Provided by: flatpak_1.14.10-1_amd64 
NAME
flatpak-run - Run an application or open a shell in a runtime
SYNOPSIS
flatpak run [OPTION...] REF [ARG...]
DESCRIPTION
If REF names an installed application, Flatpak runs the application in a sandboxed environment. Extra
arguments are passed on to the application. The current branch and arch of the application is used unless
otherwise specified with --branch or --arch. See flatpak-make-current(1).
If REF names a runtime, a shell is opened in the runtime. This is useful for development and testing. If
there is ambiguity about which branch to use, you will be prompted to choose. Use --branch to avoid this.
The primary arch is used unless otherwise specified with --arch.
By default, Flatpak will look for the application or runtime in the per-user installation first, then in
all system installations. This can be overridden with the --user, --system and --installation options.
Flatpak creates a sandboxed environment for the application to run in by mounting the right runtime at
/usr and a writable directory at /var, whose content is preserved between application runs. The
application itself is mounted at /app.
The details of the sandboxed environment are controlled by the application metadata and various options
like --share and --socket that are passed to the run command: Access is allowed if it was requested
either in the application metadata file or with an option and the user hasn't overridden it.
The remaining arguments are passed to the command that gets run in the sandboxed environment. See the
--file-forwarding option for handling of file arguments.
Environment variables are generally passed on to the sandboxed application, with certain exceptions. The
application metadata can override environment variables, as well as the --env option. Apart from that,
Flatpak always unsets or overrides the following variables, since their session values are likely to
interfere with the functioning of the sandbox:
PATH
LD_LIBRARY_PATH
LD_PRELOAD
LD_AUDIT
XDG_CONFIG_DIRS
XDG_DATA_DIRS
XDG_RUNTIME_DIR
SHELL
TEMP
TEMPDIR
TMP
TMPDIR
PYTHONPATH
PERLLIB
PERL5LIB
XCURSOR_PATH
KRB5CCNAME
XKB_CONFIG_ROOT
GIO_EXTRA_MODULES
GDK_BACKEND
VK_ADD_DRIVER_FILES
VK_ADD_LAYER_PATH
VK_DRIVER_FILES
VK_ICD_FILENAMES
VK_LAYER_PATH
__EGL_EXTERNAL_PLATFORM_CONFIG_DIRS
__EGL_EXTERNAL_PLATFORM_CONFIG_FILENAMES
__EGL_VENDOR_LIBRARY_DIRS
__EGL_VENDOR_LIBRARY_FILENAMES
Also several environment variables with the prefix "GST_" that are used by gstreamer are unset (since
Flatpak 1.12.5).
Flatpak also overrides the XDG environment variables to point sandboxed applications at their writable
filesystem locations below ~/.var/app/$APPID/:
XDG_DATA_HOME
XDG_CONFIG_HOME
XDG_CACHE_HOME
XDG_STATE_HOME (since Flatpak 1.13)
Apps can use the --persist=.local/state and --unset-env=XDG_STATE_HOME options to get a Flatpak
1.13-compatible ~/.local/state on older versions of Flatpak.
The host values of these variables are made available inside the sandbox via these HOST_-prefixed
variables:
HOST_XDG_DATA_HOME
HOST_XDG_CONFIG_HOME
HOST_XDG_CACHE_HOME
HOST_XDG_STATE_HOME (since Flatpak 1.13)
Flatpak sets the environment variable FLATPAK_ID to the application ID of the running app.
Flatpak also bind-mounts as read-only the host's /etc/os-release (if available, or /usr/lib/os-release as
a fallback) to /run/host/os-release in accordance with the os-release specification[1].
If parental controls support is enabled, flatpak will check the current user’s parental controls
settings, and will refuse to run an app if it is blocklisted for the current user.
OPTIONS
The following options are understood:
-h, --help
Show help options and exit.
-u, --user
Look for the application and runtime in per-user installations.
--system
Look for the application and runtime in the default system-wide installations.
--installation=NAME
Look for the application and runtime in the system-wide installation specified by NAME among those
defined in /etc/flatpak/installations.d/. Using --installation=default is equivalent to using
--system.
-v, --verbose
Print debug information during command processing.
--ostree-verbose
Print OSTree debug information during command processing.
--arch=ARCH
The architecture to run. See flatpak --supported-arches for architectures supported by the host.
--command=COMMAND
The command to run instead of the one listed in the application metadata.
--cwd=DIR
The directory to run the command in. Note that this must be a directory inside the sandbox.
--branch=BRANCH
The branch to use.
-d, --devel
Use the devel runtime that is specified in the application metadata instead of the regular runtime,
and use a seccomp profile that is less likely to break development tools.
--runtime=RUNTIME
Use this runtime instead of the one that is specified in the application metadata. This is a full
tuple, like for example org.freedesktop.Sdk/x86_64/1.2, but partial tuples are allowed. Any empty or
missing parts are filled in with the corresponding values specified by the app.
--runtime-version=VERSION
Use this version of the runtime instead of the one that is specified in the application metadata.
This overrides any version specified with the --runtime option.
--share=SUBSYSTEM
Share a subsystem with the host session. This overrides the Context section from the application
metadata. SUBSYSTEM must be one of: network, ipc. This option can be used multiple times.
--unshare=SUBSYSTEM
Don't share a subsystem with the host session. This overrides the Context section from the
application metadata. SUBSYSTEM must be one of: network, ipc. This option can be used multiple
times.
--socket=SOCKET
Expose a well known socket to the application. This overrides to the Context section from the
application metadata. SOCKET must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus,
session-bus, ssh-auth, pcsc, cups, gpg-agent. This option can be used multiple times.
--nosocket=SOCKET
Don't expose a well known socket to the application. This overrides to the Context section from the
application metadata. SOCKET must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus,
session-bus, ssh-auth, pcsc, cups, gpg-agent. This option can be used multiple times.
--device=DEVICE
Expose a device to the application. This overrides to the Context section from the application
metadata. DEVICE must be one of: dri, kvm, shm, all. This option can be used multiple times.
--nodevice=DEVICE
Don't expose a device to the application. This overrides to the Context section from the application
metadata. DEVICE must be one of: dri, kvm, shm, all. This option can be used multiple times.
--allow=FEATURE
Allow access to a specific feature. This overrides to the Context section from the application
metadata. FEATURE must be one of: devel, multiarch, bluetooth. This option can be used multiple
times.
See flatpak-build-finish(1) for the meaning of the various features.
--disallow=FEATURE
Disallow access to a specific feature. This overrides to the Context section from the application
metadata. FEATURE must be one of: devel, multiarch, bluetooth. This option can be used multiple
times.
--filesystem=FILESYSTEM
Allow the application access to a subset of the filesystem. This overrides to the Context section
from the application metadata. FILESYSTEM can be one of: home, host, host-os, host-etc, xdg-desktop,
xdg-documents, xdg-download, xdg-music, xdg-pictures, xdg-public-share, xdg-templates, xdg-videos,
xdg-run, xdg-config, xdg-cache, xdg-data, an absolute path, or a homedir-relative path like ~/dir or
paths relative to the xdg dirs, like xdg-download/subdir. The optional :ro suffix indicates that the
location will be read-only. The optional :create suffix indicates that the location will be
read-write and created if it doesn't exist. This option can be used multiple times. See the
"[Context] filesystems" list in flatpak-metadata(5) for details of the meanings of these filesystems.
--nofilesystem=FILESYSTEM
Undo the effect of a previous --filesystem=FILESYSTEM in the app's manifest and/or the overrides set
up with flatpak-override(1). This overrides the Context section of the application metadata.
FILESYSTEM can take the same values as for --filesystem, but the :ro and :create suffixes are not
used here. This option can be used multiple times.
This option does not prevent access to a more narrowly-scoped --filesystem. For example, if an
application has the equivalent of --filesystem=xdg-config/MyApp in its manifest or as a system-wide
override, and flatpak override --user --nofilesystem=home as a per-user override, then it will be
prevented from accessing most of the home directory, but it will still be allowed to access
$XDG_CONFIG_HOME/MyApp.
As a special case, --nofilesystem=host:reset will ignore all --filesystem permissions inherited from
the app manifest or flatpak-override(1), in addition to having the behaviour of --nofilesystem=host.
--add-policy=SUBSYSTEM.KEY=VALUE
Add generic policy option. For example, "--add-policy=subsystem.key=v1 --add-policy=subsystem.key=v2"
would map to this metadata:
[Policy subsystem]
key=v1;v2;
This option can be used multiple times.
--remove-policy=SUBSYSTEM.KEY=VALUE
Remove generic policy option. This option can be used multiple times.
--env=VAR=VALUE
Set an environment variable in the application. This overrides to the Context section from the
application metadata. This option can be used multiple times.
--unset-env=VAR
Unset an environment variable in the application. This overrides the unset-environment entry in the
[Context] group of the metadata, and the [Environment] group. This option can be used multiple times.
--env-fd=FD
Read environment variables from the file descriptor FD, and set them as if via --env. This can be
used to avoid environment variables and their values becoming visible to other users.
Each environment variable is in the form VAR=VALUE followed by a zero byte. This is the same format
used by env -0 and /proc/*/environ.
--own-name=NAME
Allow the application to own the well known name NAME on the session bus. If NAME ends with .*, it
allows the application to own all matching names. This overrides to the Context section from the
application metadata. This option can be used multiple times.
--talk-name=NAME
Allow the application to talk to the well known name NAME on the session bus. If NAME ends with .*,
it allows the application to talk to all matching names. This overrides to the Context section from
the application metadata. This option can be used multiple times.
--no-talk-name=NAME
Don't allow the application to talk to the well known name NAME on the session bus. If NAME ends with
.*, it allows the application to talk to all matching names. This overrides to the Context section
from the application metadata. This option can be used multiple times.
--system-own-name=NAME
Allow the application to own the well known name NAME on the system bus. If NAME ends with .*, it
allows the application to own all matching names. This overrides to the Context section from the
application metadata. This option can be used multiple times.
--system-talk-name=NAME
Allow the application to talk to the well known name NAME on the system bus. If NAME ends with .*, it
allows the application to talk to all matching names. This overrides to the Context section from the
application metadata. This option can be used multiple times.
--system-no-talk-name=NAME
Don't allow the application to talk to the well known name NAME on the system bus. If NAME ends with
.*, it allows the application to talk to all matching names. This overrides to the Context section
from the application metadata. This option can be used multiple times.
--persist=FILENAME
If the application doesn't have access to the real homedir, make the (homedir-relative) path FILENAME
a bind mount to the corresponding path in the per-application directory, allowing that location to be
used for persistent data. This overrides to the Context section from the application metadata. This
option can be used multiple times.
--no-session-bus
Run this instance without the filtered access to the session dbus connection. Note, this is the
default when run with --sandbox.
--session-bus
Allow filtered access to the session dbus connection. This is the default, except when run with
--sandbox.
In sandbox mode, even if you allow access to the session bus the sandbox cannot talk to or own the
application ids (org.the.App.*) on the bus (unless explicitly added), only names in the .Sandboxed
subset (org.the.App.Sandboxed.* and org.mpris.MediaPlayer2.org.the.App.Sandboxed.*).
--no-a11y-bus
Run this instance without the access to the accessibility bus. Note, this is the default when run
with --sandbox.
--a11y-bus
Allow access to the accessibility bus. This is the default, except when run with --sandbox.
--sandbox
Run the application in sandboxed mode, which means dropping all the extra permissions it would
otherwise have, as well as access to the session/system/a11y busses and document portal.
--log-session-bus
Log session bus traffic. This can be useful to see what access you need to allow in your D-Bus
policy.
--log-system-bus
Log system bus traffic. This can be useful to see what access you need to allow in your D-Bus policy.
-p, --die-with-parent
Kill the entire sandbox when the launching process dies.
--parent-pid=PID
Specifies the pid of the "parent" flatpak, used by --parent-expose-pids and --parent-share-pids.
--parent-expose-pids
Make the processes of the new sandbox visible in the sandbox of the parent flatpak, as defined by
--parent-pid.
--parent-share-pids
Use the same process ID namespace for the processes of the new sandbox and the sandbox of the parent
flatpak, as defined by --parent-pid. Implies --parent-expose-pids.
--instance-id-fd
Write the instance ID string to the given file descriptor.
--file-forwarding
If this option is specified, the remaining arguments are scanned, and all arguments that are enclosed
between a pair of '@@' arguments are interpreted as file paths, exported in the document store, and
passed to the command in the form of the resulting document path. Arguments between '@@u' and '@@'
are considered uris, and any file: uris are exported. The exports are non-persistent and with read
and write permissions for the application.
--app-path=PATH
Instead of mounting the app's content on /app in the sandbox, mount PATH on /app, and the app's
content on /run/parent/app. If the app has extensions, they will also be redirected into
/run/parent/app, and will not be included in the LD_LIBRARY_PATH inside the sandbox.
--app-path=
As a special case, --app-path= (with an empty PATH) results in an empty directory being mounted on
/app.
--usr-path=PATH
Instead of mounting the runtime's files on /usr in the sandbox, mount PATH on /usr, and the runtime's
normal files on /run/parent/usr. If the runtime has extensions, they will also be redirected into
/run/parent/usr, and will not be included in the LD_LIBRARY_PATH inside the sandbox.
This option will usually only be useful if it is combined with --app-path= and
--env=LD_LIBRARY_PATH=....
EXAMPLES
$ flatpak run org.gnome.gedit
$ flatpak run --devel --command=bash org.gnome.Builder
$ flatpak run --command=bash org.gnome.Sdk
SEE ALSO
flatpak(1), flatpak-override(1), flatpak-enter(1)
NOTES
1. os-release specification
https://www.freedesktop.org/software/systemd/man/os-release.html