Host System (RHEL)
Kernel, display server, audio, filesystem
Runtimes provide shared libraries (GTK, Qt, etc.) used by multiple apps, reducing disk usage. When you install your first Flatpak app, the required runtime downloads too — subsequent apps sharing that runtime reuse it.
Installing Flatpak on RHEL
# Install Flatpak (RHEL 8/9)
sudo dnf install flatpak
# Verify installation
flatpak --version
Flatpak 1.12.8# Check current remotes
flatpak remotes
Name Options
rhel system
✓ RHEL 9
Flatpak is included by default in RHEL 9 workstation installations with the Red Hat remote pre-configured.
System vs User
System installs (sudo) go to /var/lib/flatpak. User installs (no sudo) go to ~/.local/share/flatpak.
Red Hat Ecosystem Catalog
The Red Hat Ecosystem Catalog provides curated, tested Flatpak applications that are supported for use on RHEL systems.
Benefits
Applications tested with RHEL
Security updates from Red Hat
Enterprise support available
Signed packages for integrity
Available Apps
LibreOffice productivity suite
Firefox web browser
GIMP image editor
And many more…
# The Red Hat remote is typically pre-configured
flatpak remotes
Name Options
rhel system,oci
Managing Remotes
# List configured remotes
flatpak remotes --show-details
# Add Flathub remote (largest third-party repo)
flatpak remote-add --if-not-exists flathub \
https://dl.flathub.org/repo/flathub.flatpakrepo
# Add remote for current user only
flatpak remote-add --user --if-not-exists flathub \
https://dl.flathub.org/repo/flathub.flatpakrepo
# Remove a remote
flatpak remote-delete flathub
# Disable a remote temporarily
flatpak remote-modify --disable flathub
⚠ Enterprise Note: Third-party remotes like Flathub may not be approved for use in your organization. Always follow your security policies.
Searching for Applications
# Search all configured remotes
flatpak search firefox
Name Description Application ID
Firefox Fast, Private & Safe Web Browser org.mozilla.firefox# Search with more details
flatpak search --columns=all libreoffice
# List all available apps from a specific remote
flatpak remote-ls rhel --app
# Show app info before installing
flatpak remote-info rhel org.mozilla.firefox
Application IDs: Flatpak uses reverse-DNS naming (e.g., org.mozilla.firefox). You'll need this ID for install and run commands.
Use flatpak remote-info before installing to see an app's version, required runtime, permissions, and download size.
Installing Applications
# Install from default remote
flatpak install org.mozilla.firefox
# Install from specific remote
flatpak install rhel org.libreoffice.LibreOffice
# Install without prompts (scripting)
flatpak install -y rhel org.gimp.GIMP
# Install for current user only
flatpak install --user flathub org.videolan.VLC
# Install a specific version/branch
flatpak install rhel org.mozilla.firefox//stable
First Install: The first app you install will also download the required runtime. This can be several hundred MB but only happens once — subsequent apps using the same runtime share it.
Running Applications
# Run an installed application
flatpak run org.mozilla.firefox
# Run with environment variable
flatpak run --env=GTK_THEME=Adwaita:dark org.gimp.GIMP
# Run specific version
flatpak run org.mozilla.firefox//stable
# Run with additional permissions (temporary override)
flatpak run --filesystem=/media org.videolan.VLC
Desktop Integration
Flatpak apps appear in your application menu automatically and can be launched like any other app.
Command-Line Launch
flatpak run is useful for troubleshooting, passing options, or running in scripts.
Updating Applications
# Update all installed applications
flatpak update
# Update a specific application
flatpak update org.mozilla.firefox
# Update without prompts
flatpak update -y
# Check what would be updated (dry run)
flatpak update --no-deploy
# Update user installations only
flatpak update --user
✓ Delta Updates: Flatpak only downloads changed data, making updates fast and bandwidth-efficient — even large applications update quickly after the initial install.
Automatic Updates: GNOME Software can automatically update Flatpak apps. Check Settings → Software Updates for options.
Managing Installed Apps
# List all installed applications
flatpak list --app
Name Application ID Version Branch Origin
Firefox org.mozilla.firefox 120.0 stable rhel
LibreOffice org.libreoffice.LibreOffice 7.6.3 stable rhel# List installed runtimes too
flatpak list --runtime
# Show detailed info about installed app
flatpak info org.mozilla.firefox
# Show disk usage
flatpak list --app --columns=name,size
# Remove unused runtimes (housekeeping)
flatpak uninstall --unused
Run flatpak uninstall --unused periodically to remove orphaned runtimes — old versions that no apps need anymore — and reclaim disk space.
Removing Applications
# Remove an application (keeps app data)
flatpak uninstall org.gimp.GIMP
# Remove and delete all app data
flatpak uninstall --delete-data org.gimp.GIMP
# Remove without prompts
flatpak uninstall -y org.videolan.VLC
# Remove unused runtimes (cleanup)
flatpak uninstall --unused
# Remove all from a specific remote
flatpak uninstall --all --from=flathub
⚠ Data Persistence: By default, uninstall keeps application data in ~/.var/app/. Use --delete-data to remove everything — this permanently deletes configuration and saved data.
Permissions & Security
# View app permissions
flatpak info --show-permissions org.mozilla.firefox
# Override permissions (grant filesystem access)
flatpak override --filesystem=/mnt/data org.videolan.VLC
# Override for user only
flatpak override --user --filesystem=home org.gimp.GIMP
# Remove an override
flatpak override --reset org.videolan.VLC
# List current overrides
flatpak override --show org.mozilla.firefox
Common Permission Flags:--filesystem | --device | --socket | --share=network
Flatpak Security Model
Applications run sandboxed and must explicitly request access to system resources. This is a significant security improvement compared to traditional RPM packages which have full system access.
Flatseal is a graphical tool for managing Flatpak permissions. Install it from Flatpak and use it to visually view and adjust what each app can access — no command line needed.
The permission model is important for both security hardening (restricting what apps can access) and troubleshooting (granting access when an app can't reach files it needs).
Flatpak vs RPM
Aspect
Flatpak
RPM (dnf)
Sandboxing
Yes, by default
No (full system access)
Dependencies
Bundled in runtimes
Shared system libraries
Updates
Independent of OS
Tied to OS version
Root required
Optional (--user)
Yes (system packages)
Best for
Desktop applications
System tools, servers, CLI
Recommendation: Use RPM for system software and CLI tools. Use Flatpak for desktop applications where sandboxing and latest versions are beneficial. In practice, most RHEL systems use both.
Key Takeaways
1
Flatpak provides sandboxed, distribution-agnostic desktop applications with bundled runtimes and delta updates.
2
The Red Hat Ecosystem Catalog offers tested, supported apps for RHEL — pre-configured on RHEL 9 workstation.
3
Key commands:search | install | update | list | uninstall
4
Use override to manage application permissions and access to filesystem, devices, and network.