From the project README: "Flatpak is a system for building, distributing and running sandboxed desktop applications on Linux."
From flatpak(1):
Flatpak is a tool for managing applications and the runtimes they use. In the Flatpak model, applications can be built and distributed independently from the host system they are used on, and they are isolated from the host system ('sandboxed') to some degree, at runtime.
Flatpak uses OSTree to distribute and deploy data. The repositories it uses are OSTree repositories and can be manipulated with the ostree utility. Installed runtimes and applications are OSTree checkouts.
Note: If you want to build flatpaks with flatpak-builder you will need to install the optional dependencies of elfutils and patch.
Note: By default, every flatpak command works system-wide, i.e. packages are installed for all users in the computer and flatpak requires the user to supply root's password. To install packages and work with repositories on a single user (with no need of superuser rights) you can add the option --user to each command. If you want, for example, to add a repository only visible to you, you should run flatpak remote-add --user name location. To install a package visible only to you, run flatpack install --user package-name.
To add a remote flatpak repository do:
$ flatpak remote-add name location
where name is the name for the new remote, and location is the path or URL for the repository.
For example to add the official Flathub repository:
$ flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
To delete a remote flatpak repository do:
$ flatpak remote-delete name
where name is the name of the remote repository to be deleted.
To list all the added repositories do:
$ flatpak remotes
Before being able to search for a runtime or application in a newly added remote repository, we need to retrieve the appstream data for it:
$ flatpak update
Looking for updates...
Updating appstream data for remote name
Then we can proceed to search for a package with flatpak search packagename, e.g. to look for the package libreoffice with the flathub remote configured:
$ flatpak search libreoffice
Application ID Version Branch Remotes Description
org.libreoffice.LibreOffice stable flathub The LibreOffice productivity suite
To list all available runtimes and applications in a remote repository named remote do:
$ flatpak remote-ls remote
To install a runtime or application do:
$ flatpak install remote name
where remote is the name of the remote repository, and name is the name of the application or runtime to install.
Tip: You can use partial identifiers flatpak install partial-name (for example flatpak install libreoffice).
To list installed runtimes and applications do:
$ flatpak list
Binaries are available in /var/lib/flatpak/exports/bin, which is automatically added to $PATH by /etc/profile.d/flatpak-bindir.sh. You may have to re-login to apply the change.
Flatpak applications can also be run with the command line:
$ flatpak run name
To update a runtime or application named name do:
$ flatpak update name
To uninstall a runtime or application named name do:
$ flatpak uninstall name
Tip: You can uninstall unused flatpak "refs" (aka orphans with no application/runtime) with flatpak uninstall --unused.
Flatpak expects window managers to respect the XDG_DATA_DIRS environment variable to discover applications. This variable is set by the script /etc/profile.d/flatpak.sh. Updating the environment may require restarting the session. If the launcher does not support XDG_DATA_DIRS, you can edit the list of directories scanned and add these to it:
~/.local/share/flatpak/exports/share/applications
/var/lib/flatpak/exports/share/applications
This is known to be necessary in Awesome.
Flatpak applications come with predefined sandbox rules which defines the resources and file system paths the application is allowed to access. To view the specific application permissions do:
$ flatpak info --show-permissions name
The reference of the sandbox permission names can be found on official flatpak documentation.
If you find the predefined permissions of the application too lax or too restrictive you can change to anything you want using flatpak override command. For example:
flatpak override --nofilesystem=home name
This will prevent the application access to your home folder.
Every type of permission such as device, filesystem or socket has an command line option that allows that particular permission and a separated option that denies. For example, in case of device access --device=device_name allows access, --nodevice=device_name denies the permission to access device.
For all permission types commands consult the manual page: flatpak-override(1)
Permission overrides can be reset to defaults with command:
$ flatpak override --reset name
Flatseal is a GUI permissions manager which offer simple point-and-click permissions operations.