March 27, 2026

Your folder is your passport

Article URL →HN comments →

Capability-Based Security for Redox: Namespace and CWD as Capabilities

Redox turns folders into keys — fans cheer, skeptics squint

TLDR: Redox OS is turning app access into “keys” based on what an app can see and where it is, aiming for safer, simpler security. Early commenters are upbeat, while the wider crowd debates real-world usefulness and cracks jokes—yet many agree the shift could make everyday apps harder to break into.

Redox OS just dropped a brainy-but-bold security twist, and the early crowd is buzzing. In a post by Ibuki Omatsu, the team explains they’re making “where you are” (your current folder) and “what you can see” (your app’s view of the system) act like keys. Instead of asking the all-powerful kernel to handle everything, Redox pushes more control to user space and treats access like a literal permission token. Translation: apps get only the keys they’re handed — safer sandboxes, fewer surprises. Over at the comments, one early voice, als0, is all in, praising how this simplifies life for developers and security folks. Security nerds are nodding hard, saying capabilities (a fancy word for “keys”) are the grown-up way to lock doors. The broader peanut gallery? Split. Some are impressed this microkernel OS is actually shipping ideas others just blog about. Others roll their eyes with the usual “neat, but can it run my games?” energy. And yes, the memes practically write themselves: “My folder is my 2FA,” “Keys, not passwords,” and the eternal “Not another microkernel sermon.” Love it or eye-roll it, the vibe is clear: Redox isn’t just tinkering — it’s rewriting how apps get permission to touch anything. Read the post here: link

Key Points

  • Redox OS is advancing capability-based security, including userspace namespace management and CWD as a capability, funded by NLnet’s NGI Zero Commons.
  • Redox uses “Schemes” as userspace resource providers (e.g., file via RedoxFS, proc via the process manager), accessed through scheme-rooted paths.
  • Namespaces in Redox govern which schemes a process can access; only schemes registered to a process’s namespace are reachable.
  • relibc targets Redox and other OSes; on Redox it uses redox-rt to translate Redox services to POSIX and manage internal file descriptors, threads, and processes.
  • Previously, the kernel managed namespaces by ID and parsed scheme names from paths to dispatch system calls to the appropriate scheme.

Hottest takes

“this really does simplify access control and sandboxing” — als0

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.