Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: KeePassXC & FireJail suddenly began conflicting in my Tower.

  1. #1
    Join Date
    Jun 2017
    Location
    Australia
    Posts
    582

    Question KeePassXC & FireJail suddenly began conflicting in my Tower.

    I use FireJail ["FJ"] to sandbox many of my regular programs. It worked well for me in Mint KDE & Maui prior to changing to openSUSE Tumbleweed, & it also has been working well for me in oS TW., until a few weeks ago. Since then, all but one program continue to work correctly with FJ, in both my PCs. However suddenly, for no reason i've yet determined, a few weeks ago one specific pgm stopped working with FJ... but only in my Tower [it continues to be fine in my Lappy]. That pgm is KeePassXC ["KP"].

    KP continues to work fine in Tower if i run it naked, ie, not in FJ. For the past few weeks though, it no longer launches with my usual custom FJ launcher. Konsole reveals what happens:
    Code:
    gooeygirl@linux-Tower:~> firejail --protocol=unix -- keepassxc
    Reading profile /etc/firejail/keepassxc.profile
    Reading profile /etc/firejail/disable-common.inc
    Reading profile /etc/firejail/disable-programs.inc
    Reading profile /etc/firejail/disable-devel.inc
    Reading profile /etc/firejail/disable-passwdmgr.inc
    Warning: a protocol list is present, the new list "unix" will not be installed
    Parent pid 16689, child pid 16690
    Child process initialized in 45.22 ms
    process 6: D-Bus library appears to be incorrectly set up; failed to read machine uuid: Failed to open "/etc/machine-id": No such file or directory
    See the manual page for dbus-uuidgen to correct this issue.
      D-Bus not built with -rdynamic so unable to print a backtrace
    
    
    Parent is shutting down, bye...
    gooeygirl@linux-Tower:~>
    In comparison, this is what correct operation looks like [this comes from one of my TW VMs, but is how my Tower itself also used to behave (btw, the green text is NOT a real error; it denotes no internet access, which is the whole point of using the "protocol=unix" option)]:
    Code:
    gooeygirl@linux-bgps:~> firejail --protocol=unix -- keepassxc
    Reading profile /etc/firejail/keepassxc.profile
    Reading profile /etc/firejail/disable-common.inc
    Reading profile /etc/firejail/disable-programs.inc
    Reading profile /etc/firejail/disable-devel.inc
    Reading profile /etc/firejail/disable-passwdmgr.inc
    Warning: a protocol list is present, the new list "unix" will not be installed
    Parent pid 19039, child pid 19040
    Child process initialized in 17.43 ms
    Qt: Session management error: Could not open network socket
    
    
    Parent is shutting down, bye...
    gooeygirl@linux-bgps:~>
    Omitting the unix option does not help. Removing & reinstalling FJ & KP does not help.

    I tried to investigate the red [= my colouring, above, for simple clarity in this post] error message's information, but did not get anywhere:
    1. " "/etc/machine-id": No such file or directory" --> is incorrect; this file does exist, & still has correct root ownership & permissions [-rw-rw-rw-].
    2. I looked at "man dbus-uuidgen". I took note of:

    Code:
    The primary usage of dbus-uuidgen is to run in the post-install script of a D-Bus package like this:
    
    
                 dbus-uuidgen --ensure
    
    
           This will ensure that /var/lib/dbus/machine-id exists and has the uuid in it. It won't overwrite an existing uuid, since this id should remain fixed for a single machine until the next reboot at least.
    
    OPTIONS
    --ensure[=FILENAME]
               If a filename is not given, defaults to localstatedir/lib/dbus/machine-id (localstatedir is usually /var). If this file exists then it will be
               validated, and a failure code returned if it contains the wrong thing. If the file does not exist, it will be created with a new uuid in it. On
               success, prints no output.
    
    I visually confirmed that /var/lib/dbus/machine-id does also exist [& with correct root ownership], indeed it is merely a symlink back to /etc/machine-id. Disbelieving it would help, i executed dbus-uuidgen --ensure ... it returned nothing, which according to the man-page is supposedly good news.

    I have nothing else to try, no idea why this fault arose, its root cause, nor how to fix it.

    Does anyone have any suggestions please?

  2. #2
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    26,650
    Blog Entries
    15

    Default Re: KeePassXC & FireJail suddenly began conflicting in my Tower.

    Hi
    Since the version is a few releases old in the Virtualization repo (0.9.44.4), suggest you contact the maintainer (email in link) and ask if when they have a spare moment to upgrade to the latest release 0.9.48....
    https://build.opensuse.org/package/v...anges?expand=1
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  3. #3
    Join Date
    Jun 2017
    Location
    Australia
    Posts
    582

    Default Re: KeePassXC & FireJail suddenly began conflicting in my Tower.

    Quote Originally Posted by malcolmlewis View Post
    Hi
    Since the version is a few releases old in the Virtualization repo (0.9.44.4), suggest you contact the maintainer (email in link) and ask if when they have a spare moment to upgrade to the latest release 0.9.48....
    https://build.opensuse.org/package/v...anges?expand=1
    Oh, no -- i don't use it from oS repos, i only get it from the FJ website. Hence, my one is already [& has been for quite a while]:
    Code:
    gooeygirl@linux-Tower:~> zypper info firejail
    Loading repository data...
    Reading installed packages...
    
    
    
    
    Information for package firejail:
    ---------------------------------
    Repository     : My_openSUSE_Repo               
    Name           : firejail                       
    Version        : 0.9.48-1                       
    Arch           : x86_64                         
    Vendor         :                                
    Installed Size : 850.7 KiB                      
    Installed      : Yes                            
    Status         : up-to-date                     
    Source package : firejail-0.9.48-1.src          
    Summary        : Linux namepaces sandbox program
    Description    :                                
        Firejail  is  a  SUID sandbox program that reduces the risk of security
        breaches by restricting the running environment of untrusted applications
        using Linux namespaces. It includes a sandbox profile for Mozilla Firefox.                                                                                   
                                                                                                                                                                     
    gooeygirl@linux-Tower:~>

  4. #4
    Join Date
    Nov 2009
    Location
    West Virginia Sector 13
    Posts
    15,699

    Default Re: KeePassXC & FireJail suddenly began conflicting in my Tower.

    Maybe try the one in the repo even if a few versions old.

  5. #5
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    26,650
    Blog Entries
    15

    Default Re: KeePassXC & FireJail suddenly began conflicting in my Tower.

    Quote Originally Posted by GooeyGirl View Post
    Oh, no -- i don't use it from oS repos, i only get it from the FJ website. Hence, my one is already [& has been for quite a while]:
    Code:
    gooeygirl@linux-Tower:~> zypper info firejail
    Loading repository data...
    Reading installed packages...
    
    
    
    
    Information for package firejail:
    ---------------------------------
    Repository     : My_openSUSE_Repo               
    Name           : firejail                       
    Version        : 0.9.48-1                       
    Arch           : x86_64                         
    Vendor         :                                
    Installed Size : 850.7 KiB                      
    Installed      : Yes                            
    Status         : up-to-date                     
    Source package : firejail-0.9.48-1.src          
    Summary        : Linux namepaces sandbox program
    Description    :                                
        Firejail  is  a  SUID sandbox program that reduces the risk of security
        breaches by restricting the running environment of untrusted applications
        using Linux namespaces. It includes a sandbox profile for Mozilla Firefox.                                                                                   
                                                                                                                                                                     
    gooeygirl@linux-Tower:~>
    Hi
    Ahhh, well it maybe something to raise there.... do they support Tumbleweed?

    As suggested try the one from the openSUSE repo and ask for an update.
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  6. #6
    Join Date
    Jun 2017
    Location
    Australia
    Posts
    582

    Default Re: KeePassXC & FireJail suddenly began conflicting in my Tower.

    Thank you both. I have now emailed Takashi-san about possibly bringing the latest versions [FJ & FireTools] into the oS repos. I also asked for any thoughts about the possible root cause & solutions, with reference to this thread.

    Regarding the suggestions / recommendations you both made about me trying the old FJ version per the repos, if all other options become eliminated then i might do that, but for now i haven't*. Given your remarks, i wish to offer this clarification: logically [at least, as it seems to me], it can't simply be a problem that my FJ version 0.9.48-1 is incompatible with Tumbleweed per se, &/or is incompatible with KeePassXC, given that for several weeks they were working very nicely together on Tower, & are still working nicely together on Lappy [same TW snapshot].

    *There have been very many bugfixes & major functionality improvements in Fj from 0.9.44 to 0.9.48, such that it's my judgement that even if FJ .44 were to be ok with Tower's KP [which based on my info above is a nebulous proposition], i would be incurring a system-wide deterioration of FJ's efficacy overall & with all my other pgms i use with FJ specifically, all for the sake of a single pgm. Conversely, if i continue using the curent FJ .48, i retain all the system-wide benefits at the [admittedly disappointing] disadvantage of having to run KP "naked". I wanted to explain my logic to you given i would not want you to feel i was obstinately rejecting your advice just to be aggravating [which i unwittingly might well be, but that's not my intention at all].

    If / depending on any feedback from Takashi-san, i might post this problem on the FJ Dev's website for direct advice [but at the moment it's entirely unclear to me if this is a FJ problem, a KP problem, or a TW problem].

    Additionally, as soon as i get a chance, i am going to test [in a TW VM, not initially in Tower's "real" TW] what happens if i were to delete both /etc/machine-id and /var/lib/dbus/machine-id, then execute dbus-uuidgen --ensure. I will create that VM's TW to mimic my real one, ie, same file-systems, & same encrypted /home & swap... i am interested to see if those IDs somehow tie-in to the encryption, because if they do, & i subsequently delete & create them anew, i wonder if that might render /home unable to be decrypted on login... so i certainly don't want to try that cold on Tower's real TW without first knowing.

  7. #7
    Join Date
    Jun 2017
    Location
    Australia
    Posts
    582

    Default Re: KeePassXC & FireJail suddenly began conflicting in my Tower.

    Unfortunately, no joy with the overnight reply from Takashi-san:
    > 1. Would it be possible please for you to incorporate the /latest/ versions of *FireJail* & *FireTools* in the openSUSE Tumbleweed repositories? They are /*firejail-0.9.48-1.x86_64.rpm*/ and *firetools-0.9.46-1.x86_64.rpm* respectively.

    Well, I almost stopped using firejail & co, so I lost my interest. Can anyone take over the maintenance?


    > 2. Do you have any ideas about what might have gone wrong with FireJail on one-only of my two computers, with respect to *KeePassXC*? They both used to work together correctly on my Tower til recently, & they still do work correctly together on my second pc.

    There is no change in firejail side, at least, I haven't updated it for long time. So sorry, no idea about it.


    > 3. Do you think it might be a Tumbleweed problem, or a FireJail problem? [ie, if it is a FireJail problem, then probably i should post it on the FireJail website & ask its Dev for ideas]?

    We should update the package at first, maybe some profiles have been updated.

  8. #8
    Join Date
    Jun 2017
    Location
    Australia
    Posts
    582

    Default Re: KeePassXC & FireJail suddenly began conflicting in my Tower.

    An unexpected update:
    Now I updated the firejail and firetools package to 0.9.48 and 0.9.46, respectively. Hopefully this worked better on your machine...

    Takashi

  9. #9
    Join Date
    Jun 2017
    Location
    Australia
    Posts
    582

    Default Re: KeePassXC & FireJail suddenly began conflicting in my Tower.

    For a multiplicity of reasons that had been growing for weeks, last night i did a fresh install of TW into Tower's / partition, retaining all other partitions as-is. Post-reboot, my Tower's TW is now 20170821.

    Now, KeePassXC & FireJail once more play nicely together, just like they'd done for a few months in Tower until the abrupt fault arose, & just like they have continued to do in Lappy all along.. This is pleasing, but...

    ...if the fault ever returns, i still have no idea of root cause, hence solution [& i acknowledge that a TW reinstallation is more cheating than solution].

    Oh well, fingers crossed...

  10. #10
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    26,650
    Blog Entries
    15

    Default Re: KeePassXC & FireJail suddenly began conflicting in my Tower.

    On Wed 23 Aug 2017 02:16:02 AM CDT, GooeyGirl wrote:

    For a multiplicity of reasons that had been growing for weeks, last
    night i did a fresh install of TW into Tower's / partition, retaining
    all other partitions as-is. Post-reboot, my Tower's TW is now 20170821.

    Now, KeePassXC & FireJail once more play nicely together, just like
    they'd done for a few months in Tower until the abrupt fault arose, &
    just like they have continued to do in Lappy all along.. This is
    pleasing, but...

    ....if the fault ever returns, i still have no idea of root cause, hence
    solution [& i acknowledge that a TW reinstallation is more cheating than
    solution].

    Oh well, fingers crossed...


    Hi
    More than likely some underlying library that is common between both, a
    big lua rebuild is going on so I have a few old libs lurking...

    --
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    openSUSE Leap 42.2|GNOME 3.20.2|4.4.79-18.26-default
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!


Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •