Interprocess communication (IPC) requires RACF® to do authorization and permission checking. IPC facilities of the z/OS UNIX system allow two or more distinct processes to communicate with each other. RACF protects this environment so that only those processes with the correct authority can communicate.

Interprocess communication consists of message queueing, semaphores, and shared memory segments used by application programs. Each function requires a security action by z/OS UNIX, which RACF performs to allow a secure environment to exist.

The IPC security packet (IISP) contains data needed to make security decisions. It is built when a new ID for an IPC key is created and is saved in memory by the kernel. The IISP is used in place of a profile in the RACF database to contain information about the IPC key's owner and access rights.

The makeISP service initializes the IPC security packet (IISP) for a new IPC key with the creator's user and group identifiers (UID and GID), the owner's UID and GID, the mode bits, the IPC key, and the IPC ID.

The ck_IPC_access service determines whether the current process has the requested access to an IPC key. The IISP of the key is passed with this request. The ck_IPC_access service is called separately for each IPC key.

For the z/OS UNIX IPC_SET command, the R_IPC_ctl service modifies the owner's UID, owner's GID, and mode bits in the IISP for the IPC key if the authority is correct. For the z/OS UNIX IPC_RMID command, the R_IPC_ctl service checks the authority of the current process to determine whether the resource can be removed.

The IISP consists of two parts, the root and the extension. The root is mapped by macro IRRPIISP. The root contains a pointer to the extension, which is mapped by the z/OS UNIX mapping macro BPXYIPCP. Other products can read the IISP for reporting purposes using the IRRPIISP and BPXYIPCP mapping macros.

For the mapping of the IPC security packet, see z/OS Security Server RACF Data Areas.