man 1 flatpak-spawn

FLATPAK SPAWN(1)                 flatpak spawn                FLATPAK SPAWN(1)

NAME
       flatpak-spawn - Run commands in a sandbox

SYNOPSIS
       flatpak-spawn [OPTION...] COMMAND [ARGUMENT...]

DESCRIPTION
       Unlike other flatpak commands, flatpak-spawn is available to
       applications inside the sandbox. It runs COMMAND outside the sandbox,
       either in another sandbox, or on the host.

       flatpak-spawn uses the Flatpak portal to create a copy the sandbox it
       was called from, optionally using tighter permissions and the latest
       version of the app and runtime.

OPTIONS
       The following options are understood:

       -h, --help
           Show help options and exit.

       -v, --verbose
           Print debug information

       --forward-fd=FD
           Forward a file descriptor

       --clear-env
           Run with a clean environment

       --watch-bus
           Make the spawned command exit if we do

       --env=VAR=VALUE
           Set an environment variable

       --latest-version
           Use the latest version of the refs that are used to set up the
           sandbox

       --no-network
           Run without network access

       --sandbox
           Run fully sandboxed.

           See the --sandbox-expose and --sandbox-expose-ro options for
           selective file access.

       --sandbox-expose=NAME
           Expose read-write access to a file in the sandbox.

           Note that absolute paths or subdirectories are not allowed. The
           files must be in the sandbox subdirectory of the instance directory
           (i.e.  ~/.var/app/$APP_ID/sandbox).

           This option is useful in combination with --sandbox (otherwise the
           instance directory is accessible anyway).

       --sandbox-expose-ro=NAME
           Expose readonly access to a file in the sandbox.

           Note that absolute paths or subdirectories are not allowed. The
           files must be in the sandbox subdirectory of the instance directory
           (i.e.  ~/.var/app/$APP_ID/sandbox).

           This option is useful in combination with --sandbox (otherwise the
           instance directory is accessible anyway).

       --host
           Run the command unsandboxed on the host. This requires access to
           the org.freedesktop.Flatpak D-Bus interface

       --directory=DIR
           The working directory in which to run the command.

           Note that the given directory must exist in the sandbox or, when
           used in conjunction with --host, on the host.

EXAMPLES
       $ flatpak-spawn ls /var/run

SEE ALSO
       flatpak(1)

flatpak                                                       FLATPAK SPAWN(1)