When a new process is created, it has no capabilities. The process relies entirely on its creator to provide capabilities through the set of handles passed to it. One might also say that an empty process has no ambient authority.
Because of this, processes are usually created with some initial resources and capabilities. The fuchsia.process.Launcher protocol provides the low-level interface to create new processes on the system from an executable and a set of kernel object handles. Most software uses the component framework, which simplifies the work of setting up a new process to execute some code with a standard set of initial capabilities. You will explore components in more detail later on.
Some initial handles given to a process are directories that the process mounts into its namespace.
