Technical Notes

Manpages - flatpak-spawn.1

NAME

flatpak-spawn - Run commands in a sandbox

SYNOPSIS

flatpak-spawn [OPTION…] COMMAND [ARGUMENT…]

DESCRIPTION

Unlike other flatpak commands, flatpak-spawn is available to applications inside the sandbox. It runs COMMAND outside the sandbox: either in another sandbox, or on the host.

When called without –host, flatpak-spawn uses the Flatpak portal to create a copy of the sandbox it was called from, optionally using tighter permissions and optionally the latest version of the app and runtime (see –latest-version).

OPTIONS

The following options are understood:

-h, –help

Show help options and exit.

-v, –verbose

Print debug information

–forward-fd=FD

Forward a file descriptor

–clear-env

Run with a clean environment

–watch-bus

Make the spawned command exit if the caller disappears from the session bus

–env=VAR=VALUE

Set an environment variable

–latest-version

Use the latest version of the refs that are used to set up the sandbox

–no-network

Run without network access

–sandbox

Run fully sandboxed. See the documentation for the –sandbox option in *flatpak-run*(1)

See the –sandbox-expose and –sandbox-expose-ro options for selective file access.

–sandbox-expose=NAME

Expose read-write access to a file in the sandbox.

Note that absolute paths or subdirectories are not allowed. The files must be in the sandbox subdirectory of the instance directory (i.e. ~/.var/app/$APP_ID/sandbox).

This option is useful in combination with –sandbox (otherwise the instance directory is accessible anyway).

–sandbox-expose-ro=NAME

Expose readonly access to a file in the sandbox.

Note that absolute paths or subdirectories are not allowed. The files must be in the sandbox subdirectory of the instance directory (i.e. ~/.var/app/$APP_ID/sandbox).

This option is useful in combination with –sandbox (otherwise the instance directory is accessible anyway).

–host

Run the command unsandboxed on the host. This requires access to the org.freedesktop.Flatpak D-Bus interface.

–directory=DIR

The working directory in which to run the command.

Note that the given directory must exist in the sandbox or, when used in conjunction with –host, on the host.

EXAMPLES

$ flatpak-spawn ls /var/run

SEE ALSO

*flatpak*(1)