mirror/flatpak
1
0
Fork 0
mirror of https://github.com/flatpak/flatpak.git synced 2026-03-10 19:19:04 -04:00
Code Issues Packages Projects Releases Wiki Activity

Update docs for new run command line options

Browse Source
This commit is contained in:
Alexander Larsson
2015-05-25 16:01:33 +02:00
parent 2cb54a711e
commit 16b46d3579
3 changed files with 334 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

122
doc/xdg-app-build-finish.xml
View File

@@ -87,12 +87,124 @@
</varlistentry>
<varlistentry>
<term><option>--allow=KEY</option></term>
<term><option>--share=SUBSYSTEM</option></term>
<listitem><para>
Set the KEY in the [Environment] group to true. KEY must
be one of: x11, wayland, ipc, pulseaudio, system-dbus,
session-dbus, network, host-fs, homedir, dri.
Share a subsystem with the host session. This updates
the [Context] group in the metadata.
SUBSYSTEM must be one of: network, ipc.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--unshare=SUBSYSTEM</option></term>
<listitem><para>
Don't share a subsystem with the host session. This updates
the [Context] group in the metadata.
SUBSYSTEM must be one of: network, ipc.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--socket=SOCKET</option></term>
<listitem><para>
Expose a well known socket to the application. This updates
the [Context] group in the metadata.
SOCKET must be one of: x11, wayland, pulseaudio, system-bus, session-bus.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--nosocket=SOCKET</option></term>
<listitem><para>
Don't expose a well known socket to the application. This updates
the [Context] group in the metadata.
SOCKET must be one of: x11, wayland, pulseaudio, system-bus, session-bus.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--device=DEVICE</option></term>
<listitem><para>
Expose a device to the application. This updates
the [Context] group in the metadata.
DEVICE must be one of: dri.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--nodevice=DEVICE</option></term>
<listitem><para>
Don't expose a device to the application. This updates
the [Context] group in the metadata.
DEVICE must be one of: dri.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--filesystem=FS</option></term>
<listitem><para>
Allow the application access to a subset of the filesystem.
This updates the [Context] group in the metadata.
FS can be one of: home, host, xdg-desktop, xdg-documents, xdg-download
xdg-music, xdg-pictures, xdg-public-share, xdg-templates, xdg-videos,
an absolute path, or a a homedir-relative path like ~/dir.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--env=VAR=VALUE</option></term>
<listitem><para>
Set an environment variable in the application.
This updates the [Environment] group in the metadata.
This overrides to the Context section from the application metadata.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--own-name=NAME</option></term>
<listitem><para>
Allow the application to own the well known name NAME on the session bus.
This updates the [Session Bus Policy] group in the metadata.
This overrides to the Context section from the application metadata.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--talk-name=NAME</option></term>
<listitem><para>
Allow the application to talk to the well known name NAME on the session bus.
This updates the [Session Bus Policy] group in the metadata.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--persist=FILENAME</option></term>
<listitem><para>
If the application doesn't have access to the real homedir, make the (homedir-relative) path
FILENAME a bind mount to the corresponding path in the per-application directory,
allowing that location to be used for persistant data.
This updates the [Context] group in the metadata.
This option can be used multiple times.
</para></listitem>
</varlistentry>
@@ -120,7 +232,7 @@
<title>Examples</title>
<para>
<command>$ xdg-app build-finish /build/my-app --allow=x11 --allow=ipc</command>
<command>$ xdg-app build-finish /build/my-app --socket=x11 --share=ipc</command>
</para>
<programlisting>
Exporting share/applications/gnome-calculator.desktop

120
doc/xdg-app-build.xml
View File

@@ -78,27 +78,123 @@
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--allow=KEY</option></term>
<varlistentry>
<term><option>--share=SUBSYSTEM</option></term>
<listitem><para>
Allow access to the named facility. This overrides
the Environment section from the application metadata.
KEY must be one of: x11, wayland, ipc, pulseaudio, system-dbus,
session-dbus, network, host-fs, homedir, dri.
Share a subsystem with the host session. This overrides
the Context section from the application metadata.
SUBSYSTEM must be one of: network, ipc.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--forbid=KEY</option></term>
<term><option>--unshare=SUBSYSTEM</option></term>
<listitem><para>
Disallow access to the named facility. This overrides the
Environment section from the application metadata and
--allow options to this command.
KEY must be one of: x11, wayland, ipc, pulseaudio, system-dbus,
session-dbus, network, host-fs, homedir, dri.
Don't share a subsystem with the host session. This overrides
the Context section from the application metadata.
SUBSYSTEM must be one of: network, ipc.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--socket=SOCKET</option></term>
<listitem><para>
Expose a well known socket to the application. This overrides to
the Context section from the application metadata.
SOCKET must be one of: x11, wayland, pulseaudio, system-bus, session-bus.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--nosocket=SOCKET</option></term>
<listitem><para>
Don't expose a well known socket to the application. This overrides to
the Context section from the application metadata.
SOCKET must be one of: x11, wayland, pulseaudio, system-bus, session-bus.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--device=DEVICE</option></term>
<listitem><para>
Expose a device to the application. This overrides to
the Context section from the application metadata.
DEVICE must be one of: dri.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--nodevice=DEVICE</option></term>
<listitem><para>
Don't expose a device to the application. This overrides to
the Context section from the application metadata.
DEVICE must be one of: dri.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--filesystem=FS</option></term>
<listitem><para>
Allow the application access to a subset of the filesystem.
This overrides to the Context section from the application metadata.
FS can be one of: home, host, xdg-desktop, xdg-documents, xdg-download
xdg-music, xdg-pictures, xdg-public-share, xdg-templates, xdg-videos,
an absolute path, or a a homedir-relative path like ~/dir.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--env=VAR=VALUE</option></term>
<listitem><para>
Set an environment variable in the application.
This overrides to the Context section from the application metadata.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--own-name=NAME</option></term>
<listitem><para>
Allow the application to own the well known name NAME on the session bus.
This overrides to the Context section from the application metadata.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--talk-name=NAME</option></term>
<listitem><para>
Allow the application to talk to the well known name NAME on the session bus.
This overrides to the Context section from the application metadata.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--persist=FILENAME</option></term>
<listitem><para>
If the application doesn't have access to the real homedir, make the (homedir-relative) path
FILENAME a bind mount to the corresponding path in the per-application directory,
allowing that location to be used for persistant data.
This overrides to the Context section from the application metadata.
This option can be used multiple times.
</para></listitem>
</varlistentry>

122
doc/xdg-app-run.xml
View File

@@ -53,9 +53,9 @@
</para>
<para>
The details of the sandboxed environment are controlled by the application
metadata and the --allow and --forbid options that are passed to the run
metadata and various options like --share and --socket that are passed to the run
command: Access is allowed if it was requested either in the application
metadata file or with an --allow option and the user hasn;t forbidden it.
metadata file or with an option and the user hasn't overridden it.
</para>
</refsect1>
@@ -117,26 +117,122 @@
</varlistentry>
<varlistentry>
<term><option>--allow=KEY</option></term>
<term><option>--share=SUBSYSTEM</option></term>
<listitem><para>
Allow access to the named facility. This overrides
the Environment section from the application metadata.
KEY must be one of: x11, wayland, ipc, pulseaudio, system-dbus,
session-dbus, network, host-fs, homedir, dri.
Share a subsystem with the host session. This overrides
the Context section from the application metadata.
SUBSYSTEM must be one of: network, ipc.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--forbid=KEY</option></term>
<term><option>--unshare=SUBSYSTEM</option></term>
<listitem><para>
Disallow access to the named facility. This overrides the
Environment section from the application metadata and
--allow options to this command.
KEY must be one of: x11, wayland, ipc, pulseaudio, system-dbus,
session-dbus, network, host-fs, homedir, dri.
Don't share a subsystem with the host session. This overrides
the Context section from the application metadata.
SUBSYSTEM must be one of: network, ipc.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--socket=SOCKET</option></term>
<listitem><para>
Expose a well known socket to the application. This overrides to
the Context section from the application metadata.
SOCKET must be one of: x11, wayland, pulseaudio, system-bus, session-bus.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--nosocket=SOCKET</option></term>
<listitem><para>
Don't expose a well known socket to the application. This overrides to
the Context section from the application metadata.
SOCKET must be one of: x11, wayland, pulseaudio, system-bus, session-bus.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--device=DEVICE</option></term>
<listitem><para>
Expose a device to the application. This overrides to
the Context section from the application metadata.
DEVICE must be one of: dri.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--nodevice=DEVICE</option></term>
<listitem><para>
Don't expose a device to the application. This overrides to
the Context section from the application metadata.
DEVICE must be one of: dri.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--filesystem=FS</option></term>
<listitem><para>
Allow the application access to a subset of the filesystem.
This overrides to the Context section from the application metadata.
FS can be one of: home, host, xdg-desktop, xdg-documents, xdg-download
xdg-music, xdg-pictures, xdg-public-share, xdg-templates, xdg-videos,
an absolute path, or a a homedir-relative path like ~/dir.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--env=VAR=VALUE</option></term>
<listitem><para>
Set an environment variable in the application.
This overrides to the Context section from the application metadata.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--own-name=NAME</option></term>
<listitem><para>
Allow the application to own the well known name NAME on the session bus.
This overrides to the Context section from the application metadata.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--talk-name=NAME</option></term>
<listitem><para>
Allow the application to talk to the well known name NAME on the session bus.
This overrides to the Context section from the application metadata.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--persist=FILENAME</option></term>
<listitem><para>
If the application doesn't have access to the real homedir, make the (homedir-relative) path
FILENAME a bind mount to the corresponding path in the per-application directory,
allowing that location to be used for persistant data.
This overrides to the Context section from the application metadata.
This option can be used multiple times.
</para></listitem>
</varlistentry>