What does MAC provide?

Strong separation of security domains

Fine grained control over resources

Ability for the user to run suspect programs in a different domain

Domain transitions so that to run a program you don't need to have access to it's files (and it does not have to get access to all your files)

Root is no longer always all-powerful