[monax]

Apps don’t get full access to memory or hardware. The kernel only maps what they’re allowed to see. Drivers live in user space, and apps talk to them through capabilities (handles you can pass around). There’s no ambient authority, you only get access if you’ve been given the key.

[Panzerschrek]

What about filesystem access rights? Does any application have full access to all user's files? Or only to files belonging to this particular application?

[monax]

Applications will each have their own namespace, and will only have access to user files if given the right to, on a per directory/file basis

[Panzerschrek]

This is a very nice approach. You should mention it on the main page of your OS site.

[spuz]

Interesting. Thanks.