As Linux has very little protection for IPC mechanisms and none in particular for INET sockets, the desire was felt to extend the capability model to cover that aspect of the system as well.
LinSec allows a set of capabilities to be associated with an bound socket of INET family by the owning process denoting capabilities required for local processes to communicate to the socket. This mechanism enables fine grained control of who connects and sends messages to a certain socket locally on per socket basis. In conjunction with traditional firewall solutions a complete protection for sockets can, thus, be established both regarding requests coming from network (handled by a firewall) or the ones coming from the local machine (handled by LinSec). Furthermore, the mechanism enables administrators to run services for strictly defined groups of users.