This page covers the current Redox security mechanisms.

  • Redox have namespaces and a capability-based system, both are implemented by the kernel but some parts can be moved to user-space.
  • A namespace is a list of schemes, if you run ls :, it will show the schemes on the current namespace.
  • File descriptors are a form of capabilities.


Redox allows limiting a program's capabilities and thus allows sandboxing, by:

  • 1 - by only putting a certain number of schemes in the program's namespace, or no scheme at all, in which case new file descriptors can't be opened.
  • 2 - by forcing all functionality to occur via file descriptors (it's not finished yet)