The namespace of a process contains its private view of the world, and controls how much of the Fuchsia system the process can influence. This effectively defines the rules of the sandbox in which that process runs.

Namespaces are populated with various resource objects, including:

  • Files: Objects which contain binary data.
  • Directories: Objects which contain other objects.
  • Sockets: Objects which establish connections when opened, like named pipes.
  • Protocols and services: Objects which provide structured services when opened.
  • Devices: Objects which provide access to hardware resources.

The ​​creator of the process populates the contents of a namespace based on the set of required capabilities. A process cannot add objects to its own namespace, as this would essentially amount to that process self-granting the capabilities to access those objects.