Usage notes

Callers (including z/OS UNIX) can use the IRRENS00 service after checking that RCVTENVS='1'B. The address for IRRENS00 is obtained from RCVTENVP.
To ensure that a message is saved, the mark-uncontrolled function of IRRENS00 should be used rather than setting TCBNCTL directly.
Only IRRENS00 sets, checks, or resets the keep-controlled indicators. Resetting can occur when the reset function is requested, or at other times if IRRENS00 determines that the environment no longer needs to be kept controlled. For example, during a mark-uncontrolled request IRRENS00 might find RACF's keep-controlled indicator set, but find no open program-accessed data sets and no execute-controlled modules present. In this case, it turns off RACF's keep-controlled indicator, and if the z/OS UNIX indicator is off, it honors the request.
The z/OS® UNIX mark-uncontrolled indicator is kept internally by the security product, and is set in addition to TCBNCTL. Defining BPX.DAEMON.HFSCTL in the FACILITY class requests that z/OS UNIX enforce file system control only. This option is appropriate when the loading of uncontrolled files must be restricted to protect against changes made by superusers, but the loading of uncontrolled programs from MVS™ libraries does not introduce any security concerns.
With file system control in effect, z/OS UNIX passes the z/OS UNIX mark-uncontrolled indicator to IRRENS00 when an uncontrolled file is loaded from the file system. The message passed with the first z/OS UNIX mark-uncontrolled request is always saved.

With file system control in effect, z/OS UNIX passes the check z/OS UNIX mark-uncontrolled indicator to IRRENS00 on a keep-controlled request indicating that the request to keep-controlled should only fail if z/OS UNIX marked the environment uncontrolled.

The z/OS UNIX mark-uncontrolled indicator is reset when the messages saved for previous mark-uncontrolled requests are cleared by the reset function.