Is there a way to successfully run CSM when Java is installed on a file system mounted as NOSETUID?

Document ID : KB000044016
Last Modified Date : 14/02/2018
Show Technical Document Details

Question: 

When Shop standards dictates Java to be installed on a file system mounted with the NOSETUID attribute, is there a way to run CSM without encountering the failure.

BPXP015I HFS PROGRAM /ZOS2F3/usr/lpp/java/J7.1_64/bin/classic/libjvm.so 511 IS FROM A FILE SYSTEM MOUNTED WITH THE NOSETUID ATTRIBUTE. 

BPXP014I ENVIRONMENT MUST BE CONTROLLED FOR SERVER (BPX.SERVER) PROCESSING.  BPXM023I (MSMTC) MSM0010E CA CSM STARTUP FAILED 

Answer: 

By design, CSM makes authorized calls via JNI with our USS 'so' libraries having the +p (program controlled) attribute.  If java is installed into a separate file system

and mounted with NOSETUID,  CSM loses the necessary authorization to make those specific resource calls. 

For a successful execution of CSM, Java's file system needs to be mounted with SETUID.