1FLATPAK OVERRIDE(1) flatpak override FLATPAK OVERRIDE(1)
2
6 flatpak-override - Override application requirements
7
9 flatpak override [OPTION...] [APP]
10
12 Overrides the application specified runtime requirements. This can be
13 used to grant a sandboxed application more or less resources than it
14 requested.
15 By default the application gets access to the resources it requested
17 when it is started. But the user can override it on a particular
18 instance by specifying extra arguments to flatpak run, or every time by
19 using flatpak override.
20 If the application id is not specified then the overrides affect all
22 applications, but the per-application overrides can override the global
23 overrides.
24 Unless overridden with the --user or --installation options, this
26 command changes the default system-wide installation.
27
29 The following options are understood:
30 -h, --help
32 Show help options and exit.
33 --user
35 Update a per-user installation.
36 --system
38 Update the default system-wide installation.
39 --installation=NAME
41 Updates a system-wide installation specified by NAME among those
42 defined in /etc/flatpak/installations.d/. Using
43 --installation=default is equivalent to using --system.
44 --share=SUBSYSTEM
46 Share a subsystem with the host session. This overrides the Context
47 section from the application metadata. SUBSYSTEM must be one of:
48 network, ipc. This option can be used multiple times.
49 --unshare=SUBSYSTEM
51 Don't share a subsystem with the host session. This overrides the
52 Context section from the application metadata. SUBSYSTEM must be
53 one of: network, ipc. This option can be used multiple times.
54 --socket=SOCKET
56 Expose a well-known socket to the application. This overrides to
57 the Context section from the application metadata. SOCKET must be
58 one of: x11, wayland, fallback-x11, pulseaudio, system-bus,
59 session-bus, ssh-auth, pcsc, cups. This option can be used multiple
60 times.
61 --nosocket=SOCKET
63 Don't expose a well-known socket to the application. This overrides
64 to the Context section from the application metadata. SOCKET must
65 be one of: x11, wayland, fallback-x11, pulseaudio, system-bus,
66 session-bus, ssh-auth, pcsc, cups. This option can be used multiple
67 times.
68 --device=DEVICE
70 Expose a device to the application. This overrides to the Context
71 section from the application metadata. DEVICE must be one of: dri,
72 kvm, shm, all. This option can be used multiple times.
73 --nodevice=DEVICE
75 Don't expose a device to the application. This overrides to the
76 Context section from the application metadata. DEVICE must be one
77 of: dri, kvm, shm, all. This option can be used multiple times.
78 --allow=FEATURE
80 Allow access to a specific feature. This updates the [Context]
81 group in the metadata. FEATURE must be one of: devel, multiarch,
82 bluetooth, canbus. This option can be used multiple times.
83 See flatpak-build-finish(1) for the meaning of the various
85 features.
86 --disallow=FEATURE
88 Disallow access to a specific feature. This updates the [Context]
89 group in the metadata. FEATURE must be one of: devel, multiarch,
90 bluetooth, canbus. This option can be used multiple times.
91 --filesystem=FILESYSTEM
93 Allow the application access to a subset of the filesystem. This
94 overrides to the Context section from the application metadata.
95 FILESYSTEM can be one of: home, host, xdg-desktop, xdg-documents,
96 xdg-download, xdg-music, xdg-pictures, xdg-public-share,
97 xdg-templates, xdg-videos, xdg-run, xdg-config, xdg-cache,
98 xdg-data, an absolute path, or a homedir-relative path like ~/dir
99 or paths relative to the xdg dirs, like xdg-download/subdir. The
100 optional :ro suffix indicates that the location will be read-only.
101 The optional :create suffix indicates that the location will be
102 read-write and created if it doesn't exist. This option can be used
103 multiple times. See the "[Context] filesystems" list in flatpak-
104 metadata(5) for details of the meanings of these filesystems.
105 --nofilesystem=FILESYSTEM
107 Remove access to the specified subset of the filesystem from the
108 application. This overrides to the Context section from the
109 application metadata. FILESYSTEM can be one of: home, host,
110 xdg-desktop, xdg-documents, xdg-download, xdg-music, xdg-pictures,
111 xdg-public-share, xdg-templates, xdg-videos, an absolute path, or a
112 homedir-relative path like ~/dir. This option can be used multiple
113 times.
114 --add-policy=SUBSYSTEM.KEY=VALUE
116 Add generic policy option. For example,
117 "--add-policy=subsystem.key=v1 --add-policy=subsystem.key=v2" would
118 map to this metadata:
119 [Policy subsystem]
121 key=v1;v2;
122 This option can be used multiple times.
125 --remove-policy=SUBSYSTEM.KEY=VALUE
127 Remove generic policy option. This option can be used multiple
128 times.
129 --env=VAR=VALUE
131 Set an environment variable in the application. This overrides to
132 the Context section from the application metadata. This option can
133 be used multiple times.
134 --own-name=NAME
136 Allow the application to own the well-known name NAME on the
137 session bus. This overrides to the Context section from the
138 application metadata. This option can be used multiple times.
139 --talk-name=NAME
141 Allow the application to talk to the well-known name NAME on the
142 session bus. This overrides to the Context section from the
143 application metadata. This option can be used multiple times.
144 --no-talk-name=NAME
146 Don't allow the application to talk to the well-known name NAME on
147 the session bus. This overrides to the Context section from the
148 application metadata. This option can be used multiple times.
149 --system-own-name=NAME
151 Allow the application to own the well known name NAME on the system
152 bus. If NAME ends with .*, it allows the application to own all
153 matching names. This overrides to the Context section from the
154 application metadata. This option can be used multiple times.
155 --system-talk-name=NAME
157 Allow the application to talk to the well known name NAME on the
158 system bus. If NAME ends with .*, it allows the application to talk
159 to all matching names. This overrides to the Context section from
160 the application metadata. This option can be used multiple times.
161 --system-no-talk-name=NAME
163 Don't allow the application to talk to the well known name NAME on
164 the system bus. If NAME ends with .*, it allows the application to
165 talk to all matching names. This overrides to the Context section
166 from the application metadata. This option can be used multiple
167 times.
168 --persist=FILENAME
170 If the application doesn't have access to the real homedir, make
171 the (homedir-relative) path FILENAME a bind mount to the
172 corresponding path in the per-application directory, allowing that
173 location to be used for persistent data. This overrides to the
174 Context section from the application metadata. This option can be
175 used multiple times.
176 --reset
178 Remove overrides. If an APP is given, remove the overrides for that
179 application, otherwise remove the global overrides.
180 --show
182 Shows overrides. If an APP is given, shows the overrides for that
183 application, otherwise shows the global overrides.
184 -v, --verbose
186 Print debug information during command processing.
187 --ostree-verbose
189 Print OSTree debug information during command processing.
190
192 $ flatpak override --nosocket=wayland org.gnome.gedit
193 $ flatpak override --filesystem=home org.mozilla.Firefox
195
197 flatpak(1), flatpak-run(1)
198flatpak FLATPAK OVERRIDE(1)