flatpak-spawn (1) - Linux Manuals

flatpak-spawn uses the Flatpak portal to create a copy the sandbox it was called from, optionally using tighter permissions and the latest version of the app and runtime.

OPTIONS

The following options are understood:

-h, --help

Show help options and exit.

-v, --verbose

Print debug information

--forward-fd=FD

Forward a file descriptor

--clear-env

Run with a clean environment

--watch-bus

Make the spawned command exit if we do

--env=VAR=VALUE

Set an environment variable

--latest-version

Use the latest version of the refs that are used to set up the sandbox

--no-network

Run without network access

--sandbox

Run fully sandboxed.

See the --sandbox-expose and --sandbox-expose-ro options for selective file access.

--sandbox-expose=NAME

Expose read-write access to a file in the sandbox.

Note that absolute paths or subdirectories are not allowed. The files must be in the sandbox subdirectory of the instance directory (i.e. ~/.var/app/$APP_ID/sandbox).

This option is useful in combination with --sandbox (otherwise the instance directory is accessible anyway).

--sandbox-expose-ro=NAME

Expose readonly access to a file in the sandbox.

Note that absolute paths or subdirectories are not allowed. The files must be in the sandbox subdirectory of the instance directory (i.e. ~/.var/app/$APP_ID/sandbox).

This option is useful in combination with --sandbox (otherwise the instance directory is accessible anyway).

--host

Run the command unsandboxed on the host. This requires access to the org.freedesktop.Flatpak D-Bus interface

--directory=DIR

The working directory in which to run the command.

Note that the given directory must exist in the sandbox or, when used in conjunction with --host, on the host.

EXAMPLES

$ flatpak-spawn ls /var/run