This page covers the current Redox security mechanisms.

  • Namespaces and a capability-based system, both are implemented by the kernel but some parts can be moved to user-space.
  • A namespace is a list of schemes, if you run ls :, it will show the schemes on the current namespace.
  • Each process has a namespace.
  • Capabilities are customized file descriptors that carry specific actions.


Redox allows limiting a program's capabilities and thus allows sandboxing, by:

    • By only putting a certain number of schemes in the program's namespace, or no scheme at all, in which case new file descriptors can't be opened.
    • By forcing all functionality to occur via file descriptors (it's not finished yet).