Linux implements POSIX 1003.6 (Subsection 4.2.2) capability model to minimal possible extent in order to be able to claim compliance. No flexibility in terms of specifying any form of capability policy is provided. In fact, all of the relevant configuration details have been hardcoded in a manner which ensures traditional Linux behavior5.3. Some of the elements of the capability model implementation are reused by LinSec, with substantial alterations, and some had to be excluded, as outlined in the rest of the section.
This section outlines how LinSec fits into the existing Linux capability model.