Skip to content

macOS sandbox blocks RenPy save files #7

New issue
New issue
Open
Open
macOS sandbox blocks RenPy save files#7
@leafo

Description

@leafo
leafo
opened on Feb 20, 2026

RenPy games cannot save or load under the macOS sandbox. RenPy defaults to storing save data in ~/Library/RenPy/<game_name>/, which is not in the sandbox's allowed path list.

This was originally reported as itchio/itch#2223, and remains unfixed in the current sandbox policy.

Sandbox violations observed

SandboxViolation: DDLC(1863) deny(1) file-read-data ~/Library/RenPy/DDLC-1454445547/persistent
SandboxViolation: DDLC(1863) deny(1) file-write-create ~/Library/RenPy/DDLC-1454445547/text.txt

Context

  • RenPy's default save location on macOS is ~/Library/RenPy/<save_directory>/, configured via config.save_directory in the game's scripts. This is confirmed in the current RenPy docs.
  • The game-specific directory name (e.g. DDLC-1454445547) is an arbitrary string set by the game developer inside compiled .rpyc scripts, so it cannot be easily detected externally without archive scanning.
  • The macOS sandbox (sandbox-exec / Seatbelt) is purely restrictive, it cannot remap or virtualize filesystem paths, so there is no way to transparently redirect saves into an already-allowed location.

Current allowed ~/Library subpaths

From runner/policies/sandboxexec.go:

  • ~/Library/Application Support
  • ~/Library/Preferences
  • ~/Library/Logs
  • ~/Library/Caches
  • ~/Library/KeyBindings
  • ~/Library/Saved Application State

~/Library/RenPy is not included.

Possible fixes

  • Add ~/Library/RenPy to the allowed file* subpaths in the sandbox policy. This directory is low-risk, it is only used by RenPy games for save data and preferences, but will allow games to read other games data and get game play history. Weakens expectations around the sandbox, ideally we avoid this
  • Detect the game name and allow only ~/Library/RenPy/<game_name>: Need to do some work with scanned archives, or do a heuristic scan locally after installation
  • Use RenPy's --savedir flag to redirect saves: Engine-specific, would need per-engine detection logic, and changes save locations from what players expect, but can write to a directory we allow within the sandbox. Can also have the user manually set it up with launch args.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions