KeepassXC HMAC problems caused by Firejail?

Attempting to use OnlyKey 2.1.1 HMAC challenge-response for KeepassXC 2.6.6 on Linux Mint 20.1. The OnlyKey app works just fine, but KeepassXC doesn’t recognize the presence of the OnlyKey. When I refresh the list of hardware, nothing. Searching the forum I see a few others in the same boat.

I discovered that the only way I can get KeepassXC to recognize the OnlyKey is by running the flatpak version from the command line outside of Firejail protection.

flatpak run org.keepassxc.KeePassXC

That’s fine I guess, but inconvenient. Is there a way that I can tweak the Firejail profile to allow connecting to the OnlyKey?

Do you have the OnlyKey UDEV rule added? There is an issue here that seems to resolve the same issue with Yubikey - Firejail app cannot communicate with my Yubikey · Issue #1176 · netblue30/firejail · GitHub

Thanks for finding that thread!

I copied /etc/firejail/keepassxc.profile to ~/.config/firejail/keepassxc.profile and then commented out the following lines. KeepassXC is able to detect the OnlyKey now.

#protocol unix,netlink
#private-dev