A Capability is a token possessed by an operating system subject granting access to one or more operating system objects. Subjects are considered to be active entities within an running operating system eg. a process. Subjects may also be regarded as objects for some operations eg. a process (subject) sending signal to another process (object). Objects are entities on which an operation is performed.
Whereas Access Control List (ACL) access control model bases its decisions on identity of the subject requesting access to an object (as with each object a list of subjects and allowed access modes is associated), Capability model bases its decisions on possession of the appropriate token by the subject irrespective of its identity.
As of version 2.2.0 a limited support for POSIX capabilities is implemented, through a very basic4.1 form of Process Capabilities, in Linux kernel. LinSec extends it to support User Capabilities (Subsection 4.2.5) and Executable File Capabilities (Subsection 4.2.4), which were neither supported by Linux kernel nor was there a intention, among Linux community, to support them.