1FLATPAK OVERRIDE(1) flatpak override FLATPAK OVERRIDE(1)
2
6 flatpak-override - Override application requirements
7
9 flatpak override [OPTION...] [APP]
10
12 Overrides the application specified runtime requirements. This can be
13 used to grant a sandboxed application more or less resources than it
14 requested.
15 By default the application gets access to the resources it requested
17 when it is started. But the user can override it on a particular
18 instance by specifying extra arguments to flatpak run, or every time by
19 using flatpak override.
20 The application overrides are saved in text files residing in
22 $XDG_DATA_HOME/flatpak/overrides in user mode.
23 If the application ID APP is not specified then the overrides affect
25 all applications, but the per-application overrides can override the
26 global overrides.
27 Unless overridden with the --user or --installation options, this
29 command changes the default system-wide installation.
30
32 The following options are understood:
33 -h, --help
35 Show help options and exit.
36 -u, --user
38 Update a per-user installation.
39 --system
41 Update the default system-wide installation.
42 --installation=NAME
44 Updates a system-wide installation specified by NAME among those
45 defined in /etc/flatpak/installations.d/. Using
46 --installation=default is equivalent to using --system.
47 --share=SUBSYSTEM
49 Share a subsystem with the host session. This overrides the Context
50 section from the application metadata. SUBSYSTEM must be one of:
51 network, ipc. This option can be used multiple times.
52 --unshare=SUBSYSTEM
54 Don't share a subsystem with the host session. This overrides the
55 Context section from the application metadata. SUBSYSTEM must be
56 one of: network, ipc. This option can be used multiple times.
57 --socket=SOCKET
59 Expose a well-known socket to the application. This overrides to
60 the Context section from the application metadata. SOCKET must be
61 one of: x11, wayland, fallback-x11, pulseaudio, system-bus,
62 session-bus, ssh-auth, pcsc, cups, gpg-agent. This option can be
63 used multiple times.
64 --nosocket=SOCKET
66 Don't expose a well-known socket to the application. This overrides
67 to the Context section from the application metadata. SOCKET must
68 be one of: x11, wayland, fallback-x11, pulseaudio, system-bus,
69 session-bus, ssh-auth, pcsc, cups, gpg-agent. This option can be
70 used multiple times.
71 --device=DEVICE
73 Expose a device to the application. This overrides to the Context
74 section from the application metadata. DEVICE must be one of: dri,
75 input, kvm, shm, all. This option can be used multiple times.
76 --nodevice=DEVICE
78 Don't expose a device to the application. This overrides to the
79 Context section from the application metadata. DEVICE must be one
80 of: dri, input, kvm, shm, all. This option can be used multiple
81 times.
82 --allow=FEATURE
84 Allow access to a specific feature. This updates the [Context]
85 group in the metadata. FEATURE must be one of: devel, multiarch,
86 bluetooth, canbus, per-app-dev-shm. This option can be used
87 multiple times.
88 See flatpak-build-finish(1) for the meaning of the various
90 features.
91 --disallow=FEATURE
93 Disallow access to a specific feature. This updates the [Context]
94 group in the metadata. FEATURE must be one of: devel, multiarch,
95 bluetooth, canbus, per-app-dev-shm. This option can be used
96 multiple times.
97 --filesystem=FILESYSTEM
99 Allow the application access to a subset of the filesystem. This
100 overrides to the Context section from the application metadata.
101 FILESYSTEM can be one of: home, host, host-os, host-etc,
102 xdg-desktop, xdg-documents, xdg-download, xdg-music, xdg-pictures,
103 xdg-public-share, xdg-templates, xdg-videos, xdg-run, xdg-config,
104 xdg-cache, xdg-data, an absolute path, or a homedir-relative path
105 like ~/dir or paths relative to the xdg dirs, like
106 xdg-download/subdir. The optional :ro suffix indicates that the
107 location will be read-only. The optional :create suffix indicates
108 that the location will be read-write and created if it doesn't
109 exist. This option can be used multiple times. See the "[Context]
110 filesystems" list in flatpak-metadata(5) for details of the
111 meanings of these filesystems.
112 --nofilesystem=FILESYSTEM
114 Undo the effect of a previous --filesystem=FILESYSTEM in the app's
115 manifest or a lower-precedence layer of overrides, and/or remove a
116 previous --filesystem=FILESYSTEM from this layer of overrides. This
117 overrides the Context section of the application metadata.
118 FILESYSTEM can take the same values as for --filesystem, but the
119 :ro and :create suffixes are not used here. This option can be used
120 multiple times.
121 This option does not prevent access to a more narrowly-scoped
123 --filesystem. For example, if an application has the equivalent of
124 --filesystem=xdg-config/MyApp in its manifest or as a system-wide
125 override, and flatpak override --user --nofilesystem=home as a
126 per-user override, then it will be prevented from accessing most of
127 the home directory, but it will still be allowed to access
128 $XDG_CONFIG_HOME/MyApp.
129 As a special case, --nofilesystem=host:reset will ignore all
131 --filesystem permissions inherited from the app manifest or a
132 lower-precedence layer of overrides, in addition to having the
133 behaviour of --nofilesystem=host.
134 --add-policy=SUBSYSTEM.KEY=VALUE
136 Add generic policy option. For example,
137 "--add-policy=subsystem.key=v1 --add-policy=subsystem.key=v2" would
138 map to this metadata:
139 [Policy subsystem]
141 key=v1;v2;
142 This option can be used multiple times.
145 --remove-policy=SUBSYSTEM.KEY=VALUE
147 Remove generic policy option. This option can be used multiple
148 times.
149 --env=VAR=VALUE
151 Set an environment variable in the application. This overrides to
152 the Context section from the application metadata. This option can
153 be used multiple times.
154 --unset-env=VAR
156 Unset an environment variable in the application. This overrides
157 the unset-environment entry in the [Context] group of the metadata,
158 and the [Environment] group. This option can be used multiple
159 times.
160 --env-fd=FD
162 Read environment variables from the file descriptor FD, and set
163 them as if via --env. This can be used to avoid environment
164 variables and their values becoming visible to other users.
165 Each environment variable is in the form VAR=VALUE followed by a
167 zero byte. This is the same format used by env -0 and
168 /proc/*/environ.
169 --own-name=NAME
171 Allow the application to own the well-known name NAME on the
172 session bus. This overrides to the Context section from the
173 application metadata. This option can be used multiple times.
174 --talk-name=NAME
176 Allow the application to talk to the well-known name NAME on the
177 session bus. This overrides to the Context section from the
178 application metadata. This option can be used multiple times.
179 --no-talk-name=NAME
181 Don't allow the application to talk to the well-known name NAME on
182 the session bus. This overrides to the Context section from the
183 application metadata. This option can be used multiple times.
184 --system-own-name=NAME
186 Allow the application to own the well known name NAME on the system
187 bus. If NAME ends with .*, it allows the application to own all
188 matching names. This overrides to the Context section from the
189 application metadata. This option can be used multiple times.
190 --system-talk-name=NAME
192 Allow the application to talk to the well known name NAME on the
193 system bus. If NAME ends with .*, it allows the application to talk
194 to all matching names. This overrides to the Context section from
195 the application metadata. This option can be used multiple times.
196 --system-no-talk-name=NAME
198 Don't allow the application to talk to the well known name NAME on
199 the system bus. If NAME ends with .*, it allows the application to
200 talk to all matching names. This overrides to the Context section
201 from the application metadata. This option can be used multiple
202 times.
203 --persist=FILENAME
205 If the application doesn't have access to the real homedir, make
206 the (homedir-relative) path FILENAME a bind mount to the
207 corresponding path in the per-application directory, allowing that
208 location to be used for persistent data. This overrides to the
209 Context section from the application metadata. This option can be
210 used multiple times.
211 --reset
213 Remove overrides. If an APP is given, remove the overrides for that
214 application, otherwise remove the global overrides.
215 --show
217 Shows overrides. If an APP is given, shows the overrides for that
218 application, otherwise shows the global overrides.
219 -v, --verbose
221 Print debug information during command processing.
222 --ostree-verbose
224 Print OSTree debug information during command processing.
225
227 $ flatpak override --nosocket=wayland org.gnome.gedit
228 $ flatpak override --filesystem=home org.mozilla.Firefox
230
232 flatpak(1), flatpak-run(1)
233flatpak FLATPAK OVERRIDE(1)