flatpak-override (1)
Leading comments
Title: flatpak override Author: Alexander Larsson <alexl@redhat.com> Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> Date: 08/31/2017 Manual: flatpak override Source: flatpak Language: English
NAME
flatpak-override - Override application requirementsSYNOPSIS
- flatpak override [OPTION...] APP
DESCRIPTION
By default the application gets access to the resources it requested when it is started. But the user can override it on a particular instance by specifying extra arguments to flatpak run, or every time by using flatpak override.
Unless overridden with the --user or --installation options, this command changes the default system-wide installation.
OPTIONS
The following options are understood:
-h, --help
- Show help options and exit.
--user
- Update a per-user installation.
--system
- Update the default system-wide installation.
--installation=NAME
- Updates a system-wide installation specified by NAME among those defined in /etc/flatpak/installations.d. Using --installation=default is equivalent to using --system.
--share=SUBSYSTEM
- Share a subsystem with the host session. This overrides the Context section from the application metadata. SUBSYSTEM must be one of: network, ipc. This option can be used multiple times.
--unshare=SUBSYSTEM
- Don't share a subsystem with the host session. This overrides the Context section from the application metadata. SUBSYSTEM must be one of: network, ipc. This option can be used multiple times.
--socket=SOCKET
- Expose a well-known socket to the application. This overrides to the Context section from the application metadata. SOCKET must be one of: x11, wayland, pulseaudio, system-bus, session-bus. This option can be used multiple times.
--nosocket=SOCKET
- Don't expose a well-known socket to the application. This overrides to the Context section from the application metadata. SOCKET must be one of: x11, wayland, pulseaudio, system-bus, session-bus. This option can be used multiple times.
--device=DEVICE
- Expose a device to the application. This overrides to the Context section from the application metadata. DEVICE must be one of: dri, kvm, all. This option can be used multiple times.
--nodevice=DEVICE
- Don't expose a device to the application. This overrides to the Context section from the application metadata. DEVICE must be one of: dri, kvm, all. This option can be used multiple times.
--allow=FEATURE
-
Allow access to a specific feature. This updates the [Context] group in the metadata. FEATURE must be one of: devel, multiarch. This option can be used multiple times.
The devel feature allows the application to access certain syscalls such as ptrace(), and perf_event_open().
The multiarch feature allows the application to execute programs compiled for an ABI other than the one supported natively by the system. For example, for the x86_64 architecture, 32-bit x86 binaries will be allowed as well.
--disallow=FEATURE
- Disallow access to a specific feature. This updates the [Context] group in the metadata. FEATURE must be one of: devel, multiarch. This option can be used multiple times.
--filesystem=FS
- Allow the application access to a subset of the filesystem. This overrides to the Context section from the application metadata. FS can be one of: home, host, xdg-desktop, xdg-documents, xdg-download xdg-music, xdg-pictures, xdg-public-share, xdg-templates, xdg-videos, xdg-run, xdg-config, xdg-cache, xdg-data, an absolute path, or a homedir-relative path like ~/dir or paths relative to the xdg dirs, like xdg-download/subdir. The optional :ro suffix indicates that the location will be read-only. The optional :create suffix indicates that the location will be read-write and created if it doesn't exist. This option can be used multiple times.
--nofilesystem=FILESYSTEM
- Remove access to the specified subset of the filesystem from the application. This overrides to the Context section from the application metadata. FILESYSTEM can be one of: home, host, xdg-desktop, xdg-documents, xdg-download xdg-music, xdg-pictures, xdg-public-share, xdg-templates, xdg-videos, an absolute path, or a homedir-relative path like ~/dir. This option can be used multiple times.
--env=VAR=VALUE
- Set an environment variable in the application. This overrides to the Context section from the application metadata. This option can be used multiple times.
--own-name=NAME
- Allow the application to own the well-known name NAME on the session bus. This overrides to the Context section from the application metadata. This option can be used multiple times.
--talk-name=NAME
- Allow the application to talk to the well-known name NAME on the session bus. This overrides to the Context section from the application metadata. This option can be used multiple times.
--system-own-name=NAME
- Allow the application to own the well known name NAME on the system bus. If NAME ends with .*, it allows the application to own all matching names. This overrides to the Context section from the application metadata. This option can be used multiple times.
--system-talk-name=NAME
- Allow the application to talk to the well known name NAME on the system bus. If NAME ends with .*, it allows the application to talk to all matching names. This overrides to the Context section from the application metadata. This option can be used multiple times.
--persist=FILENAME
- If the application doesn't have access to the real homedir, make the (homedir-relative) path FILENAME a bind mount to the corresponding path in the per-application directory, allowing that location to be used for persistent data. This overrides to the Context section from the application metadata. This option can be used multiple times.
-v, --verbose
- Print debug information during command processing.
--version
- Print version information and exit.
EXAMPLES
$ flatpak override --nosocket=wayland org.gnome.GEdit
$ flatpak override --filesystem=home org.mozilla.Firefox