Security
When running Lune scripts, it’s important to know that any scripts you execute have full access to your device - this means access to your files, programs, and more. It is generally good to be cautious when running scripts from sources you don’t trust.
Here are some ways to run untrusted scripts more safely:
- Running Lune scripts in a custom sandboxed environment
- Using a containerized environment such as Docker
- Using a virtual machine
Sandboxing
Section titled “Sandboxing”Lune provides a basic but functional sandboxing example. We’ll show you how to use it here, but for production use and proper security, using a container or virtual machine is highly recommended.
-
Copy the sandbox module and save it as
sandbox.luau
. -
Place the untrusted script you want to run next to the
sandbox.luau
file.Terminal lune run sandbox.luau script.luau -- [ARGUMENTS_HERE]Replace
script.luau
and[ARGUMENTS_HERE]
with the path to your script and any arguments you want to pass to it. -
As the script runs, any attempts to access potentially dangerous modules will require your approval before continuing. Any method calls within approved modules will be logged.
The output from the sandbox script and the script being run will be clearly separated, so you can see what’s happening.