The flexibility provided by LinSec for specifying the mandatory security policy, in terms of the above listed elements, is immense. Policies can also be of arbitrary granularity ranging from the very coarse-grained ones that effectively mimic the traditional Linux behavior to extremely fine-grained ones that define different roles for each of the users and different privileges for every executable file. The functionality to implement the principle of Least Privilege exists, it is up to the system administrator to implement it.
LinSec mandatory security policy can be specified by any process that has CAP_LINSEC_ADMIN capability in its effective set. It should be emphasized that notion of the security policy administrator was not used in the previous sentence as the capability model dictates that access control is not based on user identities but on capability possession. One or more users in the system might be assigned CAP_LINSEC_ADMIN and act as security policy administrators.