1FLATPAK OVERRIDE(1) flatpak override FLATPAK OVERRIDE(1)
2
6 flatpak-override - Override application requirements
7
9 flatpak override [OPTION...] [APP]
10
12 Overrides the application specified runtime requirements. This can be
13 used to grant a sandboxed application more or less resources than it
14 requested.
15 By default the application gets access to the resources it requested
17 when it is started. But the user can override it on a particular
18 instance by specifying extra arguments to flatpak run, or every time by
19 using flatpak override.
20 If the application id is not specified then the overrides affect all
22 applications, but the per-application overrides can override the global
23 overrides.
24 Unless overridden with the --user or --installation options, this
26 command changes the default system-wide installation.
27
29 The following options are understood:
30 -h, --help
32 Show help options and exit.
33 --user
35 Update a per-user installation.
36 --system
38 Update the default system-wide installation.
39 --installation=NAME
41 Updates a system-wide installation specified by NAME among those
42 defined in /etc/flatpak/installations.d/. Using
43 --installation=default is equivalent to using --system.
44 --share=SUBSYSTEM
46 Share a subsystem with the host session. This overrides the Context
47 section from the application metadata. SUBSYSTEM must be one of:
48 network, ipc. This option can be used multiple times.
49 --unshare=SUBSYSTEM
51 Don't share a subsystem with the host session. This overrides the
52 Context section from the application metadata. SUBSYSTEM must be
53 one of: network, ipc. This option can be used multiple times.
54 --socket=SOCKET
56 Expose a well-known socket to the application. This overrides to
57 the Context section from the application metadata. SOCKET must be
58 one of: x11, wayland, fallback-x11, pulseaudio, system-bus,
59 session-bus, ssh-auth. This option can be used multiple times.
60 --nosocket=SOCKET
62 Don't expose a well-known socket to the application. This overrides
63 to the Context section from the application metadata. SOCKET must
64 be one of: x11, wayland, fallback-x11, pulseaudio, system-bus,
65 session-bus, ssh-auth. This option can be used multiple times.
66 --device=DEVICE
68 Expose a device to the application. This overrides to the Context
69 section from the application metadata. DEVICE must be one of: dri,
70 kvm, all. This option can be used multiple times.
71 --nodevice=DEVICE
73 Don't expose a device to the application. This overrides to the
74 Context section from the application metadata. DEVICE must be one
75 of: dri, kvm, all. This option can be used multiple times.
76 --allow=FEATURE
78 Allow access to a specific feature. This updates the [Context]
79 group in the metadata. FEATURE must be one of: devel, multiarch,
80 bluetooth. This option can be used multiple times.
81 See flatpak-build-finish(1) for the meaning of the various
83 features.
84 --disallow=FEATURE
86 Disallow access to a specific feature. This updates the [Context]
87 group in the metadata. FEATURE must be one of: devel, multiarch,
88 bluetooth. This option can be used multiple times.
89 --filesystem=FS
91 Allow the application access to a subset of the filesystem. This
92 overrides to the Context section from the application metadata. FS
93 can be one of: home, host, xdg-desktop, xdg-documents, xdg-download
94 xdg-music, xdg-pictures, xdg-public-share, xdg-templates,
95 xdg-videos, xdg-run, xdg-config, xdg-cache, xdg-data, an absolute
96 path, or a homedir-relative path like ~/dir or paths relative to
97 the xdg dirs, like xdg-download/subdir. The optional :ro suffix
98 indicates that the location will be read-only. The optional :create
99 suffix indicates that the location will be read-write and created
100 if it doesn't exist. This option can be used multiple times.
101 --nofilesystem=FILESYSTEM
103 Remove access to the specified subset of the filesystem from the
104 application. This overrides to the Context section from the
105 application metadata. FILESYSTEM can be one of: home, host,
106 xdg-desktop, xdg-documents, xdg-download xdg-music, xdg-pictures,
107 xdg-public-share, xdg-templates, xdg-videos, an absolute path, or a
108 homedir-relative path like ~/dir. This option can be used multiple
109 times.
110 --add-policy=SUBSYSTEM.KEY=VALUE
112 Add generic policy option. For example,
113 "--add-policy=subsystem.key=v1 --add-policy=subsystem.key=v2" would
114 map to this metadata:
115 [Policy subsystem]
117 key=v1;v2;
118 This option can be used multiple times.
121 --remove-policy=SUBSYSTEM.KEY=VALUE
123 Remove generic policy option. This option can be used multiple
124 times.
125 --env=VAR=VALUE
127 Set an environment variable in the application. This overrides to
128 the Context section from the application metadata. This option can
129 be used multiple times.
130 --own-name=NAME
132 Allow the application to own the well-known name NAME on the
133 session bus. This overrides to the Context section from the
134 application metadata. This option can be used multiple times.
135 --talk-name=NAME
137 Allow the application to talk to the well-known name NAME on the
138 session bus. This overrides to the Context section from the
139 application metadata. This option can be used multiple times.
140 --system-own-name=NAME
142 Allow the application to own the well known name NAME on the system
143 bus. If NAME ends with .*, it allows the application to own all
144 matching names. This overrides to the Context section from the
145 application metadata. This option can be used multiple times.
146 --system-talk-name=NAME
148 Allow the application to talk to the well known name NAME on the
149 system bus. If NAME ends with .*, it allows the application to talk
150 to all matching names. This overrides to the Context section from
151 the application metadata. This option can be used multiple times.
152 --persist=FILENAME
154 If the application doesn't have access to the real homedir, make
155 the (homedir-relative) path FILENAME a bind mount to the
156 corresponding path in the per-application directory, allowing that
157 location to be used for persistent data. This overrides to the
158 Context section from the application metadata. This option can be
159 used multiple times.
160 --reset
162 Remove overrides. If an APP is given, remove the overrides for that
163 application, otherwise remove the global overrides.
164 --show
166 Shows overrides. If an APP is given, shows the overrides for that
167 application, otherwise shows the global overrides.
168 -v, --verbose
170 Print debug information during command processing.
171 --ostree-verbose
173 Print OSTree debug information during command processing.
174
176 $ flatpak override --nosocket=wayland org.gnome.GEdit
177 $ flatpak override --filesystem=home org.mozilla.Firefox
179
181 flatpak(1), flatpak-run(1)
182flatpak FLATPAK OVERRIDE(1)