Manpage logo

flatpak-spawn - Run commands in a sandbox

NAME  SYNOPSIS  DESCRIPTION  OPTIONS  EXAMPLES  SEE ALSO 

NAME

flatpak-spawn − Run commands in a sandbox

SYNOPSIS

flatpak−spawn [OPTION...] COMMAND [ARGUMENT...]

DESCRIPTION

Unlike other flatpak commands, flatpak−spawn is available to applications inside the sandbox. It runs COMMAND outside the sandbox: either in another sandbox, or on the host.

When called without −−host, flatpak−spawn uses the Flatpak portal to create a copy of the sandbox it was called from, optionally using tighter permissions and optionally the latest version of the app and runtime (see −−latest−version).

OPTIONS

The following options are understood:

−h, −−help

Show help options and exit.

−v, −−verbose

Print debug information

−−forward−fd=FD

Forward a file descriptor

−−clear−env

Run with a clean environment

−−watch−bus

Make the spawned command exit when flatpak−spawn itself exits; notably, this occurs when its connection to the session bus is closed.

−−env=VAR=VALUE

Set an environment variable

−−latest−version

Use the latest version of the refs that are used to set up the sandbox

−−no−network

Run without network access

−−sandbox

Run fully sandboxed. See the documentation for the −−sandbox option in flatpak-run(1)

See the −−sandbox−expose and −−sandbox−expose−ro options for selective file access.

−−sandbox−expose=NAME

Expose read−write access to a file in the sandbox.

Note that absolute paths or subdirectories are not allowed. The files must be in the sandbox subdirectory of the instance directory (i.e. ˜/.var/app/$APP_ID/sandbox).

This option is useful in combination with −−sandbox (otherwise the instance directory is accessible anyway).

−−sandbox−expose−ro=NAME

Expose readonly access to a file in the sandbox.

Note that absolute paths or subdirectories are not allowed. The files must be in the sandbox subdirectory of the instance directory (i.e. ˜/.var/app/$APP_ID/sandbox).

This option is useful in combination with −−sandbox (otherwise the instance directory is accessible anyway).

−−host

Run the command unsandboxed on the host. This requires access to the org.freedesktop.Flatpak D−Bus interface.

−−directory=DIR

The working directory in which to run the command.

Note that the given directory must exist in the sandbox or, when used in conjunction with −−host, on the host.

EXAMPLES

$ flatpak−spawn ls /var/run

SEE ALSO

flatpak(1)

Updated 2026-06-01 - jenkler.se | uex.se