keepassxc: cannot access ssh-agent socket

[rieje]

On firejail latest git build (I don't have this issue with the latest released version), KeepassXC is not seeing ssh agent. In keepassxc.local, the following was used to allow for ssh-agent: include allow-ssh.inc. Any ideas? Running KeepassXC without firejail works as expected. SSH_AUTH_SOCK=/run/user/1000/ssh-agent.socket.

[kmk3]

On firejail latest git build (I don't have this issue with the latest
released version), KeepassXC is not seeing ssh agent.

keepassxc uses whitelisting in ${RUNUSER} since the following PR:

• profiles: keepassxc: add new socket location #6391

To allow the default ssh-agent socket path, it should be enough to add
following to keepassxc.local:

noblacklist /tmp/ssh-*
whitelist /tmp/ssh-*

SSH_AUTH_SOCK=/run/user/1000/ssh-agent.socket.

If you use a custom socket path, you need to allow that instead:

noblacklist ${RUNUSER}/ssh-agent.socket
whitelist ${RUNUSER}/ssh-agent.socket

[kmk3]

@rusty-snake

Thoughts on allowing access to the ssh-agent socket by default on
keepassxc.profile or adding a profile comment?

[rusty-snake]

Allowing ssh-agent by default should be fine IMO.

[kmk3]

Done:

• profiles: keepassxc: allow access to ssh-agent socket #6531