flatpak-spawn (1) Linux Manual Page
flatpak-spawn – Run commands in a sandbox
Synopsis
- flatpak-spawn [OPTION…] COMMAND [ARGUMENT…]
Description
flatpak-spawn uses the Flatpak portal to create a copy the sandbox it was called from, optionally using tighter permissions and the latest version of the app and runtime.
Options
The following options are understood: -h, –help
- Show help options and exit.
-v, –verbose
- Print debug information
–forward-fd=FD
- Forward a file descriptor
–clear-env
- Run with a clean environment
–watch-bus
- Make the spawned command exit if we do
–env=VAR=VALUE
- Set an environment variable
–latest-version
- Use the latest version of the refs that are used to set up the sandbox
–no-network
- Run without network access
–sandbox
- Run fully sandboxed.
See the –sandbox-expose and –sandbox-expose-ro options for selective file access.
–sandbox-expose=NAME
- Expose read-write access to a file in the sandbox.
Note that absolute paths or subdirectories are not allowed. The files must be in the sandbox subdirectory of the instance directory (i.e. ~/.var/app/$APP_ID/sandbox).
This option is useful in combination with –sandbox (otherwise the instance directory is accessible anyway).
–sandbox-expose-ro=NAME
- Expose readonly access to a file in the sandbox.
Note that absolute paths or subdirectories are not allowed. The files must be in the sandbox subdirectory of the instance directory (i.e. ~/.var/app/$APP_ID/sandbox).
This option is useful in combination with –sandbox (otherwise the instance directory is accessible anyway).
–host
- Run the command unsandboxed on the host. This requires access to the org.freedesktop.Flatpak D-Bus interface
–directory=DIR
- The working directory in which to run the command.
Note that the given directory must exist in the sandbox or, when used in conjunction with –host, on the host.