xref: /illumos-gate/usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/tcpkey.xml (revision 82ae1648ab152f127ab6c9a6bdbea9e0a589a488)
1<?xml version="1.0"?>
2<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
3<!--
4 Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
5 Use is subject to license terms.
6
7 CDDL HEADER START
8
9 The contents of this file are subject to the terms of the
10 Common Development and Distribution License (the "License").
11 You may not use this file except in compliance with the License.
12
13 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
14 or http://www.opensolaris.org/os/licensing.
15 See the License for the specific language governing permissions
16 and limitations under the License.
17
18 When distributing Covered Code, include this CDDL HEADER in each
19 file and include the License file at usr/src/OPENSOLARIS.LICENSE.
20 If applicable, add the following below this CDDL HEADER, with the
21 fields enclosed by brackets "[]" replaced with your own identifying
22 information: Portions Copyright [yyyy] [name of copyright owner]
23
24 Copyright 2024 Oxide Computer Company
25
26 CDDL HEADER END
27
28	NOTE:  This service manifest is not editable; its contents will
29	be overwritten by package or patch operations, including
30	operating system upgrade.  Make customizations in a different
31	file.
32-->
33<service_bundle type='manifest' name='SUNWcsr:tcpkey'>
34
35<service
36	name='network/tcpkey'
37	type='service'
38	version='1'>
39
40	<!-- The 'tcpkey' service is delivered disabled
41	because there is not a default configuration file.
42	See note below on changing the default configuration file. -->
43
44	<create_default_instance enabled='false' />
45
46	<single_instance />
47
48	<!-- Read/Write access to /var/run required for lock files -->
49	<dependency
50		name='filesystem'
51		grouping='require_all'
52		restart_on='none'
53		type='service'>
54		<service_fmri
55			value='svc:/system/filesystem/minimal'
56		/>
57	</dependency>
58
59	<!-- If we are enabled, we should be running fairly early -->
60	<dependent
61		name='tcpkey-network'
62		grouping='optional_all'
63		restart_on='none'>
64		<service_fmri
65			value='svc:/milestone/network'
66		/>
67	</dependent>
68
69	<method_context working_directory='/'>
70		<method_credential user="root"
71			group="root"
72			privileges="basic_test,file_read,proc_fork,proc_exec,sys_ip_config"
73			/>
74	</method_context>
75
76	<exec_method
77		type='method'
78		name='start'
79		exec='/lib/svc/method/net-tcpkey %{config/config_file}'
80		timeout_seconds='60'
81	/>
82
83	<!-- To prevent tcpkey generating warnings about duplicate
84	SAs when the service is refreshed, tcpkey will flush the
85	existing SAs when it's called from smf(7). -->
86
87	<exec_method
88		type='method'
89		name='refresh'
90		exec='/lib/svc/method/net-tcpkey %{config/config_file}'
91		timeout_seconds='60'
92	/>
93
94	<exec_method
95		type='method'
96		name='stop'
97		exec='/usr/sbin/tcpkey flush'
98		timeout_seconds='60'
99	/>
100
101	<property_group name='general' type='framework'>
102		<!-- A user with this authorization can:
103
104			svcadm restart tcpkey
105			svcadm refresh tcpkey
106			svcadm mark <state> tcpkey
107			svcadm clear tcpkey
108
109		see auths(1) and user_attr(5)-->
110
111		<propval
112			name='action_authorization'
113			type='astring'
114			value='solaris.smf.manage.tcpkey'
115		/>
116		<!-- A user with this authorization can:
117
118			svcadm disable tcpkey
119			svcadm enable tcpkey
120
121		see auths(1) and user_attr(5)-->
122
123		<propval
124			name='value_authorization'
125			type='astring'
126			value='solaris.smf.manage.tcpkey'
127		/>
128	</property_group>
129
130	<!-- The properties defined below can be changed by a user
131	with 'solaris.smf.value.tcpkey' authorization using the
132	svccfg(8) command.
133
134	E.g.:
135
136	svccfg -s tcpkey setprop config/config_file = /new/config_file
137
138	The new configurations will be read on service refresh:
139
140	svcadm refresh tcpkey
141
142	Note: svcadm disable/enable does not use the new property
143	until after the service has been refreshed.
144
145	***Do not edit this manifest to change these properties! -->
146
147	<property_group name='config' type='application'>
148		<propval
149			name='config_file'
150			type='astring'
151			value='/etc/inet/secret/tcpkeys'
152		/>
153		<propval
154			name='value_authorization'
155			type='astring'
156			value='solaris.smf.value.tcpkey'
157		/>
158	</property_group>
159
160	<property_group name='startd' type='framework'>
161		<propval
162			name='duration'
163			type='astring'
164			value='transient'
165		/>
166	</property_group>
167
168	<stability value='Unstable' />
169
170	<template>
171		<common_name>
172			<loctext xml:lang='C'>
173				TCP SADB startup
174			</loctext>
175		</common_name>
176		<description>
177			<loctext xml:lang='C'>
178				Loads static security associations
179			</loctext>
180		</description>
181		<documentation>
182			<manpage title='tcpkey' section='8'
183				manpath='/usr/share/man' />
184		</documentation>
185	</template>
186</service>
187</service_bundle>
188
189