11edba515SAndy Fiddaman<?xml version="1.0"?> 21edba515SAndy Fiddaman<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> 31edba515SAndy Fiddaman<!-- 41edba515SAndy Fiddaman Copyright 2007 Sun Microsystems, Inc. All rights reserved. 51edba515SAndy Fiddaman Use is subject to license terms. 61edba515SAndy Fiddaman 71edba515SAndy Fiddaman CDDL HEADER START 81edba515SAndy Fiddaman 91edba515SAndy Fiddaman The contents of this file are subject to the terms of the 101edba515SAndy Fiddaman Common Development and Distribution License (the "License"). 111edba515SAndy Fiddaman You may not use this file except in compliance with the License. 121edba515SAndy Fiddaman 131edba515SAndy Fiddaman You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 141edba515SAndy Fiddaman or http://www.opensolaris.org/os/licensing. 151edba515SAndy Fiddaman See the License for the specific language governing permissions 161edba515SAndy Fiddaman and limitations under the License. 171edba515SAndy Fiddaman 181edba515SAndy Fiddaman When distributing Covered Code, include this CDDL HEADER in each 191edba515SAndy Fiddaman file and include the License file at usr/src/OPENSOLARIS.LICENSE. 201edba515SAndy Fiddaman If applicable, add the following below this CDDL HEADER, with the 211edba515SAndy Fiddaman fields enclosed by brackets "[]" replaced with your own identifying 221edba515SAndy Fiddaman information: Portions Copyright [yyyy] [name of copyright owner] 231edba515SAndy Fiddaman 241edba515SAndy Fiddaman Copyright 2024 Oxide Computer Company 251edba515SAndy Fiddaman 261edba515SAndy Fiddaman CDDL HEADER END 271edba515SAndy Fiddaman 281edba515SAndy Fiddaman NOTE: This service manifest is not editable; its contents will 291edba515SAndy Fiddaman be overwritten by package or patch operations, including 301edba515SAndy Fiddaman operating system upgrade. Make customizations in a different 311edba515SAndy Fiddaman file. 321edba515SAndy Fiddaman--> 331edba515SAndy Fiddaman<service_bundle type='manifest' name='SUNWcsr:tcpkey'> 341edba515SAndy Fiddaman 351edba515SAndy Fiddaman<service 361edba515SAndy Fiddaman name='network/tcpkey' 371edba515SAndy Fiddaman type='service' 381edba515SAndy Fiddaman version='1'> 391edba515SAndy Fiddaman 401edba515SAndy Fiddaman <!-- The 'tcpkey' service is delivered disabled 411edba515SAndy Fiddaman because there is not a default configuration file. 421edba515SAndy Fiddaman See note below on changing the default configuration file. --> 431edba515SAndy Fiddaman 441edba515SAndy Fiddaman <create_default_instance enabled='false' /> 451edba515SAndy Fiddaman 461edba515SAndy Fiddaman <single_instance /> 471edba515SAndy Fiddaman 481edba515SAndy Fiddaman <!-- Read/Write access to /var/run required for lock files --> 491edba515SAndy Fiddaman <dependency 501edba515SAndy Fiddaman name='filesystem' 511edba515SAndy Fiddaman grouping='require_all' 521edba515SAndy Fiddaman restart_on='none' 531edba515SAndy Fiddaman type='service'> 541edba515SAndy Fiddaman <service_fmri 551edba515SAndy Fiddaman value='svc:/system/filesystem/minimal' 561edba515SAndy Fiddaman /> 571edba515SAndy Fiddaman </dependency> 581edba515SAndy Fiddaman 591edba515SAndy Fiddaman <!-- If we are enabled, we should be running fairly early --> 601edba515SAndy Fiddaman <dependent 611edba515SAndy Fiddaman name='tcpkey-network' 621edba515SAndy Fiddaman grouping='optional_all' 631edba515SAndy Fiddaman restart_on='none'> 641edba515SAndy Fiddaman <service_fmri 651edba515SAndy Fiddaman value='svc:/milestone/network' 661edba515SAndy Fiddaman /> 671edba515SAndy Fiddaman </dependent> 681edba515SAndy Fiddaman 69*82ae1648SAndy Fiddaman <method_context working_directory='/'> 701edba515SAndy Fiddaman <method_credential user="root" 711edba515SAndy Fiddaman group="root" 721edba515SAndy Fiddaman privileges="basic_test,file_read,proc_fork,proc_exec,sys_ip_config" 731edba515SAndy Fiddaman /> 741edba515SAndy Fiddaman </method_context> 751edba515SAndy Fiddaman 761edba515SAndy Fiddaman <exec_method 771edba515SAndy Fiddaman type='method' 781edba515SAndy Fiddaman name='start' 791edba515SAndy Fiddaman exec='/lib/svc/method/net-tcpkey %{config/config_file}' 801edba515SAndy Fiddaman timeout_seconds='60' 811edba515SAndy Fiddaman /> 821edba515SAndy Fiddaman 831edba515SAndy Fiddaman <!-- To prevent tcpkey generating warnings about duplicate 841edba515SAndy Fiddaman SAs when the service is refreshed, tcpkey will flush the 851edba515SAndy Fiddaman existing SAs when it's called from smf(7). --> 861edba515SAndy Fiddaman 871edba515SAndy Fiddaman <exec_method 881edba515SAndy Fiddaman type='method' 891edba515SAndy Fiddaman name='refresh' 901edba515SAndy Fiddaman exec='/lib/svc/method/net-tcpkey %{config/config_file}' 911edba515SAndy Fiddaman timeout_seconds='60' 921edba515SAndy Fiddaman /> 931edba515SAndy Fiddaman 941edba515SAndy Fiddaman <exec_method 951edba515SAndy Fiddaman type='method' 961edba515SAndy Fiddaman name='stop' 971edba515SAndy Fiddaman exec='/usr/sbin/tcpkey flush' 981edba515SAndy Fiddaman timeout_seconds='60' 991edba515SAndy Fiddaman /> 1001edba515SAndy Fiddaman 1011edba515SAndy Fiddaman <property_group name='general' type='framework'> 1021edba515SAndy Fiddaman <!-- A user with this authorization can: 1031edba515SAndy Fiddaman 1041edba515SAndy Fiddaman svcadm restart tcpkey 1051edba515SAndy Fiddaman svcadm refresh tcpkey 1061edba515SAndy Fiddaman svcadm mark <state> tcpkey 1071edba515SAndy Fiddaman svcadm clear tcpkey 1081edba515SAndy Fiddaman 1091edba515SAndy Fiddaman see auths(1) and user_attr(5)--> 1101edba515SAndy Fiddaman 1111edba515SAndy Fiddaman <propval 1121edba515SAndy Fiddaman name='action_authorization' 1131edba515SAndy Fiddaman type='astring' 1141edba515SAndy Fiddaman value='solaris.smf.manage.tcpkey' 1151edba515SAndy Fiddaman /> 1161edba515SAndy Fiddaman <!-- A user with this authorization can: 1171edba515SAndy Fiddaman 1181edba515SAndy Fiddaman svcadm disable tcpkey 1191edba515SAndy Fiddaman svcadm enable tcpkey 1201edba515SAndy Fiddaman 1211edba515SAndy Fiddaman see auths(1) and user_attr(5)--> 1221edba515SAndy Fiddaman 1231edba515SAndy Fiddaman <propval 1241edba515SAndy Fiddaman name='value_authorization' 1251edba515SAndy Fiddaman type='astring' 1261edba515SAndy Fiddaman value='solaris.smf.manage.tcpkey' 1271edba515SAndy Fiddaman /> 1281edba515SAndy Fiddaman </property_group> 1291edba515SAndy Fiddaman 1301edba515SAndy Fiddaman <!-- The properties defined below can be changed by a user 1311edba515SAndy Fiddaman with 'solaris.smf.value.tcpkey' authorization using the 1321edba515SAndy Fiddaman svccfg(8) command. 1331edba515SAndy Fiddaman 1341edba515SAndy Fiddaman E.g.: 1351edba515SAndy Fiddaman 1361edba515SAndy Fiddaman svccfg -s tcpkey setprop config/config_file = /new/config_file 1371edba515SAndy Fiddaman 1381edba515SAndy Fiddaman The new configurations will be read on service refresh: 1391edba515SAndy Fiddaman 1401edba515SAndy Fiddaman svcadm refresh tcpkey 1411edba515SAndy Fiddaman 1421edba515SAndy Fiddaman Note: svcadm disable/enable does not use the new property 1431edba515SAndy Fiddaman until after the service has been refreshed. 1441edba515SAndy Fiddaman 1451edba515SAndy Fiddaman ***Do not edit this manifest to change these properties! --> 1461edba515SAndy Fiddaman 1471edba515SAndy Fiddaman <property_group name='config' type='application'> 1481edba515SAndy Fiddaman <propval 1491edba515SAndy Fiddaman name='config_file' 1501edba515SAndy Fiddaman type='astring' 1511edba515SAndy Fiddaman value='/etc/inet/secret/tcpkeys' 1521edba515SAndy Fiddaman /> 1531edba515SAndy Fiddaman <propval 1541edba515SAndy Fiddaman name='value_authorization' 1551edba515SAndy Fiddaman type='astring' 1561edba515SAndy Fiddaman value='solaris.smf.value.tcpkey' 1571edba515SAndy Fiddaman /> 1581edba515SAndy Fiddaman </property_group> 1591edba515SAndy Fiddaman 1601edba515SAndy Fiddaman <property_group name='startd' type='framework'> 1611edba515SAndy Fiddaman <propval 1621edba515SAndy Fiddaman name='duration' 1631edba515SAndy Fiddaman type='astring' 1641edba515SAndy Fiddaman value='transient' 1651edba515SAndy Fiddaman /> 1661edba515SAndy Fiddaman </property_group> 1671edba515SAndy Fiddaman 1681edba515SAndy Fiddaman <stability value='Unstable' /> 1691edba515SAndy Fiddaman 1701edba515SAndy Fiddaman <template> 1711edba515SAndy Fiddaman <common_name> 1721edba515SAndy Fiddaman <loctext xml:lang='C'> 1731edba515SAndy Fiddaman TCP SADB startup 1741edba515SAndy Fiddaman </loctext> 1751edba515SAndy Fiddaman </common_name> 1761edba515SAndy Fiddaman <description> 1771edba515SAndy Fiddaman <loctext xml:lang='C'> 1781edba515SAndy Fiddaman Loads static security associations 1791edba515SAndy Fiddaman </loctext> 1801edba515SAndy Fiddaman </description> 1811edba515SAndy Fiddaman <documentation> 1821edba515SAndy Fiddaman <manpage title='tcpkey' section='8' 1831edba515SAndy Fiddaman manpath='/usr/share/man' /> 1841edba515SAndy Fiddaman </documentation> 1851edba515SAndy Fiddaman </template> 1861edba515SAndy Fiddaman</service> 1871edba515SAndy Fiddaman</service_bundle> 1881edba515SAndy Fiddaman 189