1<?xml version="1.0"?> 2<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> 3<!-- 4 Copyright 2007 Sun Microsystems, Inc. All rights reserved. 5 Use is subject to license terms. 6 7 CDDL HEADER START 8 9 The contents of this file are subject to the terms of the 10 Common Development and Distribution License (the "License"). 11 You may not use this file except in compliance with the License. 12 13 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 14 or http://www.opensolaris.org/os/licensing. 15 See the License for the specific language governing permissions 16 and limitations under the License. 17 18 When distributing Covered Code, include this CDDL HEADER in each 19 file and include the License file at usr/src/OPENSOLARIS.LICENSE. 20 If applicable, add the following below this CDDL HEADER, with the 21 fields enclosed by brackets "[]" replaced with your own identifying 22 information: Portions Copyright [yyyy] [name of copyright owner] 23 24 CDDL HEADER END 25 26 NOTE: This service manifest is not editable; its contents will 27 be overwritten by package or patch operations, including 28 operating system upgrade. Make customizations in a different 29 file. 30--> 31<service_bundle type='manifest' name='SUNWcsr:manual-key'> 32 33<service 34 name='network/ipsec/manual-key' 35 type='service' 36 version='1'> 37 38 <!-- The 'manual-key' service is delivered disabled 39 because there is not a default configuration file. 40 See note below on changing the default configuration file. --> 41 42 <create_default_instance enabled='false' /> 43 44 <single_instance /> 45 46 <!-- Read/Write access to /var/run required for lock files --> 47 <dependency 48 name='filesystem' 49 grouping='require_all' 50 restart_on='none' 51 type='service'> 52 <service_fmri 53 value='svc:/system/filesystem/minimal' 54 /> 55 </dependency> 56 <!-- Kernel needs to know IPsec supported algorithms --> 57 <dependency 58 name='algorithms' 59 grouping='require_all' 60 restart_on='none' 61 type='service'> 62 <service_fmri 63 value='svc:/network/ipsec/ipsecalgs' 64 /> 65 </dependency> 66 67 <!-- If we are enabled, we should be running fairly early --> 68 69 <dependent 70 name='ipseckey-network' 71 grouping='optional_all' 72 restart_on='none'> 73 <service_fmri 74 value='svc:/milestone/network' 75 /> 76 </dependent> 77 78 <exec_method 79 type='method' 80 name='start' 81 exec='/usr/sbin/ipseckey -f %{config/config_file}' 82 timeout_seconds='60' 83 /> 84 85 <!-- To prevent ipseckey generating warnings about duplicate 86 SAs when the service is refreshed, ipseckey will flush the 87 existing SAs when its called from smf(7). --> 88 89 <exec_method 90 type='method' 91 name='refresh' 92 exec='/usr/sbin/ipseckey -f %{config/config_file}' 93 timeout_seconds='60' 94 /> 95 96 <exec_method 97 type='method' 98 name='stop' 99 exec='/usr/sbin/ipseckey flush' 100 timeout_seconds='60' 101 /> 102 103 <property_group name='general' type='framework'> 104 <!-- A user with this authorization can: 105 106 svcadm restart manual-key 107 svcadm refresh manual-key 108 svcadm mark <state> manual-key 109 svcadm clear manual-key 110 111 see auths(1) and user_attr(5)--> 112 113 <propval 114 name='action_authorization' 115 type='astring' 116 value='solaris.smf.manage.ipsec' 117 /> 118 <!-- A user with this authorization can: 119 120 svcadm disable manual-key 121 svcadm enable manual-key 122 123 see auths(1) and user_attr(5)--> 124 125 <propval 126 name='value_authorization' 127 type='astring' 128 value='solaris.smf.manage.ipsec' 129 /> 130 </property_group> 131 132 <!-- The properties defined below can be changed by a user 133 with 'solaris.smf.value.ipsec' authorization using the 134 svccfg(8) command. 135 136 EG: 137 138 svccfg -s manual-key setprop config/config_file = /new/config_file 139 140 The new configurations will be read on service refresh: 141 142 svcadm refresh ipsec/manual-key 143 144 Note: svcadm disable/enable does not use the new property 145 until after the service has been refreshed. 146 147 ***Do not edit this manifest to change these properties! --> 148 149 <property_group name='config' type='application'> 150 <propval 151 name='config_file' 152 type='astring' 153 value='/etc/inet/secret/ipseckeys' 154 /> 155 <propval 156 name='value_authorization' 157 type='astring' 158 value='solaris.smf.value.ipsec' 159 /> 160 </property_group> 161 162 <property_group name='startd' type='framework'> 163 <propval 164 name='duration' 165 type='astring' 166 value='transient' 167 /> 168 </property_group> 169 170 <stability value='Unstable' /> 171 172 <template> 173 <common_name> 174 <loctext xml:lang='C'> 175 manually keyed IPsec startup 176 </loctext> 177 </common_name> 178 <description> 179 <loctext xml:lang='C'> 180 Loads static security associations 181 </loctext> 182 </description> 183 <documentation> 184 <manpage title='ipseckey' section='8' 185 manpath='/usr/share/man' /> 186 </documentation> 187 </template> 188</service> 189</service_bundle> 190 191