Error opening shared memory area when you configure Guardium COMM_EXIT_LIST for DB2

If you receive an error message when you configure Guardium COMM_EXIT_LIST, authorize the DB2 instance owner with the guardctl command.

Symptoms

After you configure DB2 COMM_EXIT_LIST to use Guardium libguard and restart the DB2 server, you get the following error in the DB2 diag log.

2013-06-28-11.41.12.306169-300 E870950E486 LEVEL: Severe
PID : 15764 TID : 139905833363200 PROC : db2sysc 0
INSTANCE: db2001 NODE : 000
APPHDL : 0-16
HOSTNAME: dbhost1
EDUID : 54 EDUNAME: db2agent () 0
FUNCTION: DB2 UDB, DRDA Communication Manager, sqljcCommexitLogMessage,
probe:234
DATA #1 : String with size, 91 bytes
WARNING: Shmem_access /.guard_writer0 failed Error opening shared memory area errno=2 err=8 

Causes

The following message indicates that the Guardium library was unable to create the shared memory device that it requires.
Shmem_access /.guard_writer0 failed
Error opening shared memory area
errno=2
err=8
The DB2 instance owner must be added as an authorized user using the guardctl command.

Environment

Guardium collectors that use DB2 Exit (Version 10) Integration with S-TAP are affected.

Resolving the problem

The DB2 instance owner must be added as an authorized user by using the guardctl command.

  1. Stop the DB2 instance.
  2. Authorize the DB2 instance owner.

  3. Start the DB2 instance.

If the Guardium Installation Manager (GIM) is not installed, authorize the DB2 instance owner with the following command.

<guardium_installdir>/bin/guardctl authorize-user<db2 instance owner>

If the Guardium Installation Manager (GIM) is installed, authorize the DB2 instance owner with the following command.

<guardium_installdir>/modules/ATAP/current/files/bin/guardctl authorize-user<db2 instance owner>

For example, if the DB2 instance owner is db2001 and GIM is installed in /usr/local/guardium, the command is /usr/local/gim/modules/ATAP/current/files/bin/guardctl authorize-user db2001.