option to allow/deny all connections by particular application (AppImages)

[gnrlus]

Summary:

[TriMoon]

You can already do that by creating a rule for it... If you mean a UI toggle button, that would be near impossible to do because which app should be automatically selected for that purpose? :thinking:

[gustavo-iniguez-goya]

hey @gnrlus , as @TriMoon said, you can do that by creating a rule using the field [x] From this executable

Right now we only apply rules on executables, and not on childs spawned by the executables. There's a request for it #406, and hopefully I think we could add it easily now, but please, explain this feature request in more detail.

[gnrlus]

All this time I never even noticed that little [+] button, which is just fine for adding rules. I only ever created rules via the automatic pop-up window. I should find more time to explore around! However, "From this executable" doesn't work and I'm not sure if that's because it's a child process or not. I do notice the application runs from a unique subdirectory in /temp every time. I only specified the process name and not the full path. It still incessantly pops up the Deny/Allow window every time I run the application. So I second that request in #406.

[gustavo-iniguez-goya]

hey, thank you for providing more info.

Is it an AppImage maybe? Doest the path start with /tmp/.mount_*?

[gnrlus]

Sure, no problem. Yes, I meant /tmp, not /temp, and it is an AppImage. How did you know and what is the significance? And just real quick, not to get off topic, but to your knowledge is it problematic for AppImages to create random process names in /tmp/.mount_* in any context? That will be important to know because I'm making important decisions about what kind of application package formats I wish to use and not use. Of course, I wish to avoid application dynamics that complicate Linux adversely. Thank you.

[gustavo-iniguez-goya]

How did you know and what is the significance?

It's a common problem :) https://github.com/evilsocket/opensnitch/wiki/FAQs#appimages-confuse-the-firewall

to your knowledge is it problematic for AppImages to create random process names in /tmp/.mount_* in any context?

No as far as I can tell, it's just annoying for the user to create the rule to match that process path in particular.

I'll try to implement this request https://github.com/evilsocket/opensnitch/issues/543#issuecomment-1430417086

The pop-ups already have too many options I think, but it's true that allowing to create rules for AppImages would help a lot.

[gnrlus]

I don't know if all AppImages execute from /tmp/.mount*/ but if we wish to have different rules for different AppImages then they would need to be expressions like /tmp/.mount/[executable] rather than a blanket rule for anything that executes out of /tmp/.mount_. I kind of wish process IDs had long hex number prefixes that are fixed by the application. That way one could easily ID the process and yet the PID would still have uniqueness. Then I suppose the rule enforcing procedure could just parse the PID.

[gustavo-iniguez-goya]

I've added an option to the pop-ups, to automatically create a regular expression to match the path of AppImages, if the path of the process starts with /tmp/.mount_.

As far as I can tell, as explained in the commit, the pattern is /tmp/._mount<appId>XXXXXX/.*binary, where only XXXXXX is random. For example IPTVnator -> /tmp/.mount_IPTVnaD8In31/iptvnator, or Siril -> /tmp/.mount_Siril-Cykpw0/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2

Hopefully it'll help users to create rules for AppImages. Although the option is a bit hidden in the combo box.

[gnrlus]

That's great, thank you. I will update my OpenSnitch and try it out ASAP.