diff --git a/doc/xdg-app-build-finish.xml b/doc/xdg-app-build-finish.xml
index a3825ae9..f22ba4ed 100644
--- a/doc/xdg-app-build-finish.xml
+++ b/doc/xdg-app-build-finish.xml
@@ -87,12 +87,124 @@
-
+
- Set the KEY in the [Environment] group to true. KEY must
- be one of: x11, wayland, ipc, pulseaudio, system-dbus,
- session-dbus, network, host-fs, homedir, dri.
+ Share a subsystem with the host session. This updates
+ the [Context] group in the metadata.
+ SUBSYSTEM must be one of: network, ipc.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ Don't share a subsystem with the host session. This updates
+ the [Context] group in the metadata.
+ SUBSYSTEM must be one of: network, ipc.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ Expose a well known socket to the application. This updates
+ the [Context] group in the metadata.
+ SOCKET must be one of: x11, wayland, pulseaudio, system-bus, session-bus.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ Don't expose a well known socket to the application. This updates
+ the [Context] group in the metadata.
+ SOCKET must be one of: x11, wayland, pulseaudio, system-bus, session-bus.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ Expose a device to the application. This updates
+ the [Context] group in the metadata.
+ DEVICE must be one of: dri.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ Don't expose a device to the application. This updates
+ the [Context] group in the metadata.
+ DEVICE must be one of: dri.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ Allow the application access to a subset of the filesystem.
+ This updates the [Context] group in the metadata.
+ FS can be one of: home, host, xdg-desktop, xdg-documents, xdg-download
+ xdg-music, xdg-pictures, xdg-public-share, xdg-templates, xdg-videos,
+ an absolute path, or a a homedir-relative path like ~/dir.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ Set an environment variable in the application.
+ This updates the [Environment] group in the metadata.
+ This overrides to the Context section from the application metadata.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ Allow the application to own the well known name NAME on the session bus.
+ This updates the [Session Bus Policy] group in the metadata.
+ This overrides to the Context section from the application metadata.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ Allow the application to talk to the well known name NAME on the session bus.
+ This updates the [Session Bus Policy] group in the metadata.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ If the application doesn't have access to the real homedir, make the (homedir-relative) path
+ FILENAME a bind mount to the corresponding path in the per-application directory,
+ allowing that location to be used for persistant data.
+ This updates the [Context] group in the metadata.
This option can be used multiple times.
@@ -120,7 +232,7 @@
Examples
- $ xdg-app build-finish /build/my-app --allow=x11 --allow=ipc
+ $ xdg-app build-finish /build/my-app --socket=x11 --share=ipc
Exporting share/applications/gnome-calculator.desktop
diff --git a/doc/xdg-app-build.xml b/doc/xdg-app-build.xml
index a1659b7e..82fbdb4c 100644
--- a/doc/xdg-app-build.xml
+++ b/doc/xdg-app-build.xml
@@ -78,27 +78,123 @@
-
-
+
+
- Allow access to the named facility. This overrides
- the Environment section from the application metadata.
- KEY must be one of: x11, wayland, ipc, pulseaudio, system-dbus,
- session-dbus, network, host-fs, homedir, dri.
+ Share a subsystem with the host session. This overrides
+ the Context section from the application metadata.
+ SUBSYSTEM must be one of: network, ipc.
This option can be used multiple times.
-
+
- Disallow access to the named facility. This overrides the
- Environment section from the application metadata and
- --allow options to this command.
- KEY must be one of: x11, wayland, ipc, pulseaudio, system-dbus,
- session-dbus, network, host-fs, homedir, dri.
+ Don't share a subsystem with the host session. This overrides
+ the Context section from the application metadata.
+ SUBSYSTEM must be one of: network, ipc.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ Expose a well known socket to the application. This overrides to
+ the Context section from the application metadata.
+ SOCKET must be one of: x11, wayland, pulseaudio, system-bus, session-bus.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ Don't expose a well known socket to the application. This overrides to
+ the Context section from the application metadata.
+ SOCKET must be one of: x11, wayland, pulseaudio, system-bus, session-bus.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ Expose a device to the application. This overrides to
+ the Context section from the application metadata.
+ DEVICE must be one of: dri.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ Don't expose a device to the application. This overrides to
+ the Context section from the application metadata.
+ DEVICE must be one of: dri.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ Allow the application access to a subset of the filesystem.
+ This overrides to the Context section from the application metadata.
+ FS can be one of: home, host, xdg-desktop, xdg-documents, xdg-download
+ xdg-music, xdg-pictures, xdg-public-share, xdg-templates, xdg-videos,
+ an absolute path, or a a homedir-relative path like ~/dir.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ Set an environment variable in the application.
+ This overrides to the Context section from the application metadata.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ Allow the application to own the well known name NAME on the session bus.
+ This overrides to the Context section from the application metadata.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ Allow the application to talk to the well known name NAME on the session bus.
+ This overrides to the Context section from the application metadata.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ If the application doesn't have access to the real homedir, make the (homedir-relative) path
+ FILENAME a bind mount to the corresponding path in the per-application directory,
+ allowing that location to be used for persistant data.
+ This overrides to the Context section from the application metadata.
This option can be used multiple times.
diff --git a/doc/xdg-app-run.xml b/doc/xdg-app-run.xml
index d5e17282..63eaaa47 100644
--- a/doc/xdg-app-run.xml
+++ b/doc/xdg-app-run.xml
@@ -53,9 +53,9 @@
The details of the sandboxed environment are controlled by the application
- metadata and the --allow and --forbid options that are passed to the run
+ metadata and various options like --share and --socket that are passed to the run
command: Access is allowed if it was requested either in the application
- metadata file or with an --allow option and the user hasn;t forbidden it.
+ metadata file or with an option and the user hasn't overridden it.
@@ -117,26 +117,122 @@
-
+
- Allow access to the named facility. This overrides
- the Environment section from the application metadata.
- KEY must be one of: x11, wayland, ipc, pulseaudio, system-dbus,
- session-dbus, network, host-fs, homedir, dri.
+ Share a subsystem with the host session. This overrides
+ the Context section from the application metadata.
+ SUBSYSTEM must be one of: network, ipc.
This option can be used multiple times.
-
+
- Disallow access to the named facility. This overrides the
- Environment section from the application metadata and
- --allow options to this command.
- KEY must be one of: x11, wayland, ipc, pulseaudio, system-dbus,
- session-dbus, network, host-fs, homedir, dri.
+ Don't share a subsystem with the host session. This overrides
+ the Context section from the application metadata.
+ SUBSYSTEM must be one of: network, ipc.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ Expose a well known socket to the application. This overrides to
+ the Context section from the application metadata.
+ SOCKET must be one of: x11, wayland, pulseaudio, system-bus, session-bus.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ Don't expose a well known socket to the application. This overrides to
+ the Context section from the application metadata.
+ SOCKET must be one of: x11, wayland, pulseaudio, system-bus, session-bus.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ Expose a device to the application. This overrides to
+ the Context section from the application metadata.
+ DEVICE must be one of: dri.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ Don't expose a device to the application. This overrides to
+ the Context section from the application metadata.
+ DEVICE must be one of: dri.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ Allow the application access to a subset of the filesystem.
+ This overrides to the Context section from the application metadata.
+ FS can be one of: home, host, xdg-desktop, xdg-documents, xdg-download
+ xdg-music, xdg-pictures, xdg-public-share, xdg-templates, xdg-videos,
+ an absolute path, or a a homedir-relative path like ~/dir.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ Set an environment variable in the application.
+ This overrides to the Context section from the application metadata.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ Allow the application to own the well known name NAME on the session bus.
+ This overrides to the Context section from the application metadata.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ Allow the application to talk to the well known name NAME on the session bus.
+ This overrides to the Context section from the application metadata.
+ This option can be used multiple times.
+
+
+
+
+
+
+
+ If the application doesn't have access to the real homedir, make the (homedir-relative) path
+ FILENAME a bind mount to the corresponding path in the per-application directory,
+ allowing that location to be used for persistant data.
+ This overrides to the Context section from the application metadata.
This option can be used multiple times.