A z/OS® system with RACF® SETROPTS MLACTIVE requires
all resource profiles defined in the SERVAUTH class to have a security
label. All z/OS Communications
Server profiles in the SERVAUTH class have EZA, EZB, or IST as the
first qualifier. Resource profiles that require meaningful security
labels, such as EZB.STACKACCESS and EZB.NETACCESS, are explicitly
identified in this information. The following resource profiles can
be defined with the SYSNONE security label:
- EZB.SOCKOPT.sysname.tcpname.IPV6_DSTOPTS
- EZB.SOCKOPT.sysname.tcpname.IPV6_HOPLIMIT
- EZB.SOCKOPT.sysname.tcpname.IPV6_HOPOPTS
- EZB.SOCKOPT.sysname.tcpname.IPV6_NEXTHOP
- EZB.SOCKOPT.sysname.tcpname.IPV6_PKTINFO
- EZB.SOCKOPT.sysname.tcpname.IPV6_RTHDR
- EZB.SOCKOPT.sysname.tcpname.IPV6_RTHDRDSTOPTS
- EZB.SOCKOPT.sysname.tcpname.IPV6_TCLASS
- EZB.SOCKOPT.sysname.tcpname.SO_BROADCAST
- EZB.FTP.sysname.ftpdaemonname.ACCESS.HFS
- EZB.RPCBIND.sysname.rpcbindname.REGISTRY
- EZB.TRCCTL.sysname.tcpname.OPEN
Some installations might want to define SO_BROADCAST with the
SYSLOW security label to further reduce the exposure of data write_down
by restricting datagram broadcast to users running with SYSLOW or
SYSMULTI. All other z/OS Communications
Server resource profiles can be defined with the SYSNONE security
label.