Roles and Granularity of Protection

Another surprise in SELinux is the few number of roles that exist. Systems based on discretionary access control typically need to create more and more roles to distinguish access rights. Once this gets too cumbersome for users those systems perform role merging - they build the final set of access rights by merging the rights from all roles a user has.

When this merging becomes a pain users are put into various group thereby inheriting various rights and roles.

Associating the users with the right roles and groups is extremely critical because a programs rights to perform actions is directly related to the rights resulting from role and group membership.

Instance level access control is typically provided directly by code.

SELinux much more resembles capability or label based systems with respect to roles: They (and a users identity) are much less important. Compute objects are real principals and by restricting their actions directly the question of a users identity are much less critical. (While still being important for punishment etc.)