A kernel is a hierarchal container of device drivers: processors, busses, memory, above the usually-considered devices. As such, its responsibility is to expose the appropriate subset of the capabilities of those devices to each user-role. The syscall API must be optimized for this. User roles must not be shown operations on APIs to which they do not have rights. Protection rings are not good enough.