26, 2020):

If you execute firecfg, all tree should do the same.

@rusty-snake commented on GitHub (Jul 26, 2020): If you execute firecfg, all tree should do the same.

gitea-mirror commented

2026-05-05 08:55:11 -06:00

Author

Owner

@seniorm0ment commented on GitHub (Jul 26, 2020):

Ah, executing firecfg fixed the issue with rofi, and now keepassxx launches no issues.

But keepassxc still doesn't follow my bspc rule as it used to?

And lastly, does this mean there's an issue with the default profile for keepassxc I assume? Will this be fixed? Or is this just a "me issue" I had?

@seniorm0ment commented on GitHub (Jul 26, 2020): Ah, executing firecfg fixed the issue with rofi, and now keepassxx launches no issues. But keepassxc still doesn't follow my bspc rule as it used to? And lastly, does this mean there's an issue with the default profile for keepassxc I assume? Will this be fixed? Or is this just a "me issue" I had?

gitea-mirror commented

2026-05-05 08:55:11 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jul 26, 2020):

Doesn't work, that's what gave the shell error.

What??

but keepassxc still doesn't follow my bspc rule as it used to?

Only if keepassxc is firejailed?

@rusty-snake commented on GitHub (Jul 26, 2020): > Doesn't work, that's what gave the shell error. What?? > but keepassxc still doesn't follow my bspc rule as it used to? Only if keepassxc is firejailed?

gitea-mirror commented

2026-05-05 08:55:11 -06:00

Author

Owner

@seniorm0ment commented on GitHub (Jul 26, 2020):

What??

Forget that, I think it fixed itself after rerunning firecfg.
It seems to be working now.

but keepassxc still doesn't follow my bspc rule as it used to?

Only if keepassxc is firejailed?

Yeah it was having no issues moving Keepassxc to desktop 10 on launch, via the bspc rule I stated above, before setting up Firejail. Now it just launched on whatever display I'm currently on instead of going to desktop 10. Any ideas on how to fix so it follows my bspc rule?

@seniorm0ment commented on GitHub (Jul 26, 2020): > What?? Forget that, I think it fixed itself after rerunning firecfg. It seems to be working now. > but keepassxc still doesn't follow my bspc rule as it used to? > Only if keepassxc is firejailed? Yeah it was having no issues moving Keepassxc to desktop 10 on launch, via the bspc rule I stated above, before setting up Firejail. Now it just launched on whatever display I'm currently on instead of going to desktop 10. Any ideas on how to fix so it follows my bspc rule?

gitea-mirror commented

2026-05-05 08:55:12 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jul 31, 2020):

Looks like you need to try which option cause this behaviour. (Maybe one of machine-id, private-etc, net none, protocol?)

@rusty-snake commented on GitHub (Jul 31, 2020): Looks like you need to try which option cause this behaviour. (Maybe one of `machine-id`, `private-etc`, `net none`, `protocol`?)

gitea-mirror commented

2026-05-05 08:55:12 -06:00

Author

Owner

@seniorm0ment commented on GitHub (Jul 31, 2020):

Hmm, disabling any of those plus the others didn't seem to fix it. I tried running firejail --noprofile /usr/bin/keepassxc and that isn't working either which makes no sense because that simply ignores firejail profile correct?
I also notice that if I open keepassxc, then open a new window next to it, it ignores my rules about gaps. So it seems like keepassxc is now ignoring my bspwmrc?

Now BSPWM does use a script for it's config, it's in .config/bspwm/bwpsmrc and that is chmod +x so it's executable, I did try adding a noblacklist to that path in the firejail profile and that seemed to not work as well.

Either way, the issue seems to be keepassxc not reading my bspwmrc because it ignores the gaps, and that's where you set the rule to which window it opens on which would explain why it's not opening to desktop 10. But I can't figure out what is causing the issue.

@seniorm0ment commented on GitHub (Jul 31, 2020): Hmm, disabling any of those plus the others didn't seem to fix it. I tried running `firejail --noprofile /usr/bin/keepassxc` and that isn't working either which makes no sense because that simply ignores firejail profile correct? I also notice that if I open keepassxc, then open a new window next to it, it ignores my rules about gaps. So it seems like keepassxc is now ignoring my bspwmrc? Now BSPWM does use a script for it's config, it's in .config/bspwm/bwpsmrc and that is chmod +x so it's executable, I did try adding a noblacklist to that path in the firejail profile and that seemed to not work as well. Either way, the issue seems to be keepassxc not reading my bspwmrc because it ignores the gaps, and that's where you set the rule to which window it opens on which would explain why it's not opening to desktop 10. But I can't figure out what is causing the issue.

gitea-mirror commented

2026-05-05 08:55:13 -06:00

Author

Owner

@seniorm0ment commented on GitHub (Aug 19, 2020):

Still was having issues with getting KeepassXC to be pushed to desktop 10.

But, I am having another issue. So, I just ran a full update, and all my Firecfg profiles reset. I have a hook added, to autograb the Firecfg profiles (as provided by the arch wiki), I figured it would preserve the profiles I edited, on updates if any changes were made, but it looks like it completely replaces them? Is there a way to get Firecfg profiles to auto apply to programs on install, or when they are newly added and found when updating a program, but don't overwrite profiles that are already there or have changed? Or warn if there's an update to one of the Firecfg profiles I have edited, or something idk..?

Anyways, the specific issue I'm having is the same as creating this thread, KeepassXC is not opening to GUI anymore. I can't even get the secocmp fix to work, or the noprofile or specifically specifying the profile. I added seccomp !name_to_handle_at, then rerunning sudo firecfg as previously fixed, it did not fix this time.

$ firejail --list
4387:gravity::/usr/bin/firejail /usr/bin/firefox
4746:gravity:keepassxc:/usr/bin/firejail /usr/bin/keepassxc

$ firejail --profile=keepassxc /usr/bin/keepassxc
Reading profile /etc/firejail/keepassxc.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Switching to pid 4747, the first child process inside the sandbox
Error: --shell=none configured, but no program specified
Warning: removing 1 bytes from stdin

$ firejail --noprofile /usr/bin/program
Parent pid 6725, child pid 6726
Child process initialized in 3.37 ms
zsh:1: no such file or directory: /usr/bin/program

Parent is shutting down, bye...

Not sure what's going on.

# Firejail profile for keepassxc
# Description: Cross Platform Password Manager
# This file is overwritten after every install/update
# Persistent local customizations
include keepassxc.local
# Persistent global definitions
include globals.local

noblacklist ${HOME}/*.kdb
noblacklist ${HOME}/*.kdbx
noblacklist ${HOME}/.config/keepassxc
noblacklist ${HOME}/.keepassxc
# 2.2.4 needs this path when compiled with "Native messaging browser extension"
noblacklist ${HOME}/.mozilla
noblacklist ${DOCUMENTS}

include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
include disable-xdg.inc

whitelist /usr/share/keepassxc
include whitelist-usr-share-common.inc
include whitelist-var-common.inc

caps.drop all
machine-id
net none
no3d
nodvd
# Breaks 'Lock database when session is locked or lid is closed' (#2899).
# Also breaks (Plasma) tray icon,
# you can safely uncomment it or add to keepassxc.local if you don't need these features.
#nodbus
nogroups
nonewprivs
noroot
nosound
notv
nou2f
novideo
protocol unix,netlink
seccomp !name_to_handle_at
shell none
tracelog

private-bin keepassxc,keepassxc-cli,keepassxc-proxy
private-dev
private-etc alternatives,fonts,ld.so.cache,machine-id
private-tmp

# Mutex is stored in /tmp by default, which is broken by private-tmp
join-or-start keepassxc

@seniorm0ment commented on GitHub (Aug 19, 2020): Still was having issues with getting KeepassXC to be pushed to desktop 10. But, I am having another issue. So, I just ran a full update, and all my Firecfg profiles reset. I have a hook added, to autograb the Firecfg profiles ([as provided by the arch wiki](https://wiki.archlinux.org/index.php/Firejail#Using_Firejail_by_default)), I figured it would preserve the profiles I edited, on updates if any changes were made, but it looks like it completely replaces them? Is there a way to get Firecfg profiles to auto apply to programs on install, or when they are newly added and found when updating a program, but don't overwrite profiles that are already there or have changed? Or warn if there's an update to one of the Firecfg profiles I have edited, or something idk..? Anyways, the specific issue I'm having is the same as creating this thread, KeepassXC is not opening to GUI anymore. I can't even get the secocmp fix to work, or the noprofile or specifically specifying the profile. I added `seccomp !name_to_handle_at`, then rerunning `sudo firecfg` as previously fixed, it did not fix this time. ``` $ firejail --list 4387:gravity::/usr/bin/firejail /usr/bin/firefox 4746:gravity:keepassxc:/usr/bin/firejail /usr/bin/keepassxc ``` ``` $ firejail --profile=keepassxc /usr/bin/keepassxc Reading profile /etc/firejail/keepassxc.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Switching to pid 4747, the first child process inside the sandbox Error: --shell=none configured, but no program specified Warning: removing 1 bytes from stdin ``` ``` $ firejail --noprofile /usr/bin/program Parent pid 6725, child pid 6726 Child process initialized in 3.37 ms zsh:1: no such file or directory: /usr/bin/program Parent is shutting down, bye... ``` Not sure what's going on. ``` # Firejail profile for keepassxc # Description: Cross Platform Password Manager # This file is overwritten after every install/update # Persistent local customizations include keepassxc.local # Persistent global definitions include globals.local noblacklist ${HOME}/*.kdb noblacklist ${HOME}/*.kdbx noblacklist ${HOME}/.config/keepassxc noblacklist ${HOME}/.keepassxc # 2.2.4 needs this path when compiled with "Native messaging browser extension" noblacklist ${HOME}/.mozilla noblacklist ${DOCUMENTS} include disable-common.inc include disable-devel.inc include disable-exec.inc include disable-interpreters.inc include disable-passwdmgr.inc include disable-programs.inc include disable-xdg.inc whitelist /usr/share/keepassxc include whitelist-usr-share-common.inc include whitelist-var-common.inc caps.drop all machine-id net none no3d nodvd # Breaks 'Lock database when session is locked or lid is closed' (#2899). # Also breaks (Plasma) tray icon, # you can safely uncomment it or add to keepassxc.local if you don't need these features. #nodbus nogroups nonewprivs noroot nosound notv nou2f novideo protocol unix,netlink seccomp !name_to_handle_at shell none tracelog private-bin keepassxc,keepassxc-cli,keepassxc-proxy private-dev private-etc alternatives,fonts,ld.so.cache,machine-id private-tmp # Mutex is stored in /tmp by default, which is broken by private-tmp join-or-start keepassxc ```

gitea-mirror commented

2026-05-05 08:55:13 -06:00

Author

Owner

@bbhtt commented on GitHub (Aug 19, 2020):

I have a hook added, to autograb the Firecfg profiles (as provided by the arch wiki), I figured it would preserve the profiles on updates if any changes were made, but it looks like it completely replaces them?

On Debian you get a Y/N/I/O option to preserve your current profile,install the updated one or compare side by side during a upgrade, I don't think there is something similar with pacman. It is always better to put your local changes in ~/.config/firejail/ since system-wide profiles will get replaced as it is written on top of each profile.

Is there a way to get Firecfg profiles to auto apply to programs on install,...

That's what the hook does?

This looks like a different error, are you on 0.9.62.4-1?

$ firejail --noprofile /usr/bin/program

Are you doing this with an actual program or as an example?

@bbhtt commented on GitHub (Aug 19, 2020): > I have a hook added, to autograb the Firecfg profiles (as provided by the arch wiki), I figured it would preserve the profiles on updates if any changes were made, but it looks like it completely replaces them? On Debian you get a Y/N/I/O option to preserve your current profile,install the updated one or compare side by side during a upgrade, I don't think there is something similar with pacman. It is always better to put your local changes in `~/.config/firejail/` since system-wide profiles will get replaced as it is written on top of each profile. > Is there a way to get Firecfg profiles to auto apply to programs on install,... That's what the hook does? This looks like a different error, are you on 0.9.62.4-1? > $ firejail --noprofile /usr/bin/program Are you doing this with an actual program or as an example?

gitea-mirror commented

2026-05-05 08:55:13 -06:00

Author

Owner

@seniorm0ment commented on GitHub (Aug 19, 2020):

It is always better to put your local changes in ~/.config/firejail/ since system-wide profiles will get replaced as it is written on top of each profile.

Ah, ok this makes more sense.

This looks like a different error, are you on 0.9.62.4-1?

firejail version 0.9.62.4, just updated it when I ran the system update.

$ firejail --noprofile /usr/bin/program

Are you doing this with an actual program or as an example?

Oh, that's my mistake, my brain has been all over the place lately. firejail --noprofile /usr/bin/keepassxc launches it. Still doesn't actually solve the issue though ofc.

@seniorm0ment commented on GitHub (Aug 19, 2020): > It is always better to put your local changes in `~/.config/firejail/` since system-wide profiles will get replaced as it is written on top of each profile. Ah, ok this makes more sense. > This looks like a different error, are you on 0.9.62.4-1? firejail version 0.9.62.4, just updated it when I ran the system update. > > $ firejail --noprofile /usr/bin/program > > Are you doing this with an actual program or as an example? Oh, that's my mistake, my brain has been all over the place lately. `firejail --noprofile /usr/bin/keepassxc` launches it. Still doesn't actually solve the issue though ofc.

gitea-mirror commented

2026-05-05 08:55:14 -06:00

Author

Owner

@bbhtt commented on GitHub (Aug 19, 2020):

Runs fine for me on Arch with the profile you gave, did you change anything/does the original profile end in the same error?

@bbhtt commented on GitHub (Aug 19, 2020): Runs fine for me on Arch with the profile you gave, did you change anything/does the original profile end in the same error?

gitea-mirror commented

2026-05-05 08:55:14 -06:00

Author

Owner

@seniorm0ment commented on GitHub (Aug 19, 2020):

Does the original profile end in the same error?
Using the stock profile (just unedited my one edit, ignore the path being .config--and yes I ran sudo firecfg), I get the following

Reading profile /home/gravity/.config/firejail/keepassxc.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Switching to pid 4747, the first child process inside the sandbox
Error: --shell=none configured, but no program specified

Did you change anything

Running using the profile below (same as originally, which should be what you ran)

$ firejail --profile=/home/gravity/.config/firejail/keepassxc.profile /usr/bin/keepassxc
Reading profile /home/gravity/.config/firejail/keepassxc.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Switching to pid 4747, the first child process inside the sandbox
Error: --shell=none configured, but no program specified

The profile (the only edit from stock is changed seccomp to seccomp !name_to_handle_at):

# Firejail profile for keepassxc
# Description: Cross Platform Password Manager
# This file is overwritten after every install/update
# Persistent local customizations
include keepassxc.local
# Persistent global definitions
include globals.local

noblacklist ${HOME}/*.kdb
noblacklist ${HOME}/*.kdbx
noblacklist ${HOME}/.config/keepassxc
noblacklist ${HOME}/.keepassxc
# 2.2.4 needs this path when compiled with "Native messaging browser extension"
noblacklist ${HOME}/.mozilla
noblacklist ${DOCUMENTS}

include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
include disable-xdg.inc

whitelist /usr/share/keepassxc
include whitelist-usr-share-common.inc
include whitelist-var-common.inc

caps.drop all
machine-id
net none
no3d
nodvd
# Breaks 'Lock database when session is locked or lid is closed' (#2899).
# Also breaks (Plasma) tray icon,
# you can safely uncomment it or add to keepassxc.local if you don't need these features.
#nodbus
nogroups
nonewprivs
noroot
nosound
notv
nou2f
novideo
protocol unix,netlink
seccomp !name_to_handle_at
shell none
tracelog

private-bin keepassxc,keepassxc-cli,keepassxc-proxy
private-dev
private-etc alternatives,fonts,ld.so.cache,machine-id
private-tmp

# Mutex is stored in /tmp by default, which is broken by private-tmp
join-or-start keepassxc

@seniorm0ment commented on GitHub (Aug 19, 2020): >> Does the original profile end in the same error? > Using the stock profile (just unedited my one edit, ignore the path being .config--and yes I ran `sudo firecfg`), I get the following ``` Reading profile /home/gravity/.config/firejail/keepassxc.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Switching to pid 4747, the first child process inside the sandbox Error: --shell=none configured, but no program specified ``` > Did you change anything Running using the profile below (same as originally, which should be what you ran) ``` $ firejail --profile=/home/gravity/.config/firejail/keepassxc.profile /usr/bin/keepassxc Reading profile /home/gravity/.config/firejail/keepassxc.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Switching to pid 4747, the first child process inside the sandbox Error: --shell=none configured, but no program specified ``` The profile (the only edit from stock is changed `seccomp` to `seccomp !name_to_handle_at`): ``` # Firejail profile for keepassxc # Description: Cross Platform Password Manager # This file is overwritten after every install/update # Persistent local customizations include keepassxc.local # Persistent global definitions include globals.local noblacklist ${HOME}/*.kdb noblacklist ${HOME}/*.kdbx noblacklist ${HOME}/.config/keepassxc noblacklist ${HOME}/.keepassxc # 2.2.4 needs this path when compiled with "Native messaging browser extension" noblacklist ${HOME}/.mozilla noblacklist ${DOCUMENTS} include disable-common.inc include disable-devel.inc include disable-exec.inc include disable-interpreters.inc include disable-passwdmgr.inc include disable-programs.inc include disable-xdg.inc whitelist /usr/share/keepassxc include whitelist-usr-share-common.inc include whitelist-var-common.inc caps.drop all machine-id net none no3d nodvd # Breaks 'Lock database when session is locked or lid is closed' (#2899). # Also breaks (Plasma) tray icon, # you can safely uncomment it or add to keepassxc.local if you don't need these features. #nodbus nogroups nonewprivs noroot nosound notv nou2f novideo protocol unix,netlink seccomp !name_to_handle_at shell none tracelog private-bin keepassxc,keepassxc-cli,keepassxc-proxy private-dev private-etc alternatives,fonts,ld.so.cache,machine-id private-tmp # Mutex is stored in /tmp by default, which is broken by private-tmp join-or-start keepassxc ```

gitea-mirror commented

2026-05-05 08:55:14 -06:00

Author

Owner

@bbhtt commented on GitHub (Aug 20, 2020):

No both runs okay for me. I was concerned about the second line more...

Try commenting shell none and append sh,zsh,bash,which in private bin. And run with firejail --profile=/path/to/changed/profile/ /usr/bin/keepassxc in a terminal. If this works, and you want to make this change permanent:

Create a keepassxc.profile in config/firejail, paste all the contents of /etc/firejail/keepassxc.profile to it and edit in your changes.Now assuming you have made the symlinks using sudo firecfg or in your case the hook, and it is in your path, type keepassxc on a terminal and it'll load the profile in config, check the output on terminal etc...

By the way, are you using a script to launch firejailed programs, what's "rofi"?

@bbhtt commented on GitHub (Aug 20, 2020): No both runs okay for me. I was concerned about the second line more... Try commenting `shell none` and append `sh,zsh,bash,which` in private bin. And run with `firejail --profile=/path/to/changed/profile/ /usr/bin/keepassxc` in a terminal. If this works, and you want to make this change permanent: Create a keepassxc.profile in config/firejail, paste all the contents of `/etc/firejail/keepassxc.profile` to it and edit in your changes.Now assuming you have made the symlinks using sudo firecfg or in your case the hook, and it is in your path, type keepassxc on a terminal and it'll load the profile in config, check the output on terminal etc... By the way, are you using a script to launch firejailed programs, what's "rofi"?

gitea-mirror commented

2026-05-05 08:55:15 -06:00

Author

Owner

@seniorm0ment commented on GitHub (Aug 20, 2020):

Try commenting shell none and append sh,zsh,bash,which in private bin.
firejail --profile=/path/to/changed/profile/ /usr/bin/keepassxc

$ firejail --profile=/home/gravity/.config/firejail/keepassxc.profile /usr/bin/keepassxc
Reading profile /home/gravity/.config/firejail/keepassxc.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Switching to pid 4747, the first child process inside the sandbox
Child process initialized in 33.40 ms
execvp: No such file or directory

Shell error gone, new one though.
Not sure where it's trying to pull execvp from. I don't see anything like that in the config unless I'm missing it. I searched vp and exec, nothing showed for vp, exec only resolved one line which seemed irrelevant.

By the way, are you using a script to launch firejailed programs, what's "rofi"?

rofi is a dmenu alternative (tiling wm). It is working perfectly fine with my other programs, I confirmed with firejail --list and they all show. Also previously above, when I had KeepassXC working with firejail rofi was launching it in firejail no issues, I believe it is irrelevant.

@seniorm0ment commented on GitHub (Aug 20, 2020): >> Try commenting shell none and append sh,zsh,bash,which in private bin. > firejail --profile=/path/to/changed/profile/ /usr/bin/keepassxc ``` $ firejail --profile=/home/gravity/.config/firejail/keepassxc.profile /usr/bin/keepassxc Reading profile /home/gravity/.config/firejail/keepassxc.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Switching to pid 4747, the first child process inside the sandbox Child process initialized in 33.40 ms execvp: No such file or directory ``` Shell error gone, new one though. Not sure where it's trying to pull `execvp` from. I don't see anything like that in the config unless I'm missing it. I searched `vp` and `exec`, nothing showed for `vp`, `exec` only resolved one line which seemed irrelevant. > By the way, are you using a script to launch firejailed programs, what's "rofi"? rofi is a dmenu alternative (tiling wm). It is working perfectly fine with my other programs, I confirmed with `firejail --list` and they all show. Also previously above, when I had KeepassXC working with firejail rofi was launching it in firejail no issues, I believe it is irrelevant.

gitea-mirror commented

2026-05-05 08:55:15 -06:00

Author

Owner

@bbhtt commented on GitHub (Aug 20, 2020):

What shell are you using? zsh? Did you add them to private-bin? execvp is not a program but a system call...

@bbhtt commented on GitHub (Aug 20, 2020): What shell are you using? zsh? Did you add them to private-bin? execvp is not a program but a system call...

gitea-mirror commented

2026-05-05 08:55:16 -06:00

Author

Owner

@seniorm0ment commented on GitHub (Aug 20, 2020):

What shell are you using? zsh?

zsh, correct.

Did you add them to private-bin?

Yes, unless I did it incorrectly?
Just append too the private-bin line as done below, correct?

# Firejail profile for keepassxc
# Description: Cross Platform Password Manager
# This file is overwritten after every install/update
# Persistent local customizations
include keepassxc.local
# Persistent global definitions
include globals.local

noblacklist ${HOME}/*.kdb
noblacklist ${HOME}/*.kdbx
noblacklist ${HOME}/.config/keepassxc
noblacklist ${HOME}/.keepassxc
# 2.2.4 needs this path when compiled with "Native messaging browser extension"
noblacklist ${HOME}/.mozilla
noblacklist ${DOCUMENTS}

include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
include disable-xdg.inc

whitelist /usr/share/keepassxc
include whitelist-usr-share-common.inc
include whitelist-var-common.inc

caps.drop all
machine-id
net none
no3d
nodvd
# Breaks 'Lock database when session is locked or lid is closed' (#2899).
# Also breaks (Plasma) tray icon,
# you can safely uncomment it or add to keepassxc.local if you don't need these features.
#nodbus
nogroups
nonewprivs
noroot
nosound
notv
nou2f
novideo
protocol unix,netlink
seccomp !name_to_handle_at 
# shell none
tracelog

private-bin keepassxc,keepassxc-cli,keepassxc-proxy,zsh,bash,sh,which
private-dev
private-etc alternatives,fonts,ld.so.cache,machine-id
private-tmp

# Mutex is stored in /tmp by default, which is broken by private-tmp
join-or-start keepassxc

@seniorm0ment commented on GitHub (Aug 20, 2020): > What shell are you using? zsh? zsh, correct. > Did you add them to private-bin? Yes, unless I did it incorrectly? Just append too the `private-bin` line as done below, correct? ``` # Firejail profile for keepassxc # Description: Cross Platform Password Manager # This file is overwritten after every install/update # Persistent local customizations include keepassxc.local # Persistent global definitions include globals.local noblacklist ${HOME}/*.kdb noblacklist ${HOME}/*.kdbx noblacklist ${HOME}/.config/keepassxc noblacklist ${HOME}/.keepassxc # 2.2.4 needs this path when compiled with "Native messaging browser extension" noblacklist ${HOME}/.mozilla noblacklist ${DOCUMENTS} include disable-common.inc include disable-devel.inc include disable-exec.inc include disable-interpreters.inc include disable-passwdmgr.inc include disable-programs.inc include disable-xdg.inc whitelist /usr/share/keepassxc include whitelist-usr-share-common.inc include whitelist-var-common.inc caps.drop all machine-id net none no3d nodvd # Breaks 'Lock database when session is locked or lid is closed' (#2899). # Also breaks (Plasma) tray icon, # you can safely uncomment it or add to keepassxc.local if you don't need these features. #nodbus nogroups nonewprivs noroot nosound notv nou2f novideo protocol unix,netlink seccomp !name_to_handle_at # shell none tracelog private-bin keepassxc,keepassxc-cli,keepassxc-proxy,zsh,bash,sh,which private-dev private-etc alternatives,fonts,ld.so.cache,machine-id private-tmp # Mutex is stored in /tmp by default, which is broken by private-tmp join-or-start keepassxc ```

gitea-mirror commented

2026-05-05 08:55:16 -06:00

Author

Owner

@bbhtt commented on GitHub (Aug 20, 2020):

Commenting private-bin works?

@bbhtt commented on GitHub (Aug 20, 2020): Commenting `private-bin` works?

gitea-mirror commented

2026-05-05 08:55:16 -06:00

Author

Owner

@seniorm0ment commented on GitHub (Aug 20, 2020):

Commenting private-bin works?

Nope :/, same execvp: No such file or directory issue.

@seniorm0ment commented on GitHub (Aug 20, 2020): > Commenting `private-bin` works? Nope :/, same `execvp: No such file or directory` issue.

gitea-mirror commented

2026-05-05 08:55:17 -06:00

Author

Owner

@bbhtt commented on GitHub (Aug 20, 2020):

Calling it from a terminal $ keepassxc has the same effect with/without the two changes I said? or keeping shell none and private-bin commented: firejail --shell=/bin/zsh (or /bin/bash) --profile=keepassxc /usr/bin/keepassxc ?

@bbhtt commented on GitHub (Aug 20, 2020): Calling it from a terminal `$ keepassxc` has the same effect with/without the two changes I said? or keeping shell none and private-bin commented: `firejail --shell=/bin/zsh (or /bin/bash) --profile=keepassxc /usr/bin/keepassxc` ?

gitea-mirror commented

2026-05-05 08:55:17 -06:00

Author

Owner

@seniorm0ment commented on GitHub (Aug 20, 2020):

Calling it from a terminal $ keepassxc has the same effect with/without the two changes I said?

Correct, except one was the shell error, now it's just the execvp error after doing the changes.

firejail --shell=/bin/zsh (or /bin/bash) --profile=keepassxc /usr/bin/keepassxc

This give's me an invalid option --profile=firejailprofiledir after --join error

@seniorm0ment commented on GitHub (Aug 20, 2020): > Calling it from a terminal $ keepassxc has the same effect with/without the two changes I said? Correct, except one was the shell error, now it's just the `execvp` error after doing the changes. > `firejail --shell=/bin/zsh (or /bin/bash) --profile=keepassxc /usr/bin/keepassxc` This give's me an `invalid option --profile=firejailprofiledir after --join` error

gitea-mirror commented

2026-05-05 08:55:18 -06:00

Author

Owner

@bbhtt commented on GitHub (Aug 20, 2020):

The execvp is caused because shell none is commented, it should've been gone if the shell (bash,sh,zsh etc) was allowed in private-bin or private-bin was commented, I don't know why it is still gives the same error.

Your first error "shell none but no program" happens when you try firejail --profile=abcd <> without specifying an executable in "<>", I still don't know why after specifying keepassxc there, it occurs.

This give's me an invalid option --profile=firejailprofiledir after --join error

How did you run that?

Try clearing up the symlinks sudo firecfg --clean, followed by sudo firecfg, remove the keppassxc profile in config, followed by $ keepassxc on a terminal. What happens?

@bbhtt commented on GitHub (Aug 20, 2020): The `execvp` is caused because `shell none` is commented, it should've been gone if the shell (bash,sh,zsh etc) was allowed in private-bin or `private-bin` was commented, I don't know why it is still gives the same error. Your first error "shell none but no program" happens when you try `firejail --profile=abcd <>` without specifying an executable in "<>", I still don't know why after specifying keepassxc there, it occurs. > This give's me an invalid option --profile=firejailprofiledir after --join error How did you run that? Try clearing up the symlinks `sudo firecfg --clean`, followed by `sudo firecfg`, remove the keppassxc profile in config, followed by `$ keepassxc` on a terminal. What happens?

gitea-mirror commented

2026-05-05 08:55:18 -06:00

Author

Owner

@seniorm0ment commented on GitHub (Aug 20, 2020):

How did you run that?

I tried both firejail --shell=/bin/zsh --profile=keepassxc /usr/bin/keepassxc & firejail --shell=/bin/zsh (or /bin/bash) --profile=/home/gravity/.config/firejail/keepassxc.profile /usr/bin/keepassxc

Try clearing up the symlinkssudo firecfg --clean, followed by sudo firecfg, remove the keepassxc profile in config, followed by $keepassxc on a terminal. What happens?

Ran sudo firtecfg --clean, sudo firecfg, removed keepassxc from .config/firejail..

$ keepassxc
Reading profile /etc/firejail/keepassxc.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Switching to pid 4747, the first child process inside the sandbox
Child process initialized in 34.06 ms
Another instance of KeePassXC is already running.

$ killall keepassxc
$ firejail --list
4746:gravity:keepassxc:/usr/bin/firejail /usr/bin/keepassxc
13945:gravity::/usr/bin/firejail /usr/bin/telegram-desktop
20536:gravity::/usr/bin/firejail /usr/bin/firefox

$ kill 4746
$ firejail --list
13945:gravity::/usr/bin/firejail /usr/bin/telegram-desktop
20536:gravity::/usr/bin/firejail /usr/bin/firefox

$ keepassxc

Now it works right there, although there are a ton of warnings and errors in the output.

$ keepassxc
Reading profile /etc/firejail/keepassxc.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 17162, child pid 17163
Warning: skipping alternatives for private /etc
Private /etc installed in 14.06 ms
3 programs installed in 506.51 ms
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Blacklist violations are logged to syslog
Post-exec seccomp protector enabled
Seccomp list in: !name_to_handle_at, check list: @default-keep, prelist: unknown,
Child process initialized in 640.13 ms
libGL error: MESA-LOADER: failed to retrieve device information
libGL error: Version 4 or later of flush extension not found
libGL error: failed to load driver: i915
libGL error: failed to open /dev/dri/card0: No such file or directory
libGL error: failed to load driver: i965

@seniorm0ment commented on GitHub (Aug 20, 2020): > How did you run that? I tried both `firejail --shell=/bin/zsh --profile=keepassxc /usr/bin/keepassxc` & `firejail --shell=/bin/zsh (or /bin/bash) --profile=/home/gravity/.config/firejail/keepassxc.profile /usr/bin/keepassxc` > Try clearing up the symlinks`sudo firecfg --clean`, followed by `sudo firecfg`, remove the `keepassxc` profile in config, followed by `$keepassxc` on a terminal. What happens? Ran `sudo firtecfg --clean`, `sudo firecfg`, removed `keepassxc` from `.config/firejail`.. ``` $ keepassxc Reading profile /etc/firejail/keepassxc.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Switching to pid 4747, the first child process inside the sandbox Child process initialized in 34.06 ms Another instance of KeePassXC is already running. $ killall keepassxc $ firejail --list 4746:gravity:keepassxc:/usr/bin/firejail /usr/bin/keepassxc 13945:gravity::/usr/bin/firejail /usr/bin/telegram-desktop 20536:gravity::/usr/bin/firejail /usr/bin/firefox $ kill 4746 $ firejail --list 13945:gravity::/usr/bin/firejail /usr/bin/telegram-desktop 20536:gravity::/usr/bin/firejail /usr/bin/firefox $ keepassxc ``` Now **it works right there**, although there are a ton of warnings and errors in the output. ``` $ keepassxc Reading profile /etc/firejail/keepassxc.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 17162, child pid 17163 Warning: skipping alternatives for private /etc Private /etc installed in 14.06 ms 3 programs installed in 506.51 ms Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Blacklist violations are logged to syslog Post-exec seccomp protector enabled Seccomp list in: !name_to_handle_at, check list: @default-keep, prelist: unknown, Child process initialized in 640.13 ms libGL error: MESA-LOADER: failed to retrieve device information libGL error: Version 4 or later of flush extension not found libGL error: failed to load driver: i915 libGL error: failed to open /dev/dri/card0: No such file or directory libGL error: failed to load driver: i965 ```

gitea-mirror commented

2026-05-05 08:55:19 -06:00

Author

Owner

@bbhtt commented on GitHub (Aug 21, 2020):

The warnings are harmless,it's because 3d drivers are blocked by "no3d",you don't need 3d drivers unless it's a game or a video player etc.

@bbhtt commented on GitHub (Aug 21, 2020): The warnings are harmless,it's because 3d drivers are blocked by "no3d",you don't need 3d drivers unless it's a game or a video player etc.

gitea-mirror commented

2026-05-05 08:55:19 -06:00

Author

Owner

@seniorm0ment commented on GitHub (Aug 21, 2020):

Alright understood, not sure exactly what broke or what happened but seems to still be working. Thank you.
That just brings me back to the previous issue I left off on, which was getting KeepassXC to follow my BSPC (BSPWM) rule to open to Desktop 10. Still haven't figured that out, if anyone ends up figuring it out please let me know.

@seniorm0ment commented on GitHub (Aug 21, 2020): Alright understood, not sure exactly what broke or what happened but seems to still be working. Thank you. That just brings me back to the previous issue I left off on, which was getting KeepassXC to follow my BSPC (BSPWM) rule to open to Desktop 10. Still haven't figured that out, if anyone ends up figuring it out please let me know.

gitea-mirror commented

2026-05-05 08:55:20 -06:00

Author

Owner

@bbhtt commented on GitHub (Aug 21, 2020):

Is it a shell script? I think,for a script to execute itself we need to add shell to private-bin,ignore noexec ${HOME},the program that executes the script(part of your WM) and how it is executed,a noblacklist and a whitelist (if needed). If noprofile fails it's hard.

An example program that follows the rule when firejailed?

@bbhtt commented on GitHub (Aug 21, 2020): Is it a shell script? I think,for a script to execute itself we need to add shell to private-bin,ignore noexec ${HOME},the program that executes the script(part of your WM) and how it is executed,a noblacklist and a whitelist (if needed). If noprofile fails it's hard. An example program that follows the rule when firejailed?

gitea-mirror commented

2026-05-05 08:55:20 -06:00

Author

Owner

@seniorm0ment commented on GitHub (Aug 21, 2020):

Is it a shell script?

Yeah, the BSPWMRC is a shell script.

I think,for a script to execute itself we need to add shell to private-bin,ignore noexec ${HOME},the program that executes the script(part of your WM) and how it is executed,a noblacklist and a whitelist (if needed). If noprofile fails it's hard.

You lost me a bit,

so I would need to add shell to private-bin or zsh to private-bin? are you also suggesting changing shell none line to shell zsh?
ignore noexec ${HOME}/.config/bspwm/bspwmrc
noblacklist ${HOME}/.config/bspwm/bspwmrc
whitelist ${HOME}/.config/bspwm/bspwmrc

If noprofile fails it's hard.

I'm confused what you mean by this?

An example program that follows the rule when firejailed?

What exactly are you asking for here?

# Firejail profile for keepassxc
# Description: Cross Platform Password Manager
# This file is overwritten after every install/update
# Persistent local customizations
include keepassxc.local
# Persistent global definitions
include globals.local

noblacklist ${HOME}/*.kdb
noblacklist ${HOME}/*.kdbx
noblacklist ${HOME}/.config/keepassxc
noblacklist ${HOME}/.keepassxc
# 2.2.4 needs this path when compiled with "Native messaging browser extension"
noblacklist ${HOME}/.mozilla
noblacklist ${DOCUMENTS}
noblacklist ${HOME}/.config/bspwm

include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
include disable-xdg.inc

whitelist /usr/share/keepassxc
whitelist ${HOME}/.config/bspwm
include whitelist-usr-share-common.inc
include whitelist-var-common.inc

ignore noexec ${HOME}/.config/bspwm/bspwmrc

caps.drop all
machine-id
net none
no3d
nodvd
# Breaks 'Lock database when session is locked or lid is closed' (#2899).
# Also breaks (Plasma) tray icon,
# you can safely uncomment it or add to keepassxc.local if you don't need these features.
#nodbus
nogroups
nonewprivs
noroot
nosound
notv
nou2f
novideo
protocol unix,netlink
seccomp !name_to_handle_at
shell none
tracelog

private-bin keepassxc,keepassxc-cli,keepassxc-proxy,zsh
private-dev
private-etc alternatives,fonts,ld.so.cache,machine-id
private-tmp

# Mutex is stored in /tmp by default, which is broken by private-tmp
join-or-start keepassxc

$ keepassxc
Reading profile /home/gravity/.config/firejail/keepassxc.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 24433, child pid 24434
Warning: skipping alternatives for private /etc
Private /etc installed in 12.33 ms
4 programs installed in 40.83 ms
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Blacklist violations are logged to syslog
Post-exec seccomp protector enabled
Seccomp list in: !name_to_handle_at, check list: @default-keep, prelist: unknown,
Child process initialized in 153.59 ms
libGL error: MESA-LOADER: failed to retrieve device information
libGL error: Version 4 or later of flush extension not found
libGL error: failed to load driver: i915
libGL error: failed to open /dev/dri/card0: No such file or directory
libGL error: failed to load driver: i965

With this config, keepassxc opens, but it is not my keepassxc. It seems like a completely uncustomized fresh keepassxc. Also it does not follow the rule to send to desktop 10 still. Hmm..

@seniorm0ment commented on GitHub (Aug 21, 2020): > Is it a shell script? Yeah, the BSPWMRC is a shell script. > I think,for a script to execute itself we need to add shell to private-bin,ignore noexec ${HOME},the program that executes the script(part of your WM) and how it is executed,a noblacklist and a whitelist (if needed). If noprofile fails it's hard. You lost me a bit, - so I would need to add `shell` to `private-bin` or `zsh` to `private-bin`? are you also suggesting changing `shell none` line to `shell zsh`? - `ignore noexec ${HOME}/.config/bspwm/bspwmrc` - `noblacklist ${HOME}/.config/bspwm/bspwmrc` - `whitelist ${HOME}/.config/bspwm/bspwmrc` > If noprofile fails it's hard. I'm confused what you mean by this? > An example program that follows the rule when firejailed? What exactly are you asking for here? ``` # Firejail profile for keepassxc # Description: Cross Platform Password Manager # This file is overwritten after every install/update # Persistent local customizations include keepassxc.local # Persistent global definitions include globals.local noblacklist ${HOME}/*.kdb noblacklist ${HOME}/*.kdbx noblacklist ${HOME}/.config/keepassxc noblacklist ${HOME}/.keepassxc # 2.2.4 needs this path when compiled with "Native messaging browser extension" noblacklist ${HOME}/.mozilla noblacklist ${DOCUMENTS} noblacklist ${HOME}/.config/bspwm include disable-common.inc include disable-devel.inc include disable-exec.inc include disable-interpreters.inc include disable-passwdmgr.inc include disable-programs.inc include disable-xdg.inc whitelist /usr/share/keepassxc whitelist ${HOME}/.config/bspwm include whitelist-usr-share-common.inc include whitelist-var-common.inc ignore noexec ${HOME}/.config/bspwm/bspwmrc caps.drop all machine-id net none no3d nodvd # Breaks 'Lock database when session is locked or lid is closed' (#2899). # Also breaks (Plasma) tray icon, # you can safely uncomment it or add to keepassxc.local if you don't need these features. #nodbus nogroups nonewprivs noroot nosound notv nou2f novideo protocol unix,netlink seccomp !name_to_handle_at shell none tracelog private-bin keepassxc,keepassxc-cli,keepassxc-proxy,zsh private-dev private-etc alternatives,fonts,ld.so.cache,machine-id private-tmp # Mutex is stored in /tmp by default, which is broken by private-tmp join-or-start keepassxc ``` ``` $ keepassxc Reading profile /home/gravity/.config/firejail/keepassxc.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 24433, child pid 24434 Warning: skipping alternatives for private /etc Private /etc installed in 12.33 ms 4 programs installed in 40.83 ms Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Blacklist violations are logged to syslog Post-exec seccomp protector enabled Seccomp list in: !name_to_handle_at, check list: @default-keep, prelist: unknown, Child process initialized in 153.59 ms libGL error: MESA-LOADER: failed to retrieve device information libGL error: Version 4 or later of flush extension not found libGL error: failed to load driver: i915 libGL error: failed to open /dev/dri/card0: No such file or directory libGL error: failed to load driver: i965 ``` With this config, keepassxc opens, but it is not my keepassxc. It seems like a completely uncustomized fresh keepassxc. Also it does not follow the rule to send to desktop 10 still. Hmm..

gitea-mirror commented

2026-05-05 08:55:20 -06:00

Author

Owner

@bbhtt commented on GitHub (Aug 21, 2020):

If --noprofile fails it is hard to follow the config,I meant is there any program that follows the BSPWM rules when firejailed?

~~Two posts above it was reading the profile in /etc/firejail, how is it now reading /home/gravity/.config/firejail/keepassxc.profile?~~

Nevermind I saw the change you made: Don't add the whitelist bspwm else you would need to whitelist every directory in the noblacklist secition of the profile. Also this is not needed since there is no corresponding blacklist of it noblacklist ${HOME}/.config/bspwm...

@bbhtt commented on GitHub (Aug 21, 2020): If `--noprofile` fails it is hard to follow the config,I meant is there any program that follows the BSPWM rules when firejailed? <s>Two posts above it was reading the profile in `/etc/firejail`, how is it now reading `/home/gravity/.config/firejail/keepassxc.profile`?</s> Nevermind I saw the change you made: Don't add the whitelist bspwm else you would need to whitelist every directory in the noblacklist secition of the profile. Also this is not needed since there is no corresponding blacklist of it `noblacklist ${HOME}/.config/bspwm`...

gitea-mirror commented

2026-05-05 08:55:21 -06:00

Author

Owner

@seniorm0ment commented on GitHub (Aug 21, 2020):

If --noprofile fails it is hard to follow the config,I meant is there any program that follows the BSPWM rules when firejailed?

Ah, yeah Telegram and Firefox follow it no issue

# Firejail profile for telegram
# This file is overwritten after every install/update
# Persistent local customizations
include telegram.local
# Persistent global definitions
include globals.local

noblacklist ${HOME}/.TelegramDesktop
noblacklist ${HOME}/.local/share/TelegramDesktop
noblacklist ${HOME}/documents
noblacklist ${HOME}/pictures
noblacklist ${HOME}/downloads

include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-programs.inc

caps.drop all
netfilter
nodvd
nonewprivs
noroot
notv
protocol unix,inet,inet6
seccomp

disable-mnt
private-cache
private-tmp

That's the telegram profile.

Don't add the whitelist bspwm else you would need to whitelist every directory in the noblacklist secition of the profile.

Ok, I removed the whitelist line, it fixed the issue with Keepassxc opening fresh, and now seems to be my config. It still does not seem to want to follow the bspwmrc rule though.

@seniorm0ment commented on GitHub (Aug 21, 2020): > If `--noprofile` fails it is hard to follow the config,I meant is there any program that follows the BSPWM rules when firejailed? Ah, yeah Telegram and Firefox follow it no issue ``` # Firejail profile for telegram # This file is overwritten after every install/update # Persistent local customizations include telegram.local # Persistent global definitions include globals.local noblacklist ${HOME}/.TelegramDesktop noblacklist ${HOME}/.local/share/TelegramDesktop noblacklist ${HOME}/documents noblacklist ${HOME}/pictures noblacklist ${HOME}/downloads include disable-common.inc include disable-devel.inc include disable-exec.inc include disable-interpreters.inc include disable-programs.inc caps.drop all netfilter nodvd nonewprivs noroot notv protocol unix,inet,inet6 seccomp disable-mnt private-cache private-tmp ``` That's the telegram profile. > Don't add the whitelist bspwm else you would need to whitelist every directory in the noblacklist secition of the profile. Ok, I removed the whitelist line, it fixed the issue with Keepassxc opening fresh, and now seems to be my config. It still does not seem to want to follow the bspwmrc rule though.

gitea-mirror commented

2026-05-05 08:55:21 -06:00

Author

Owner

@bbhtt commented on GitHub (Aug 21, 2020):

Comment out private-bin and check. Is bspc monitor an executable, meaning you can execute it in a terminal?

When you said

Hmm, disabling any of those plus the others didn't seem to fix it.

did you comment all options in the profile? If that's the case, there isn't much we can do to make it follow the desktop rule, sorry. You can try switching your shell to bash to see if anything changes...

Remove these: noblacklist ${HOME}/.config/bspwm,whitelist ${HOME}/.config/bspwm, ignore noexec ${HOME}/.config/bspwm/bspwmrc, (zsh from private-bin for now since shell none is set we don't need it) from your profile in config directory that's not how they work.

@bbhtt commented on GitHub (Aug 21, 2020): Comment out `private-bin` and check. Is `bspc monitor` an executable, meaning you can execute it in a terminal? When you said > Hmm, disabling any of those plus the others didn't seem to fix it. did you comment all options in the profile? If that's the case, there isn't much we can do to make it follow the desktop rule, sorry. You can try switching your shell to bash to see if anything changes... Remove these: `noblacklist ${HOME}/.config/bspwm,whitelist ${HOME}/.config/bspwm, ignore noexec ${HOME}/.config/bspwm/bspwmrc`, (`zsh` from `private-bin` for now since `shell none` is set we don't need it) from your profile in config directory that's not how they work.

gitea-mirror commented

2026-05-05 08:55:22 -06:00

Author

Owner

@seniorm0ment commented on GitHub (Aug 21, 2020):

Comment out private-bin and check.

Is bspc monitor an executable, meaning you can execute it in a terminal?
bspc rule (bspc rule -a keepassxc desktop='^10' follow=on focus=on ) is a rule for BSPWM. BSPWMRC is the actual executable shell script to configure BSPWM window manager.

Hmm, disabling any of those plus the others didn't seem to fix it.
did you comment all options in the profile?

I assume you mean these?

machine-id, private-etc, net none, protocol

Just tried commenting them, did not fix it.

You can try switching your shell to bash to see if anything changes

Didn't do anything.

Remove these: noblacklist ${HOME}/.config/bspwm,whitelist ${HOME}/.config/bspwm, ignore noexec ${HOME}/.config/bspwm/bspwmrc, (zsh from private-bin for now since shell none is set we don't need it) from your profile in config directory that's not how they work.

Alright, removed. I thought you were suggesting to add them which is why I did. Now we're pretty much back where we were. Keepassxc still launches fine, just doesn't follow the bspwm rules ofc.

If that's the case, there isn't much we can do to make it follow the desktop rule, sorry.

Does it make any sense that I don't have issues with Telegram or Firefox following the rules? It just seems to be KeepassXC?

@seniorm0ment commented on GitHub (Aug 21, 2020): > Comment out `private-bin` and check. > Is `bspc monitor` an executable, meaning you can execute it in a terminal? bspc rule (`bspc rule -a keepassxc desktop='^10' follow=on focus=on `) is a rule for BSPWM. BSPWMRC is the actual executable shell script to configure BSPWM window manager. > > Hmm, disabling any of those plus the others didn't seem to fix it. > did you comment all options in the profile? I assume you mean these? > `machine-id`, `private-etc`, `net none`, `protocol` Just tried commenting them, did not fix it. > You can try switching your shell to bash to see if anything changes Didn't do anything. > Remove these: `noblacklist ${HOME}/.config/bspwm,whitelist ${HOME}/.config/bspwm, ignore noexec ${HOME}/.config/bspwm/bspwmrc`, (`zsh` from `private-bin` for now since `shell none` is set we don't need it) from your profile in config directory that's not how they work. Alright, removed. I thought you were suggesting to add them which is why I did. Now we're pretty much back where we were. Keepassxc still launches fine, just doesn't follow the bspwm rules ofc. > If that's the case, there isn't much we can do to make it follow the desktop rule, sorry. Does it make any sense that I don't have issues with Telegram or Firefox following the rules? It just seems to be KeepassXC?

gitea-mirror commented

2026-05-05 08:55:22 -06:00

Author

Owner

@bbhtt commented on GitHub (Aug 21, 2020):

I assume you mean these?

Not only those three, when rusty-snake asked you to comment the profile, it was the whole profile, meaning each line, like brute force the line(s) that might cause the issue, those three were examples... Ideally you don't need to touch the noblacklist and include lines in this brute-force, the last-section of private-* (bin was most likely, but it was not) and the middle part.

Alright, removed. I thought you were suggesting to add them which is why I did. Now we're pretty much back where we were. Keepassxc still launches fine, just doesn't follow the bspwm rules ofc.

I meant it could be a possibility that we need to do those, that's why I asked you to show me another profile that's working under bspwm... since they were not needed anymore I told you to remove them. And not having shell is better than having it in private-bin security-wise

@bbhtt commented on GitHub (Aug 21, 2020): > I assume you mean these? Not only those three, when rusty-snake asked you to comment the profile, it was the whole profile, meaning each line, like *brute force* the _line(s)_ that might cause the issue, those three were examples... Ideally you don't need to touch the noblacklist and include lines in this brute-force, the last-section of `private-*` (bin was most likely, but it was not) and the middle part. > Alright, removed. I thought you were suggesting to add them which is why I did. Now we're pretty much back where we were. Keepassxc still launches fine, just doesn't follow the bspwm rules ofc. I meant it could be a possibility that we need to do those, that's why I asked you to show me another profile that's working under bspwm... since they were not needed anymore I told you to remove them. And not having shell is better than having it in `private-bin` security-wise

gitea-mirror commented

2026-05-05 08:55:23 -06:00

Author

Owner

@seniorm0ment commented on GitHub (Aug 21, 2020):

Not only those three, when rusty-snake asked you to comment the profile, it was the whole profile, meaning each line, like brute force the line(s) that might cause the issue, those three were examples... Ideally you don't need to touch the noblacklist and include lines in this brute-force, the last-section of private-* (bin was most likely, but it was not) and the middle part.

Ah okay, my misunderstanding. I'll try it when I get home in a bit and report back.

I meant it could be a possibility that we need to do those, that's why I asked you to show me another profile that's working under bspwm...

Which I did, I sent the Telegram profile above.

@seniorm0ment commented on GitHub (Aug 21, 2020): > Not only those three, when rusty-snake asked you to comment the profile, it was the whole profile, meaning each line, like brute force the line(s) that might cause the issue, those three were examples... Ideally you don't need to touch the noblacklist and include lines in this brute-force, the last-section of private-* (bin was most likely, but it was not) and the middle part. Ah okay, my misunderstanding. I'll try it when I get home in a bit and report back. > I meant it could be a possibility that we need to do those, that's why I asked you to show me another profile that's working under bspwm... Which I did, I sent the Telegram profile above.

gitea-mirror commented

2026-05-05 08:55:23 -06:00

Author

Owner

@rusty-snake commented on GitHub (Oct 1, 2020):

still need help?

@rusty-snake commented on GitHub (Oct 1, 2020): still need help?

gitea-mirror commented

2026-05-05 08:55:24 -06:00

Author

Owner

@seniorm0ment commented on GitHub (Oct 2, 2020):

With KeepassXC working no, however getting the window to open on workspace number in bsowm still having issues, i can't remember if I tried the last method I left off here, think I forgot otherwise I would've responded. I'll try sometime this week.

@seniorm0ment commented on GitHub (Oct 2, 2020): With KeepassXC working no, however getting the window to open on workspace number in bsowm still having issues, i can't remember if I tried the last method I left off here, think I forgot otherwise I would've responded. I'll try sometime this week.

Rows
Columns

[GH-ISSUE #3549] keepassxc: program does not start on BSPWM #2228