This page covers the current Redox security mechanisms.
- Namespaces and a capability-based system, both are implemented by the kernel but some parts can be moved to user-space.
- A namespace is a list of schemes, if you run
ls :, it will show the schemes on the current namespace.
- Each process has a namespace.
- Capabilities are customized file descriptors that carry specific actions.
Redox allows limiting a program's capabilities and thus allows sandboxing, by:
- By only putting a certain number of schemes in the program's namespace, or no scheme at all, in which case new file descriptors can't be opened.
- By forcing all functionality to occur via file descriptors (it's not finished yet).