How to enable AppImage/Flatpak apps connections?

[mbnoimi]

Hi,
I've problem with MediaElch AppImage distro (same issue occurs with Flatpak apps). I want OpenSnitch (v 1.6.6) to accept all connections from MediaElch using this rule:

{
    "created": "2025-05-22T21:28:12.000000Z",
    "name": "mbnoimi-w-MediaElch",
    "enabled": true,
    "precedence": true,
    "action": "allow",
    "duration": "always",
    "operator": {
        "type": "regexp",
        "operand": "process.path",
        "data": "(?i).*\\bmediaelch\\b.*"
    }
}

MediaElch launcher:

~/.appimages/mediaelch.appimage

But whenever I launch it. I get a conflict with malware rule:

{
    "created": "2025-05-22T13:46:48.000000Z",
    "name": "mbnoimi-b-malware",
    "enabled": true,
    "precedence": true,
    "action": "reject",
    "duration": "always",
    "operator": {
        "type": "regexp",
        "operand": "process.path",
        "data": "^(/tmp/|/var/tmp/|/dev/shm/|/var/run|/var/lock).*"
    }
}

Events:

2025-05-22 21:28:25.661960,unix:/local,reject,53470,127.0.0.1,127.0.0.53,api.themoviedb.org.local,53,udp,1000,273906,/tmp/.mount_mediaekEHnDy/usr/bin/MediaElch,/tmp/.mount_mediaekEHnDy/AppRun.wrapped,mbnoimi-b-malware
2025-05-22 21:28:25.661032,unix:/local,reject,39695,127.0.0.1,127.0.0.53,api.themoviedb.org,53,udp,1000,273906,/tmp/.mount_mediaekEHnDy/usr/bin/MediaElch,/tmp/.mount_mediaekEHnDy/AppRun.wrapped,mbnoimi-b-malware
2025-05-22 21:28:25.659863,unix:/local,reject,50351,127.0.0.1,127.0.0.53,api.themoviedb.org,53,udp,1000,273906,/tmp/.mount_mediaekEHnDy/usr/bin/MediaElch,/tmp/.mount_mediaekEHnDy/AppRun.wrapped,mbnoimi-b-malware
2025-05-22 21:28:23.169817,unix:/local,reject,35205,127.0.0.1,127.0.0.53,api.thetvdb.com.local,53,udp,1000,273906,/tmp/.mount_mediaekEHnDy/usr/bin/MediaElch,/tmp/.mount_mediaekEHnDy/AppRun.wrapped,mbnoimi-b-malware

In case I disable mbnoimi-b-malware rule. OpenSnitch keeps asking me for connections needed by MediaElch (ex api.themoviedb.org)

1. How can I fix confliction issue between mbnoimi-b-malware and mbnoimi-w-MediaElch rules?
2. How can I enable all connections for MediaElch app?

EDIT: Rewrite whole question.

[gustavo-iniguez-goya]

hi @mbnoimi ,

In this case you can rename the mbnoimi-w-MediaElch rule to ensure that it gets evaluated before the malware rule, for example: 000-mbnoimi-w-MediaElch. Be sure to mark [x] Priority rule, to stop evaluating rules when matching connections from the AppImage.

On the other hand, since all AppImages are uncompressed and launched from /tmp/.mount_*, you can use this regexp in the [x] From this executable field: ^/tmp/\.mount_mediae[0-9A-Za-z]{6}\/.*$

The popup should also offer you the option to select it: