Redox OS has fundamentally restructured its security model by moving critical namespace and current working directory (CWD) management from the kernel into userspace, leveraging the openat system call as the cornerstone of this capability-based approach. This transition, detailed by developer Ibuki Omatsu, replaces the previous path-based system where the kernel parsed absolute paths to determine accessible schemes like files or TCP sockets. Instead, the kernel now only routes requests based on a directory file descriptor (`dir_fd`), significantly reducing its attack surface. nsmgr, a userspace daemon acting as a scheme-type service, now mediates access between applications and underlying schemes, while relibc updated its handling of the CWD to treat it as a file descriptor, enabling robust sandboxing features like `O_RESOLVE_BENEATH` restrictions.

This architectural shift simplifies the kernel and paves the way for advanced sandboxing.