1<?xml version="1.0"?> 2<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> 3<!-- 4 Copyright 2007 Sun Microsystems, Inc. All rights reserved. 5 Use is subject to license terms. 6 7 CDDL HEADER START 8 9 The contents of this file are subject to the terms of the 10 Common Development and Distribution License (the "License"). 11 You may not use this file except in compliance with the License. 12 13 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 14 or http://www.opensolaris.org/os/licensing. 15 See the License for the specific language governing permissions 16 and limitations under the License. 17 18 When distributing Covered Code, include this CDDL HEADER in each 19 file and include the License file at usr/src/OPENSOLARIS.LICENSE. 20 If applicable, add the following below this CDDL HEADER, with the 21 fields enclosed by brackets "[]" replaced with your own identifying 22 information: Portions Copyright [yyyy] [name of copyright owner] 23 24 Copyright 2024 Oxide Computer Company 25 26 CDDL HEADER END 27 28 NOTE: This service manifest is not editable; its contents will 29 be overwritten by package or patch operations, including 30 operating system upgrade. Make customizations in a different 31 file. 32--> 33<service_bundle type='manifest' name='SUNWcsr:tcpkey'> 34 35<service 36 name='network/tcpkey' 37 type='service' 38 version='1'> 39 40 <!-- The 'tcpkey' service is delivered disabled 41 because there is not a default configuration file. 42 See note below on changing the default configuration file. --> 43 44 <create_default_instance enabled='false' /> 45 46 <single_instance /> 47 48 <!-- Read/Write access to /var/run required for lock files --> 49 <dependency 50 name='filesystem' 51 grouping='require_all' 52 restart_on='none' 53 type='service'> 54 <service_fmri 55 value='svc:/system/filesystem/minimal' 56 /> 57 </dependency> 58 59 <!-- If we are enabled, we should be running fairly early --> 60 <dependent 61 name='tcpkey-network' 62 grouping='optional_all' 63 restart_on='none'> 64 <service_fmri 65 value='svc:/milestone/network' 66 /> 67 </dependent> 68 69 <method_context working_directory='/'> 70 <method_credential user="root" 71 group="root" 72 privileges="basic_test,file_read,proc_fork,proc_exec,sys_ip_config" 73 /> 74 </method_context> 75 76 <exec_method 77 type='method' 78 name='start' 79 exec='/lib/svc/method/net-tcpkey %{config/config_file}' 80 timeout_seconds='60' 81 /> 82 83 <!-- To prevent tcpkey generating warnings about duplicate 84 SAs when the service is refreshed, tcpkey will flush the 85 existing SAs when it's called from smf(7). --> 86 87 <exec_method 88 type='method' 89 name='refresh' 90 exec='/lib/svc/method/net-tcpkey %{config/config_file}' 91 timeout_seconds='60' 92 /> 93 94 <exec_method 95 type='method' 96 name='stop' 97 exec='/usr/sbin/tcpkey flush' 98 timeout_seconds='60' 99 /> 100 101 <property_group name='general' type='framework'> 102 <!-- A user with this authorization can: 103 104 svcadm restart tcpkey 105 svcadm refresh tcpkey 106 svcadm mark <state> tcpkey 107 svcadm clear tcpkey 108 109 see auths(1) and user_attr(5)--> 110 111 <propval 112 name='action_authorization' 113 type='astring' 114 value='solaris.smf.manage.tcpkey' 115 /> 116 <!-- A user with this authorization can: 117 118 svcadm disable tcpkey 119 svcadm enable tcpkey 120 121 see auths(1) and user_attr(5)--> 122 123 <propval 124 name='value_authorization' 125 type='astring' 126 value='solaris.smf.manage.tcpkey' 127 /> 128 </property_group> 129 130 <!-- The properties defined below can be changed by a user 131 with 'solaris.smf.value.tcpkey' authorization using the 132 svccfg(8) command. 133 134 E.g.: 135 136 svccfg -s tcpkey setprop config/config_file = /new/config_file 137 138 The new configurations will be read on service refresh: 139 140 svcadm refresh tcpkey 141 142 Note: svcadm disable/enable does not use the new property 143 until after the service has been refreshed. 144 145 ***Do not edit this manifest to change these properties! --> 146 147 <property_group name='config' type='application'> 148 <propval 149 name='config_file' 150 type='astring' 151 value='/etc/inet/secret/tcpkeys' 152 /> 153 <propval 154 name='value_authorization' 155 type='astring' 156 value='solaris.smf.value.tcpkey' 157 /> 158 </property_group> 159 160 <property_group name='startd' type='framework'> 161 <propval 162 name='duration' 163 type='astring' 164 value='transient' 165 /> 166 </property_group> 167 168 <stability value='Unstable' /> 169 170 <template> 171 <common_name> 172 <loctext xml:lang='C'> 173 TCP SADB startup 174 </loctext> 175 </common_name> 176 <description> 177 <loctext xml:lang='C'> 178 Loads static security associations 179 </loctext> 180 </description> 181 <documentation> 182 <manpage title='tcpkey' section='8' 183 manpath='/usr/share/man' /> 184 </documentation> 185 </template> 186</service> 187</service_bundle> 188 189