usr/src/cmd/rpcbind/bind.xml

   1 <?xml version='1.0'?>
   2 <!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
   3
   4 <!--
   5     CDDL HEADER START
   6
   7     The contents of this file are subject to the terms of the
   8     Common Development and Distribution License (the "License").
   9     You may not use this file except in compliance with the License.
  10
  11     You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  12     or http://www.opensolaris.org/os/licensing.
  13     See the License for the specific language governing permissions
  14     and limitations under the License.
  15
  16     When distributing Covered Code, include this CDDL HEADER in each
  17     file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  18     If applicable, add the following below this CDDL HEADER, with the
  19     fields enclosed by brackets "[]" replaced with your own identifying
  20     information: Portions Copyright [yyyy] [name of copyright owner]
  21
  22     CDDL HEADER END
  23
  24     Copyright 2016 Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
  25     Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
  26     Copyright 2014 OmniTI Computer Consulting, Inc. All rights reserved.
  27     Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  28     Use is subject to license terms.
  29
  30     Service manifest for rpcbind
  31
  32     NOTE:  This service manifest is not editable; its contents will
  33     be overwritten by package or patch operations, including
  34     operating system upgrade.  Make customizations in a different
  35     file.
  36 -->
  37
  38 <service_bundle type='manifest' name='SUNWcsr:rpcbind'>
  39
  40 <service
  41     name='network/rpc/bind'
  42     type='service'
  43     version='1'>
  44
  45         <create_default_instance enabled='true' />
  46
  47         <single_instance />
  48
  49         <dependency
  50                 name='fs'
  51                 grouping='require_all'
  52                 restart_on='none'
  53                 type='service'>
  54                 <service_fmri value='svc:/system/filesystem/minimal' />
  55         </dependency>
  56
  57         <!--
  58                 rpcbind(8) depends on multicast routes installed by the
  59                 routing-setup service, and should be started after any IPsec
  60                 policy is configured and TCP ndd tunables are set (both
  61                 currently carried out by network/initial).
  62         -->
  63         <dependency
  64                 name='network_initial'
  65                 grouping='optional_all'
  66                 restart_on='none'
  67                 type='service'>
  68                 <service_fmri value='svc:/network/routing-setup:default' />
  69                 <service_fmri value='svc:/network/initial:default' />
  70         </dependency>
  71
  72         <dependency
  73                 name='network_ipfilter'
  74                 grouping='optional_all'
  75                 restart_on='none'
  76                 type='service'>
  77                 <service_fmri value='svc:/network/ipfilter:default' />
  78         </dependency>
  79
  80         <exec_method
  81                 type='method'
  82                 name='start'
  83                 exec='/lib/svc/method/rpc-bind %m'
  84                 timeout_seconds='60'>
  85                 <method_context>
  86                         <method_credential
  87                                 user='root'
  88                                 group='root'
  89                                 privileges='basic,file_chown,file_chown_self,file_owner,net_privaddr,proc_setid,sys_nfs'
  90                                 />
  91                 </method_context>
  92         </exec_method>
  93
  94         <exec_method
  95                 type='method'
  96                 name='refresh'
  97                 exec=':kill -HUP'
  98                 timeout_seconds='0'>
  99         </exec_method>
 100
 101         <exec_method
 102                 type='method'
 103                 name='stop'
 104                 exec='/lib/svc/method/rpc-bind %m %{restarter/contract}'
 105                 timeout_seconds='60'>
 106                 <method_context>
 107                         <method_credential
 108                                 user='root'
 109                                 group='root'
 110                                 privileges='basic,proc_owner'
 111                                 />
 112                 </method_context>
 113         </exec_method>
 114
 115         <property_group name='config' type='application' >
 116                 <!-- default property settings for rpcbind(8). -->
 117
 118                 <!-- enable_tcpwrappers affects the wrapping of rpcbind,
 119                      see rpcbind(8) and tcpd(8) for details.
 120                      The default value is 'false'.
 121                      A values of 'true' results in wrapping all UDP/TCP
 122                      calls to the portmapper with libwrap. Note that
 123                      rpcbind(8) will not resolve or lookup names while
 124                      doing tcp wrapper processing.
 125                 -->
 126                 <propval
 127                         name='enable_tcpwrappers'
 128                         type='boolean'
 129                         value='false' />
 130
 131                 <!-- verbose_logging affects the amount of information
 132                      which is logged by the tcpwrapper code.
 133                      The default is 'false'.
 134                      This property has no effect when tcp wrappers are not
 135                      enabled.
 136                 -->
 137                 <propval
 138                         name='verbose_logging'
 139                         type='boolean'
 140                         value='false' />
 141
 142                 <!-- allow_indirect affects the forwarding of RPC calls
 143                      indirect rpcbind calls using rpcb_rmtcall(3NSL).
 144                      The default value is 'true'. By default this is allowed
 145                      for all services except for a handful.
 146                      A value of 'false' stops all indirect calls. This will
 147                      also disable broadcast rpc. NIS broadcast clients rely
 148                      on this functionality to exist on NIS servers.
 149                 -->
 150                 <propval
 151                         name='allow_indirect'
 152                         type='boolean'
 153                         value='true' />
 154
 155                 <!-- local_only specifies whether rpcbind should allow
 156                      calls from hosts other than the localhost.
 157                      Setting local_only to true will make rpcbind serve
 158                      only those requests that come in from the local machine.
 159                      Setting local_only to false will allow access from
 160                      other hosts.
 161                 -->
 162                 <propval
 163                         name='local_only'
 164                         type='boolean'
 165                         value='true' />
 166
 167                 <!-- to configure rpc/bind -->
 168                 <propval name='value_authorization' type='astring'
 169                         value='solaris.smf.value.rpc.bind' />
 170
 171                 <propval
 172                         name='listen_backlog'
 173                         type='integer'
 174                         value='64' />
 175
 176                 <propval
 177                         name='max_threads'
 178                         type='integer'
 179                         value='72' />
 180         </property_group>
 181
 182         <!-- Authorization -->
 183         <property_group name='general' type='framework'>
 184                 <!-- to operate rpc/bind -->
 185                 <propval name='action_authorization' type='astring'
 186                         value='solaris.smf.manage.rpc.bind' />
 187         </property_group>
 188
 189         <property_group name='firewall_context' type='com.sun,fw_definition'>
 190                 <propval name='name' type='astring' value='sunrpc' />
 191         </property_group>
 192
 193         <property_group name='firewall_config' type='com.sun,fw_configuration'>
 194                 <propval name='policy' type='astring' value='use_global' />
 195                 <propval name='block_policy' type='astring'
 196                         value='use_global' />
 197                 <propval name='apply_to' type='astring' value='' />
 198                 <propval name='apply_to_6' type='astring' value='' />
 199                 <propval name='exceptions' type='astring' value='' />
 200                 <propval name='exceptions_6' type='astring' value='' />
 201                 <propval name='target' type='astring' value='' />
 202                 <propval name='target_6' type='astring' value='' />
 203                 <propval name='value_authorization' type='astring'
 204                         value='solaris.smf.value.firewall.config' />
 205         </property_group>
 206
 207         <stability value='Unstable' />
 208
 209         <template>
 210                 <common_name>
 211                         <loctext xml:lang='C'>
 212                                 RPC bindings
 213                         </loctext>
 214                 </common_name>
 215                 <documentation>
 216                         <manpage title='rpcbind' section='8'
 217                                 manpath='/usr/share/man' />
 218                 </documentation>
 219         </template>
 220
 221 </service>
 222
 223 </service_bundle>