[GH-ISSUE #5929] keepassxc: dbus: D-Bus library appears to be incorrectly set up #3134

New issue

Open

opened 2026-05-05 09:46:13 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented

2026-05-05 09:46:13 -06:00

Owner

Originally created by @Beneter on GitHub (Jul 29, 2023).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5929

Description

It seems that there is a regression in keepassxc.profile. After updating from firejail to firejail-git in Arch I receive the following error:
D-Bus library appears to be incorrectly set up: see the manual page for dbus-uuidgen to correct this issue. (Failed to open "/var/lib/dbus/machine-id": [...] Failed to open "/etc/machine-id": [...])

Potential Fix

When adding private-etc machine-id to keepassxc.local it is working fine. This was already fixed in #1637.
I am not providing a PR, as I am unaware if this fix should be applied at some common level instead.

Environment

Arch Linux
Firejail version 0.9.72.r9566.bf8229dde
Commit: ec657007b0b347afb48715c6ddfff3174431232a
Wayland
ZFS

Checklist

The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
~~I can reproduce the issue without custom modifications (e.g. globals.local).~~ Did not try
The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
The profile (and redirect profile if exists) hasn't already been fixed upstream.
I have performed a short search for similar issues (to avoid opening a duplicate).
- I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of firejail /path/to/program

Reading profile /etc/firejail/keepassxc.profile
Reading profile /etc/firejail/keepassxc.local
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/globals.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-shell.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-run-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Reading profile /etc/firejail/whitelist-var-common.local
firejail version 0.9.73

Seccomp list in: !name_to_handle_at, check list: @default-keep, prelist: unknown,
Parent pid 850221, child pid 850225
3 programs installed in 48.96 ms
Private /etc installed in 12.62 ms
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: not remounting /run/user/1000/doc
Seccomp list in: !name_to_handle_at, check list: @default-keep, prelist: unknown,
Child process initialized in 300.34 ms
QSocketNotifier: Can only be used with threads started with QThread
dbus[21]: D-Bus library appears to be incorrectly set up: see the manual page for dbus-uuidgen to correct this issue. (Failed to open "/var/lib/dbus/machine-id": Datei oder Verzeichnis nicht gefunden; Failed to open "/etc/machine-id": Datei oder Verzeichnis nicht gefunden)
  D-Bus not built with -rdynamic so unable to print a backtrace

Parent is shutting down, bye...

Originally created by @Beneter on GitHub (Jul 29, 2023). Original GitHub issue: https://github.com/netblue30/firejail/issues/5929 ### Description It seems that there is a regression in keepassxc.profile. After updating from firejail to firejail-git in Arch I receive the following error: `D-Bus library appears to be incorrectly set up: see the manual page for dbus-uuidgen to correct this issue. (Failed to open "/var/lib/dbus/machine-id": [...] Failed to open "/etc/machine-id": [...])` ### Potential Fix When adding `private-etc machine-id` to `keepassxc.local` it is working fine. This was already fixed in #1637. I am not providing a PR, as I am unaware if this fix should be applied at some common level instead. ### Environment - Arch Linux - Firejail version 0.9.72.r9566.bf8229dde - Commit: ec657007b0b347afb48715c6ddfff3174431232a - Wayland - ZFS ### Checklist - [X] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [ ] ~I can reproduce the issue without custom modifications (e.g. globals.local).~ Did not try - [X] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [X] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [X] I have performed a short search for similar issues (to avoid opening a duplicate). - [X] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [X] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages) ### Log <details> <summary>Output of <code>firejail /path/to/program</code></summary> <p> ``` Reading profile /etc/firejail/keepassxc.profile Reading profile /etc/firejail/keepassxc.local Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/globals.local Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-shell.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-run-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Reading profile /etc/firejail/whitelist-var-common.local firejail version 0.9.73 Seccomp list in: !name_to_handle_at, check list: @default-keep, prelist: unknown, Parent pid 850221, child pid 850225 3 programs installed in 48.96 ms Private /etc installed in 12.62 ms Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Warning: not remounting /run/user/1000/doc Seccomp list in: !name_to_handle_at, check list: @default-keep, prelist: unknown, Child process initialized in 300.34 ms QSocketNotifier: Can only be used with threads started with QThread dbus[21]: D-Bus library appears to be incorrectly set up: see the manual page for dbus-uuidgen to correct this issue. (Failed to open "/var/lib/dbus/machine-id": Datei oder Verzeichnis nicht gefunden; Failed to open "/etc/machine-id": Datei oder Verzeichnis nicht gefunden) D-Bus not built with -rdynamic so unable to print a backtrace Parent is shutting down, bye... ``` </p> </details>

gitea-mirror commented

2026-05-05 09:46:15 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jul 29, 2023):

Known bug with QT DBus library. Was reintroduced with 5d0822c52. Better fix with etc groups would be private-etc @x11.

@rusty-snake commented on GitHub (Jul 29, 2023): Known bug with QT DBus library. Was reintroduced with 5d0822c52. Better fix with etc groups would be `private-etc @x11`.

gitea-mirror commented

2026-05-05 09:46:16 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jul 29, 2023):

5d0822c changed more profiles from private-etc ...,machine-id,... to a line that does not include x11. Even if the profile sets nosound.

@rusty-snake commented on GitHub (Jul 29, 2023): 5d0822c changed more profiles from `private-etc ...,machine-id,...` to a line that does not include x11. Even if the profile sets `nosound`.