Documentation made easier
flatpak-spawn − Run commands in a sandbox
|
flatpak−spawn [OPTION...] COMMAND [ARGUMENT...] |
Unlike other flatpak commands, flatpak−spawn is available to applications inside the sandbox. It runs COMMAND outside the sandbox, either in another sandbox, or on the host.
flatpak−spawn uses the Flatpak portal to create a copy the sandbox it was called from, optionally using tighter permissions and the latest version of the app and runtime.
The following options are understood:
−h, −−help
Show help options and exit.
−v, −−verbose
Print debug information
−−forward−fd=FD
Forward a file descriptor
−−clear−env
Run with a clean environment
−−watch−bus
Make the spawned command exit if we do
−−env=VAR=VALUE
Set an environment variable
−−latest−version
Use the latest version of the refs that are used to set up the sandbox
−−no−network
Run without network access
−−sandbox
Run fully sandboxed.
See the −−sandbox−expose and −−sandbox−expose−ro options for selective file access.
−−sandbox−expose=NAME
Expose read−write access to a file in the sandbox.
Note that absolute paths or subdirectories are not allowed. The files must be in the sandbox subdirectory of the instance directory (i.e. ~/.var/app/$APP_ID/sandbox).
This option is useful in combination with −−sandbox (otherwise the instance directory is accessible anyway).
−−sandbox−expose−ro=NAME
Expose readonly access to a file in the sandbox.
Note that absolute paths or subdirectories are not allowed. The files must be in the sandbox subdirectory of the instance directory (i.e. ~/.var/app/$APP_ID/sandbox).
This option is useful in combination with −−sandbox (otherwise the instance directory is accessible anyway).
−−host
Run the command unsandboxed on the host. This requires access to the org.freedesktop.Flatpak D−Bus interface
−−directory=DIR
The working directory in which to run the command.
Note that the given directory must exist in the sandbox or, when used in conjunction with −−host, on the host.
$ flatpak−spawn ls /var/run
flatpak(1)