If you are on linux you can use firejail to launch PICO-8 sandboxed. That way PICO-8 cannot access all your files, only those in its directory and its configuration directory.
I assume that you have the PICO-8 binaries in ~/pico-8 and that you are using the default config directory ~/.lexaloffle
I also assume that you are saving screenshots in the ~/pico-8 directory and not on your Desktop. To do that you need to edit the "desktop_path" line in your ~/.lexaloffle/pico-8/config.txt to be like this:
desktop_path /home/username/pico-8/screenshots/
Replace "username" with your actual Linux username for the rest of this post.
Now, install firejail from your repositories (sudo apt install firejail) or download a newer version from their website (up to you)
Create a file called pico8.profile in ~/.config/firejail
Put the following in this file:
include default.local include globals.local noblacklist ${HOME}/.lexaloffle noblacklist ${HOME}/pico-8 include disable-common.inc include disable-devel.inc include disable-interpreters.inc include disable-programs.inc whitelist ${HOME}/.lexaloffle whitelist ${HOME}/pico-8 include whitelist-common.inc include whitelist-var-common.inc apparmor caps.keep sys_chroot,sys_admin netfilter nodbus nodvd nogroups notv ?BROWSER_DISABLE_U2F: nou2f shell none disable-mnt private-dev private-tmp #noexec ${HOME} noexec /tmp |
Then you can lunch pico like this from its directory:
firejail pico8
Or, assuming you use MATE, you can create a file in /home/username/.local/share/applications/ with any filename (as long as the extension is ".desktop" I suppose) and these contents:
#!/usr/bin/env xdg-open [Desktop Entry] Version=1.0 Type=Application Terminal=false Icon=/home/username/pico-8/lexaloffle-pico8.png Icon[en_US]=/home/username/pico-8/lexaloffle-pico8.png Name[en_US]=PICO-8 Exec=firejail /home/username/pico-8/pico8 Name=PICO-8 |
and now you will have a menu shortcut to start
The desktop file may work with other desktop environments. If not you can always use the menu editor that comes with your distro. The important part is making sure that you are executing firejail with the full path to pico8 as an argument.
To verify that you are running pico8 in the proper sandbox you can open a console and try to start it up by running
firejail /home/username/pico-8/pico8
You should see something like:
Reading profile /home/username/.config/firejail/pico8.profile
I will try to make the sandbox even tighter in the future.
[Please log in to post a comment]