flatpak-spawn - Man Page

Run commands in a sandbox

Synopsis

flatpak-spawn [OPTION...] COMMAND [ARGUMENT...]

Description

Unlike other flatpak commands, flatpak-spawn is available to applications inside the sandbox. It runs COMMAND outside the sandbox: either in another sandbox, or on the host.

When called without --host, flatpak-spawn uses the Flatpak portal to create a copy of the sandbox it was called from, optionally using tighter permissions and optionally the latest version of the app and runtime (see --latest-version).

Options

The following options are understood:

-h, --help

Show help options and exit.

-v, --verbose

Print debug information

--forward-fd=FD

Forward a file descriptor

--clear-env

Run with a clean environment

--watch-bus

Make the spawned command exit if the caller disappears from the session bus

--env=VAR=VALUE

Set an environment variable

--latest-version

Use the latest version of the refs that are used to set up the sandbox

--no-network

Run without network access

--sandbox

Run fully sandboxed. See the documentation for the --sandbox option in flatpak-run(1)

See the --sandbox-expose and --sandbox-expose-ro options for selective file access.

--sandbox-expose=NAME

Expose read-write access to a file in the sandbox.

Note that absolute paths or subdirectories are not allowed. The files must be in the sandbox subdirectory of the instance directory (i.e. ~/.var/app/$APP_ID/sandbox).

This option is useful in combination with --sandbox (otherwise the instance directory is accessible anyway).

--sandbox-expose-ro=NAME

Expose readonly access to a file in the sandbox.

Note that absolute paths or subdirectories are not allowed. The files must be in the sandbox subdirectory of the instance directory (i.e. ~/.var/app/$APP_ID/sandbox).

This option is useful in combination with --sandbox (otherwise the instance directory is accessible anyway).

--host