macOS sandboxing
The itch.io sandbox uses built-in macOS facility sandbox-exec
.
It dynamically generates sandbox policy when launching a game, which:
- gives read access to the usual things needed by games
- gives write access to a few ~/Library folders
- explicitly denies a few known sensitive locations
Here's the policy template the itch app uses:
Troubleshooting
If your game is broken by the itch.io sandbox on macOS, we recommend using
the built-in Console.app
to watch out for permission denials. Look in
particular for sandboxd
messages.
Since Console.app shows system-wide logs for all applications, it may be a bit chatty. Shutting down applications you don't actively use can help reduce the amount of irrelevant messages.
The default sandbox policy should be more than enough to get most games running, but if you run into an issue that you need help resolving, feel free to open an issue on our Issue Tracker