1FLATPAK OVERRIDE(1)            flatpak override            FLATPAK OVERRIDE(1)
2
3
4

NAME

6       flatpak-override - Override application requirements
7

SYNOPSIS

9       flatpak override [OPTION...] [APP]
10

DESCRIPTION

12       Overrides the application specified runtime requirements. This can be
13       used to grant a sandboxed application more or less resources than it
14       requested.
15
16       By default the application gets access to the resources it requested
17       when it is started. But the user can override it on a particular
18       instance by specifying extra arguments to flatpak run, or every time by
19       using flatpak override.
20
21       If the application id is not specified then the overrides affect all
22       applications, but the per-application overrides can override the global
23       overrides.
24
25       Unless overridden with the --user or --installation options, this
26       command changes the default system-wide installation.
27

OPTIONS

29       The following options are understood:
30
31       -h, --help
32           Show help options and exit.
33
34       --user
35           Update a per-user installation.
36
37       --system
38           Update the default system-wide installation.
39
40       --installation=NAME
41           Updates a system-wide installation specified by NAME among those
42           defined in /etc/flatpak/installations.d/. Using
43           --installation=default is equivalent to using --system.
44
45       --share=SUBSYSTEM
46           Share a subsystem with the host session. This overrides the Context
47           section from the application metadata.  SUBSYSTEM must be one of:
48           network, ipc. This option can be used multiple times.
49
50       --unshare=SUBSYSTEM
51           Don't share a subsystem with the host session. This overrides the
52           Context section from the application metadata.  SUBSYSTEM must be
53           one of: network, ipc. This option can be used multiple times.
54
55       --socket=SOCKET
56           Expose a well-known socket to the application. This overrides to
57           the Context section from the application metadata.  SOCKET must be
58           one of: x11, wayland, fallback-x11, pulseaudio, system-bus,
59           session-bus, ssh-auth, pcsc, cups. This option can be used multiple
60           times.
61
62       --nosocket=SOCKET
63           Don't expose a well-known socket to the application. This overrides
64           to the Context section from the application metadata.  SOCKET must
65           be one of: x11, wayland, fallback-x11, pulseaudio, system-bus,
66           session-bus, ssh-auth, pcsc, cups. This option can be used multiple
67           times.
68
69       --device=DEVICE
70           Expose a device to the application. This overrides to the Context
71           section from the application metadata.  DEVICE must be one of: dri,
72           kvm, shm, all. This option can be used multiple times.
73
74       --nodevice=DEVICE
75           Don't expose a device to the application. This overrides to the
76           Context section from the application metadata.  DEVICE must be one
77           of: dri, kvm, shm, all. This option can be used multiple times.
78
79       --allow=FEATURE
80           Allow access to a specific feature. This updates the [Context]
81           group in the metadata.  FEATURE must be one of: devel, multiarch,
82           bluetooth, canbus. This option can be used multiple times.
83
84           See flatpak-build-finish(1) for the meaning of the various
85           features.
86
87       --disallow=FEATURE
88           Disallow access to a specific feature. This updates the [Context]
89           group in the metadata.  FEATURE must be one of: devel, multiarch,
90           bluetooth, canbus. This option can be used multiple times.
91
92       --filesystem=FILESYSTEM
93           Allow the application access to a subset of the filesystem. This
94           overrides to the Context section from the application metadata.
95           FILESYSTEM can be one of: home, host, host-os, host-etc,
96           xdg-desktop, xdg-documents, xdg-download, xdg-music, xdg-pictures,
97           xdg-public-share, xdg-templates, xdg-videos, xdg-run, xdg-config,
98           xdg-cache, xdg-data, an absolute path, or a homedir-relative path
99           like ~/dir or paths relative to the xdg dirs, like
100           xdg-download/subdir. The optional :ro suffix indicates that the
101           location will be read-only. The optional :create suffix indicates
102           that the location will be read-write and created if it doesn't
103           exist. This option can be used multiple times. See the "[Context]
104           filesystems" list in flatpak-metadata(5) for details of the
105           meanings of these filesystems.
106
107       --nofilesystem=FILESYSTEM
108           Remove access to the specified subset of the filesystem from the
109           application. This overrides to the Context section from the
110           application metadata.  FILESYSTEM can be one of: home, host,
111           host-os, host-etc, xdg-desktop, xdg-documents, xdg-download,
112           xdg-music, xdg-pictures, xdg-public-share, xdg-templates,
113           xdg-videos, an absolute path, or a homedir-relative path like
114           ~/dir. This option can be used multiple times.
115
116       --add-policy=SUBSYSTEM.KEY=VALUE
117           Add generic policy option. For example,
118           "--add-policy=subsystem.key=v1 --add-policy=subsystem.key=v2" would
119           map to this metadata:
120
121               [Policy subsystem]
122               key=v1;v2;
123
124
125           This option can be used multiple times.
126
127       --remove-policy=SUBSYSTEM.KEY=VALUE
128           Remove generic policy option. This option can be used multiple
129           times.
130
131       --env=VAR=VALUE
132           Set an environment variable in the application. This overrides to
133           the Context section from the application metadata. This option can
134           be used multiple times.
135
136       --unset-env=VAR
137           Unset an environment variable in the application. This overrides
138           the unset-environment entry in the [Context] group of the metadata,
139           and the [Environment] group. This option can be used multiple
140           times.
141
142       --env-fd=FD
143           Read environment variables from the file descriptor FD, and set
144           them as if via --env. This can be used to avoid environment
145           variables and their values becoming visible to other users.
146
147           Each environment variable is in the form VAR=VALUE followed by a
148           zero byte. This is the same format used by env -0 and
149           /proc/*/environ.
150
151       --own-name=NAME
152           Allow the application to own the well-known name NAME on the
153           session bus. This overrides to the Context section from the
154           application metadata. This option can be used multiple times.
155
156       --talk-name=NAME
157           Allow the application to talk to the well-known name NAME on the
158           session bus. This overrides to the Context section from the
159           application metadata. This option can be used multiple times.
160
161       --no-talk-name=NAME
162           Don't allow the application to talk to the well-known name NAME on
163           the session bus. This overrides to the Context section from the
164           application metadata. This option can be used multiple times.
165
166       --system-own-name=NAME
167           Allow the application to own the well known name NAME on the system
168           bus. If NAME ends with .*, it allows the application to own all
169           matching names. This overrides to the Context section from the
170           application metadata. This option can be used multiple times.
171
172       --system-talk-name=NAME
173           Allow the application to talk to the well known name NAME on the
174           system bus. If NAME ends with .*, it allows the application to talk
175           to all matching names. This overrides to the Context section from
176           the application metadata. This option can be used multiple times.
177
178       --system-no-talk-name=NAME
179           Don't allow the application to talk to the well known name NAME on
180           the system bus. If NAME ends with .*, it allows the application to
181           talk to all matching names. This overrides to the Context section
182           from the application metadata. This option can be used multiple
183           times.
184
185       --persist=FILENAME
186           If the application doesn't have access to the real homedir, make
187           the (homedir-relative) path FILENAME a bind mount to the
188           corresponding path in the per-application directory, allowing that
189           location to be used for persistent data. This overrides to the
190           Context section from the application metadata. This option can be
191           used multiple times.
192
193       --reset
194           Remove overrides. If an APP is given, remove the overrides for that
195           application, otherwise remove the global overrides.
196
197       --show
198           Shows overrides. If an APP is given, shows the overrides for that
199           application, otherwise shows the global overrides.
200
201       -v, --verbose
202           Print debug information during command processing.
203
204       --ostree-verbose
205           Print OSTree debug information during command processing.
206

EXAMPLES

208       $ flatpak override --nosocket=wayland org.gnome.gedit
209
210       $ flatpak override --filesystem=home org.mozilla.Firefox
211

SEE ALSO

213       flatpak(1), flatpak-run(1)
214
215
216
217flatpak                                                    FLATPAK OVERRIDE(1)
Impressum