Setting up program control

Program control means that all programs running in the address space have been loaded from a library that is controlled by a security product. A library identified to RACF® program control is an example. Refer to z/OS UNIX System Services Planning for additional information about program control.

If the CIM server runs with authority to BPX.SERVER or with the must-stay-clean feature, the server must run in a clean program controlled environment.

__ 1.

Ensure that all libraries are flagged as program controlled.

By default, all libraries shipped with the CIM server are flagged as program controlled. If additional provider libraries are installed, it may be required to set the program control flag manually using the extattr +p <libname> command.

__ 2.

In addition to the UNIX System Services files, mark several MVS™ libraries as program controlled. The following sample shows the according RACF commands.

Example:

RALT PROGRAM * ADDMEM('SYS1.SCEERUN'/'******'/NOPADCHK) +
			UACC(READ)
RALT PROGRAM * ADDMEM('SYS1.SCEERUN2'/'******'/NOPADCHK) +
			UACC(READ)
RDEFINE PROGRAM BLSUXTID
RALT PROGRAM BLSUXTID ADDMEM('SYS1.MIGLIB'/'******'/NOPADCHK) +
			UACC(READ)
SETROPTS WHEN(PROGRAM) REFRESH

If you are using z/OS Resource Measurement Facility™ (RMF™), then the library SYS1.SERBLINK should also be program controlled.

__ 3.

Ensure that the CIM server runtime environment runs in its own address space:

_ either start the CIM server using the provided started task procedure
_ or set the environment variable _BPX_SHAREAS=NO in your z/OS UNIX System Services shell before starting the CIM server with the cimserver command.