On Thu, May 25, 2017 at 4:52 PM, Walt Farrell <[email protected]> wrote:
> On Thu, 25 May 2017 14:24:05 -0500, John McKown < > [email protected]> wrote: > > >Well, from what I vaguely gather, this entire thread started off with the > >question of "how does an APF authorized program run a non-APF authorized > >program from a library not on the APF list?". Apparently the OP was trying > >this and got a S306-C. Or maybe he just want something like the TSO TMP > >does to "safely" (FSVO safely) invoke a program as a subroutine without > APF > >authorization. > > > >My solution for the above was to architect do a fork() to create a new > >,non-APF authorized, address space. The child would be running the same > >program at the same point in the 2nd address space (and with a different > >PID). And if I'm reading the documentation correctly, the new address > space > >is _NOT_ running APF authorized. So the program, in the child, would set > >things up to invoke the desired program. That background is why I was > >thinking LINK instead of execmvs(). Also LINK does not replace the > process > >image, so the copy of parent's key 8 storage is still accessible. If the > >child needs to update the parent's memory, then said memory needs to be > set > >up as "shared" in both processes (address spaces). > > If an APF-authorized task does a fork() then the child should also end up > running APF-authorized. It is basically an exact copy of the parent except > for the DD allocations (and loss of other TCBs). The exec() or execmvs() > that one expects the child to do next is what will take care of removing > APF-authorization during the cleanup prior to running the program that > replaces the previous process. > Thanks. I may put in an RFC on the BPX1FRK documentation to ask that it explicitly state that the APF status is maintained. Granted, in the Usage Notes, there is the sentence: "In other respects, for z/OS UNIX the child is identical to the parent." But it also states: " The child address space inherits the following address space attributes of the parent address space: 1. Region size 2. Time limi t " I really wish the list above had included: "3. APF authorization state." I just think that would make the documentation clearer. At least to me. Oh, well, I really need to "play around" with this and maybe do some actual testing. > -- > Walt > > -- Windows. A funny name for a operating system that doesn't let you see anything. Maranatha! <>< John McKown ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
