1FLATPAK RUN(1) flatpak run FLATPAK RUN(1)
2
6 flatpak-run - Run an application or open a shell in a runtime
7
9 flatpak run [OPTION...] REF [ARG...]
10
12 If REF names an installed application, Flatpak runs the application in
13 a sandboxed environment. Extra arguments are passed on to the
14 application. The current branch and arch of the application is used
15 unless otherwise specified with --branch or --arch. See flatpak-make-
16 current(1).
17 If REF names a runtime, a shell is opened in the runtime. This is
19 useful for development and testing. If there is ambiguity about which
20 branch to use, you will be prompted to choose. Use --branch to avoid
21 this. The primary arch is used unless otherwise specified with --arch.
22 By default, Flatpak will look for the application or runtime in the
24 per-user installation first, then in all system installations. This can
25 be overridden with the --user, --system and --installation options.
26 Flatpak creates a sandboxed environment for the application to run in
28 by mounting the right runtime at /usr and a writable directory at /var,
29 whose content is preserved between application runs. The application
30 itself is mounted at /app.
31 The details of the sandboxed environment are controlled by the
33 application metadata and various options like --share and --socket that
34 are passed to the run command: Access is allowed if it was requested
35 either in the application metadata file or with an option and the user
36 hasn't overridden it.
37 The remaining arguments are passed to the command that gets run in the
39 sandboxed environment. See the --file-forwarding option for handling of
40 file arguments.
41 Environment variables are generally passed on to the sandboxed
43 application, with certain exceptions. The application metadata can
44 override environment variables, as well as the --env option. Apart from
45 that, Flatpak always unsets or overrides the following variables, since
46 their session values are likely to interfere with the functioning of
47 the sandbox:
48 PATH
49 LD_LIBRARY_PATH
50 XDG_CONFIG_DIRS
51 XDG_DATA_DIRS
52 XDG_RUNTIME_DIR
53 SHELL
54 TEMP
55 TEMPDIR
56 TMP
57 TMPDIR
58 PYTHONPATH
59 PERLLIB
60 PERL5LIB
61 XCURSOR_PATH
62 KRB5CCNAME
63 XKB_CONFIG_ROOT
64 GIO_EXTRA_MODULES
65 GDK_BACKEND
66 Also several environment variables with the prefix "GST_" that are used
68 by gstreamer are unset (since Flatpak 1.12.5).
69 Flatpak also overrides the XDG environment variables to point sandboxed
71 applications at their writable filesystem locations below
72 ~/.var/app/$APPID/:
73 XDG_DATA_HOME
74 XDG_CONFIG_HOME
75 XDG_CACHE_HOME
76 XDG_STATE_HOME (since Flatpak 1.13)
77 Apps can use the --persist=.local/state and --unset-env=XDG_STATE_HOME
79 options to get a Flatpak 1.13-compatible ~/.local/state on older
80 versions of Flatpak.
81 The host values of these variables are made available inside the
83 sandbox via these HOST_-prefixed variables:
84 HOST_XDG_DATA_HOME
85 HOST_XDG_CONFIG_HOME
86 HOST_XDG_CACHE_HOME
87 HOST_XDG_STATE_HOME (since Flatpak 1.13)
88 Flatpak sets the environment variable FLATPAK_ID to the application ID
90 of the running app.
91 Flatpak also bind-mounts as read-only the host's /etc/os-release (if
93 available, or /usr/lib/os-release as a fallback) to
94 /run/host/os-release in accordance with the os-release
95 specification[1].
96 If parental controls support is enabled, flatpak will check the current
98 user’s parental controls settings, and will refuse to run an app if it
99 is blocklisted for the current user.
100
102 The following options are understood:
103 -h, --help
105 Show help options and exit.
106 -u, --user
108 Look for the application and runtime in per-user installations.
109 --system
111 Look for the application and runtime in the default system-wide
112 installations.
113 --installation=NAME
115 Look for the application and runtime in the system-wide
116 installation specified by NAME among those defined in
117 /etc/flatpak/installations.d/. Using --installation=default is
118 equivalent to using --system.
119 -v, --verbose
121 Print debug information during command processing.
122 --ostree-verbose
124 Print OSTree debug information during command processing.
125 --arch=ARCH
127 The architecture to run. See flatpak --supported-arches for
128 architectures supported by the host.
129 --command=COMMAND
131 The command to run instead of the one listed in the application
132 metadata.
133 --cwd=DIR
135 The directory to run the command in. Note that this must be a
136 directory inside the sandbox.
137 --branch=BRANCH
139 The branch to use.
140 -d, --devel
142 Use the devel runtime that is specified in the application metadata
143 instead of the regular runtime, and use a seccomp profile that is
144 less likely to break development tools.
145 --runtime=RUNTIME
147 Use this runtime instead of the one that is specified in the
148 application metadata. This is a full tuple, like for example
149 org.freedesktop.Sdk/x86_64/1.2, but partial tuples are allowed. Any
150 empty or missing parts are filled in with the corresponding values
151 specified by the app.
152 --runtime-version=VERSION
154 Use this version of the runtime instead of the one that is
155 specified in the application metadata. This overrides any version
156 specified with the --runtime option.
157 --share=SUBSYSTEM
159 Share a subsystem with the host session. This overrides the Context
160 section from the application metadata. SUBSYSTEM must be one of:
161 network, ipc. This option can be used multiple times.
162 --unshare=SUBSYSTEM
164 Don't share a subsystem with the host session. This overrides the
165 Context section from the application metadata. SUBSYSTEM must be
166 one of: network, ipc. This option can be used multiple times.
167 --socket=SOCKET
169 Expose a well known socket to the application. This overrides to
170 the Context section from the application metadata. SOCKET must be
171 one of: x11, wayland, fallback-x11, pulseaudio, system-bus,
172 session-bus, ssh-auth, pcsc, cups, gpg-agent. This option can be
173 used multiple times.
174 --nosocket=SOCKET
176 Don't expose a well known socket to the application. This overrides
177 to the Context section from the application metadata. SOCKET must
178 be one of: x11, wayland, fallback-x11, pulseaudio, system-bus,
179 session-bus, ssh-auth, pcsc, cups, gpg-agent. This option can be
180 used multiple times.
181 --device=DEVICE
183 Expose a device to the application. This overrides to the Context
184 section from the application metadata. DEVICE must be one of: dri,
185 kvm, shm, all. This option can be used multiple times.
186 --nodevice=DEVICE
188 Don't expose a device to the application. This overrides to the
189 Context section from the application metadata. DEVICE must be one
190 of: dri, kvm, shm, all. This option can be used multiple times.
191 --allow=FEATURE
193 Allow access to a specific feature. This overrides to the Context
194 section from the application metadata. FEATURE must be one of:
195 devel, multiarch, bluetooth. This option can be used multiple
196 times.
197 See flatpak-build-finish(1) for the meaning of the various
199 features.
200 --disallow=FEATURE
202 Disallow access to a specific feature. This overrides to the
203 Context section from the application metadata. FEATURE must be one
204 of: devel, multiarch, bluetooth. This option can be used multiple
205 times.
206 --filesystem=FILESYSTEM
208 Allow the application access to a subset of the filesystem. This
209 overrides to the Context section from the application metadata.
210 FILESYSTEM can be one of: home, host, host-os, host-etc,
211 xdg-desktop, xdg-documents, xdg-download, xdg-music, xdg-pictures,
212 xdg-public-share, xdg-templates, xdg-videos, xdg-run, xdg-config,
213 xdg-cache, xdg-data, an absolute path, or a homedir-relative path
214 like ~/dir or paths relative to the xdg dirs, like
215 xdg-download/subdir. The optional :ro suffix indicates that the
216 location will be read-only. The optional :create suffix indicates
217 that the location will be read-write and created if it doesn't
218 exist. This option can be used multiple times. See the "[Context]
219 filesystems" list in flatpak-metadata(5) for details of the
220 meanings of these filesystems.
221 --nofilesystem=FILESYSTEM
223 Undo the effect of a previous --filesystem=FILESYSTEM in the app's
224 manifest and/or the overrides set up with flatpak-override(1). This
225 overrides the Context section of the application metadata.
226 FILESYSTEM can take the same values as for --filesystem, but the
227 :ro and :create suffixes are not used here. This option can be used
228 multiple times.
229 This option does not prevent access to a more narrowly-scoped
231 --filesystem. For example, if an application has the equivalent of
232 --filesystem=xdg-config/MyApp in its manifest or as a system-wide
233 override, and flatpak override --user --nofilesystem=home as a
234 per-user override, then it will be prevented from accessing most of
235 the home directory, but it will still be allowed to access
236 $XDG_CONFIG_HOME/MyApp.
237 As a special case, --nofilesystem=host:reset will ignore all
239 --filesystem permissions inherited from the app manifest or
240 flatpak-override(1), in addition to having the behaviour of
241 --nofilesystem=host.
242 --add-policy=SUBSYSTEM.KEY=VALUE
244 Add generic policy option. For example,
245 "--add-policy=subsystem.key=v1 --add-policy=subsystem.key=v2" would
246 map to this metadata:
247 [Policy subsystem]
249 key=v1;v2;
250 This option can be used multiple times.
253 --remove-policy=SUBSYSTEM.KEY=VALUE
255 Remove generic policy option. This option can be used multiple
256 times.
257 --env=VAR=VALUE
259 Set an environment variable in the application. This overrides to
260 the Context section from the application metadata. This option can
261 be used multiple times.
262 --unset-env=VAR
264 Unset an environment variable in the application. This overrides
265 the unset-environment entry in the [Context] group of the metadata,
266 and the [Environment] group. This option can be used multiple
267 times.
268 --env-fd=FD
270 Read environment variables from the file descriptor FD, and set
271 them as if via --env. This can be used to avoid environment
272 variables and their values becoming visible to other users.
273 Each environment variable is in the form VAR=VALUE followed by a
275 zero byte. This is the same format used by env -0 and
276 /proc/*/environ.
277 --own-name=NAME
279 Allow the application to own the well known name NAME on the
280 session bus. If NAME ends with .*, it allows the application to own
281 all matching names. This overrides to the Context section from the
282 application metadata. This option can be used multiple times.
283 --talk-name=NAME
285 Allow the application to talk to the well known name NAME on the
286 session bus. If NAME ends with .*, it allows the application to
287 talk to all matching names. This overrides to the Context section
288 from the application metadata. This option can be used multiple
289 times.
290 --no-talk-name=NAME
292 Don't allow the application to talk to the well known name NAME on
293 the session bus. If NAME ends with .*, it allows the application to
294 talk to all matching names. This overrides to the Context section
295 from the application metadata. This option can be used multiple
296 times.
297 --system-own-name=NAME
299 Allow the application to own the well known name NAME on the system
300 bus. If NAME ends with .*, it allows the application to own all
301 matching names. This overrides to the Context section from the
302 application metadata. This option can be used multiple times.
303 --system-talk-name=NAME
305 Allow the application to talk to the well known name NAME on the
306 system bus. If NAME ends with .*, it allows the application to talk
307 to all matching names. This overrides to the Context section from
308 the application metadata. This option can be used multiple times.
309 --system-no-talk-name=NAME
311 Don't allow the application to talk to the well known name NAME on
312 the system bus. If NAME ends with .*, it allows the application to
313 talk to all matching names. This overrides to the Context section
314 from the application metadata. This option can be used multiple
315 times.
316 --persist=FILENAME
318 If the application doesn't have access to the real homedir, make
319 the (homedir-relative) path FILENAME a bind mount to the
320 corresponding path in the per-application directory, allowing that
321 location to be used for persistent data. This overrides to the
322 Context section from the application metadata. This option can be
323 used multiple times.
324 --no-session-bus
326 Run this instance without the filtered access to the session dbus
327 connection. Note, this is the default when run with --sandbox.
328 --session-bus
330 Allow filtered access to the session dbus connection. This is the
331 default, except when run with --sandbox.
332 In sandbox mode, even if you allow access to the session bus the
334 sandbox cannot talk to or own the application ids (org.the.App.*)
335 on the bus (unless explicitly added), only names in the .Sandboxed
336 subset (org.the.App.Sandboxed.* and
337 org.mpris.MediaPlayer2.org.the.App.Sandboxed.*).
338 --no-a11y-bus
340 Run this instance without the access to the accessibility bus.
341 Note, this is the default when run with --sandbox.
342 --a11y-bus
344 Allow access to the accessibility bus. This is the default, except
345 when run with --sandbox.
346 --sandbox
348 Run the application in sandboxed mode, which means dropping all the
349 extra permissions it would otherwise have, as well as access to the
350 session/system/a11y busses and document portal.
351 --log-session-bus
353 Log session bus traffic. This can be useful to see what access you
354 need to allow in your D-Bus policy.
355 --log-system-bus
357 Log system bus traffic. This can be useful to see what access you
358 need to allow in your D-Bus policy.
359 -p, --die-with-parent
361 Kill the entire sandbox when the launching process dies.
362 --parent-pid=PID
364 Specifies the pid of the "parent" flatpak, used by
365 --parent-expose-pids and --parent-share-pids.
366 --parent-expose-pids
368 Make the processes of the new sandbox visible in the sandbox of the
369 parent flatpak, as defined by --parent-pid.
370 --parent-share-pids
372 Use the same process ID namespace for the processes of the new
373 sandbox and the sandbox of the parent flatpak, as defined by
374 --parent-pid. Implies --parent-expose-pids.
375 --instance-id-fd
377 Write the instance ID string to the given file descriptor.
378 --file-forwarding
380 If this option is specified, the remaining arguments are scanned,
381 and all arguments that are enclosed between a pair of '@@'
382 arguments are interpreted as file paths, exported in the document
383 store, and passed to the command in the form of the resulting
384 document path. Arguments between '@@u' and '@@' are considered
385 uris, and any file: uris are exported. The exports are
386 non-persistent and with read and write permissions for the
387 application.
388 --app-path=PATH
390 Instead of mounting the app's content on /app in the sandbox, mount
391 PATH on /app, and the app's content on /run/parent/app. If the app
392 has extensions, they will also be redirected into /run/parent/app,
393 and will not be included in the LD_LIBRARY_PATH inside the sandbox.
394 --app-path=
396 As a special case, --app-path= (with an empty PATH) results in an
397 empty directory being mounted on /app.
398 --usr-path=PATH
400 Instead of mounting the runtime's files on /usr in the sandbox,
401 mount PATH on /usr, and the runtime's normal files on
402 /run/parent/usr. If the runtime has extensions, they will also be
403 redirected into /run/parent/usr, and will not be included in the
404 LD_LIBRARY_PATH inside the sandbox. This option will usually only
405 be useful if it is combined with --app-path= and
406 --env=LD_LIBRARY_PATH=....
407
409 $ flatpak run org.gnome.gedit
410 $ flatpak run --devel --command=bash org.gnome.Builder
412 $ flatpak run --command=bash org.gnome.Sdk
414
416 flatpak(1), flatpak-override(1), flatpak-enter(1)
417
419 1. os-release specification
420 https://www.freedesktop.org/software/systemd/man/os-release.html
421flatpak FLATPAK RUN(1)