{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreid2pjyjn3zikrzzzphgk2dqyzuif4dsgqz3qmp5fmzmrq73zphw2a",
    "uri": "at://did:plc:ipuirpjeoqzha3idxt36xc47/app.bsky.feed.post/3mhhhkdwcggp2"
  },
  "path": "/news/nlnet-cap-nsmgr-cwd/",
  "publishedAt": "2026-03-17T00:00:00.000Z",
  "site": "https://www.redox-os.org",
  "tags": [
    "“Capability-based security for Redox”",
    "NGI Zero Commons",
    "NLnet",
    "Capability-based security"
  ],
  "textContent": "Hello everyone! I’m Ibuki Omatsu. I’m currently working on the project “Capability-based security for Redox”, graciously funded by NGI Zero Commons and NLnet.\n\nIn this post, I’ll explain “Namespace management in Userspace” and “CWD as a Capability”. We’ll explore how we reimplemented the namespace that previously was managed by the kernel, and the previously string-based CWD management, using capabilities.\n\nYou might want to read about Capability-based security if you are unfamiliar with it. A simplified description is that an open file descriptor is a capability, because it identifies a resource and the application’s access rights for that resource. Capability-based security expects that all resources will be accessed starting from a capability.",
  "title": "Capability-based Security for Redox: Namespace and CWD as capabilities"
}