This Chapter provides description of the overall LinSec design and architecture. Implementation of the architecture in the Linux kernel is topic of Chapter 5. Firstly, the notion of capabilities is presented followed by all of the aspects of the LinSec Capability model (Section 4.2). Secondly, File System Access Domains (Section 4.3) are described in the same manner. Thirdly, a special form of mandatory network access control, named IP Labeling (Section 4.4), is explained. And finally, LinSec MAC security policy based on capabilities and file system access domains is put forward binding the contents of the previous sections (Section 4.5).