When Your Disk Says It’s Full and You Have No Idea Why
I was in the middle of a normal workday when I got a “No space left on device” error while building a Docker image. Checked df -h — the / partition was at 97%. Ran du -sh /* to track down the culprit, and the result caught me off guard:
$ du -sh /var/lib/flatpak
18G /var/lib/flatpak18GB. Just from Flatpak alone. I’d been using Fedora as my main development machine for nearly two years and was pretty happy with its package update cadence — but I’d never paid attention to how runtimes were quietly piling up with every app install. This post is the result of an evening spent cleaning things up and digging into how Flatpak actually works under the hood.
What Flatpak Is and Why Fedora Uses It
Flatpak packages apps to run inside a sandbox, isolated from the rest of the system. Each app carries its own runtime — the set of libraries it needs to run. So installing a 100MB app that drags along a few hundred megabytes of runtime is completely normal, not a bug.
Fedora Workstation has integrated Flatpak and Flathub by default since Fedora 38. The main reasons:
- GUI applications like Spotify, Discord, and Slack don’t have official RPMs — Flatpak is the cleanest way to install them.
- Sandboxing isolates applications, reducing the risk of system-wide impact.
- Updates are independent of DNF — you get the latest app versions without waiting for a Fedora release.
Sandboxing doesn’t mean absolute security. As for storage — leave it unattended for a year and you’ll find out.
Hands-On: Managing Flatpak from A to Z
Installation and Flathub Setup
On a fresh Fedora Workstation install, Flatpak is already available. You just need to add the Flathub repository:
# Add Flathub repo (official, largest app selection)
flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
# Check available remotes
flatpak remotesBeyond Flathub, Fedora also includes a default fedora remote — containing builds maintained by the Fedora team. In practice I rarely use it since Flathub updates much faster.
Installing, Searching, and Removing Applications
# Search for an app
flatpak search firefox
# Install (--user: current user only, saves disk space)
flatpak install flathub org.mozilla.firefox
flatpak install --user flathub com.spotify.Client
# Run an app
flatpak run org.mozilla.firefox
# List installed apps
flatpak list --app
# Uninstall an app
flatpak uninstall org.mozilla.firefox
# Uninstall app AND delete user data
flatpak uninstall --delete-data org.mozilla.firefoxWorth knowing: flatpak uninstall does not delete user data by default. Data remains at ~/.var/app/ — if you want a clean removal, add --delete-data.
Understanding the Sandbox and Permissions
Most users install an app and run it — that’s where they stop. But permissions are actually the more important thing to pay attention to. Each Flatpak app runs with the privileges declared in its manifest, and some apps declare quite broad access. Check them with:
# View app permissions
flatpak info --show-permissions com.spotify.Client
# Or use flatpak-override to view/edit
flatpak override --show com.spotify.ClientAn app may declare access to the filesystem, network, audio devices, and more. If you see filesystem=home, that means it can read your entire home directory — no different from a native app. The sandbox provides very little protection at that point. Understanding how Linux file permissions work makes it much easier to reason about what these declarations actually grant.
To restrict permissions:
# Revoke filesystem access
flatpak override --nofilesystem=home com.someapp.App
# Allow access to a specific directory
flatpak override --filesystem=~/Downloads com.someapp.App
# Reset to default permissions
flatpak override --reset com.someapp.AppA more visual approach is Flatseal — a GUI for managing permissions. It’s what I use daily:
flatpak install flathub com.github.tchx84.FlatsealStorage Optimization — The Most Overlooked Part
Back to the original problem: 18GB from Flatpak. The main culprit is unused runtimes — old runtimes left behind after updates or app removals.
# Check all available runtimes (including unused ones)
flatpak list --runtime
# Check size of each runtime
du -sh /var/lib/flatpak/runtime/*
du -sh ~/.local/share/flatpak/runtime/* # if installed with --userThe first command I run whenever I suspect abnormal disk usage:
# Remove all unused runtimes and apps
flatpak uninstall --unused
# Preview what will be removed (dry run)
flatpak uninstall --unused --dry-runThat one time, I freed up nearly 11GB with a single command. Flatpak keeps old runtimes around after each update to allow rollbacks when needed — a reasonable mechanism, but it eats up storage if you don’t clean up periodically.
Keeping apps updated also helps prevent old versions from accumulating:
# Update all apps and runtimes
flatpak update
# Update a specific app
flatpak update org.mozilla.firefox
# After updating, clean up unused
flatpak uninstall --unusedSystem-Wide vs. Per-User Installation
I often see Fedora users defaulting to system-wide installs for everything. It’s actually worth thinking about which approach makes sense:
- System-wide (without
--user): runtimes live in/var/lib/flatpak, requires sudo, shared across all users on the machine. - Per-user (
--user): runtimes live in~/.local/share/flatpak, no sudo required, scoped to the current user only.
On a personal machine with a single user, use --user for most apps — no sudo needed and easier to manage. On multi-user machines or servers, system-wide makes more sense.
A Periodic Cleanup Script
I wrote a small script and added it to a weekly cron job (you can also convert this to a systemd timer for more control):
#!/bin/bash
# /usr/local/bin/flatpak-cleanup.sh
echo "=== Flatpak cleanup: $(date) ==="
echo "Before:"
du -sh /var/lib/flatpak 2>/dev/null
du -sh ~/.local/share/flatpak 2>/dev/null
flatpak update -y
flatpak uninstall --unused -y
echo "After:"
du -sh /var/lib/flatpak 2>/dev/null
du -sh ~/.local/share/flatpak 2>/dev/null# Make executable and do a test run
chmod +x /usr/local/bin/flatpak-cleanup.sh
/usr/local/bin/flatpak-cleanup.sh
# Add to crontab (runs every Sunday at 3 AM)
crontab -e
# Add the line:
# 0 3 * * 0 /usr/local/bin/flatpak-cleanup.sh >> /var/log/flatpak-cleanup.log 2>&1Conclusion
Flatpak genuinely is convenient — Spotify, Discord, and Slack install cleanly without hunting down unofficial RPMs or adding sketchy repositories. But if you’re not actively cleaning up, storage can creep into the tens of gigabytes without you noticing — exactly what happened to me.
Two commands are all you really need: flatpak uninstall --unused to clear out stale runtimes, and flatpak override (or Flatseal) to keep permissions in check. A weekly cleanup script handles the rest.
After cleaning up and switching to per-user installs, my machine went from 18GB down to around 4GB. Still not a small number — but well worth what Flatpak brings to the table.
