Although LOMAC's division of the system attempts to parallel the traditional UNIX root/non-root boundary for the sake of compatibility, LOMAC's protection mechanism does not depend on the Linux kernel's existing root-identity-based protection mechanism. LOMAC provides protection by observing requests for service made by processes at the kernel's system call interface, and denying those requests it identifies as threats to the integrity of the system. It is not aware of the Linux notion of user identity; consequently it does not allow the root user any special privileges. Conversely, LOMAC does not override, disable, or weaken the existing Linux protection mechanisms: When LOMAC is running, an operation will be allowed if and only if both LOMAC and the existing Linux protection mechanisms agree it should be allowed.
Since LOMAC's strategy of controlling the transfer of data is orthogonal to the traditional UNIX root-based mechanism, it is also orthogonal to efforts to increase the granularity of this root-based mechanism, such as Linux-privs [21].