[E-Lang] E FAQ

Jonathan S. Shapiro shap@eros-os.org
Tue, 16 Oct 2001 13:15:21 -0400

Discretionary control means control that the program *elects* to use. A
program that has the ability to perform setegid() but does not do so is
using discretionary control. Mandatory control means control that a program
is subjected to. A program that receives a read-only capability is subjected
to a mandatory control, because it cannot obtain a read-write capability
from it.

Another way to view this:

Confinement is a discretionary control to the requestor (who can elect not
to use it) but a mandatory control on the yield (who is subjected to it
whether they like it or not).

The "possible moves" nomenclature becomes confusing in non-object systems.
If a program is *able* to make a request, but the request is denied reliably
due to exogenous controls, this is still considered a mandatory control. It
is clearly preferable to prevent improper requests from being makeable, but
this is not required to satisfy the test of being mandatory.