LinSec Capability model (Section 4.2), File System Access Domains (Section 4.3) and IP Labeling (Section 4.4) mechanisms form a very powerful mandatory security model when combined. This model, however, would be of little practical value unless substantial amount of flexibility for specifying mandatory security policy on top of it was provided.
In the following three subsections elements of LinSec mandatory security model that can be configured to yield overall system mandatory security policy are listed. The individual elements listed are grouped according to the sections they were defined in. For the explanation of LinSec specific terminology please refer to the appropriate sections of this chapter.