flatpak-spawn man page

flatpak-spawn ā€” Run commands in a sandbox

Synopsis

flatpak-spawn [OPTION...] COMMAND [ARGUMENT...]

Description

Unlike other flatpak commands, flatpak-spawn is available to applications inside the sandbox. It runs COMMAND outside the sandbox, either in another sandbox, or on the host.

flatpak-spawn uses the Flatpak portal to create a copy the sandbox it was called from, optionally using tighter permissions and the latest version of the app and runtime.

Options

The following options are understood:

-h, --help

Show help options and exit.

-v, --verbose

Print debug information

--forward-fd=FD

Forward a file descriptor

--clear-env

Run with a clean environment

--env=VAR=VALUE

Set an environment variable

--latest-version

Use the latest version of the refs that are used to set up the sandbox

--no-network

Run without network access

--sandbox

Run fully sandboxed.

See the --sandbox-expose and --sandbox-expose-ro options for selective file access.

--sandbox-expose=NAME

Expose read-write access to a file in the sandbox.

Note that absolute paths or subdirectories are not allowed. The files must be in the sandbox subdirectory of the instance directory (i.e. ~/.var/app/$APP_ID/sandbox).

This option is useful in combination with --sandbox (otherwise the instance diretory is accessible anyway).

--sandbox-expose-ro=NAME

Expose readonly access to a file in the sandbox.

Note that absolute paths or subdirectories are not allowed. The files must be in the sandbox subdirectory of the instance directory (i.e. ~/.var/app/$APP_ID/sandbox).

This option is useful in combination with --sandbox (otherwise the instance diretory is accessible anyway).

--host

Run the command unsandboxed on the host. This requires access to the org.freedesktop.Flatpak D-Bus interface

Examples

$ flatpak-spawn ls /var/run

See Also

flatpak(1)

Referenced By

flatpak(1).

flatpak spawn