xref: /illumos-gate/usr/src/cmd/rpcbind/bind.xml (revision 45ede40b2394db7967e59f19288fae9b62efd4aa)
1<?xml version='1.0'?>
2<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
3
4<!--
5    CDDL HEADER START
6
7    The contents of this file are subject to the terms of the
8    Common Development and Distribution License (the "License").
9    You may not use this file except in compliance with the License.
10
11    You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
12    or http://www.opensolaris.org/os/licensing.
13    See the License for the specific language governing permissions
14    and limitations under the License.
15
16    When distributing Covered Code, include this CDDL HEADER in each
17    file and include the License file at usr/src/OPENSOLARIS.LICENSE.
18    If applicable, add the following below this CDDL HEADER, with the
19    fields enclosed by brackets "[]" replaced with your own identifying
20    information: Portions Copyright [yyyy] [name of copyright owner]
21
22    CDDL HEADER END
23
24    Copyright 2016 Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
25    Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
26    Copyright 2014 OmniTI Computer Consulting, Inc. All rights reserved.
27    Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
28    Use is subject to license terms.
29
30    Service manifest for rpcbind
31
32    NOTE:  This service manifest is not editable; its contents will
33    be overwritten by package or patch operations, including
34    operating system upgrade.  Make customizations in a different
35    file.
36-->
37
38<service_bundle type='manifest' name='SUNWcsr:rpcbind'>
39
40<service
41    name='network/rpc/bind'
42    type='service'
43    version='1'>
44
45    	<create_default_instance enabled='true' />
46
47	<single_instance />
48
49	<dependency
50		name='fs'
51		grouping='require_all'
52		restart_on='none'
53		type='service'>
54		<service_fmri value='svc:/system/filesystem/minimal' />
55	</dependency>
56
57	<!--
58		rpcbind(1M) depends on multicast routes installed by the
59		routing-setup service, and should be started after any IPsec
60		policy is configured and TCP ndd tunables are set (both
61		currently carried out by network/initial).
62	-->
63	<dependency
64		name='network_initial'
65		grouping='optional_all'
66		restart_on='none'
67		type='service'>
68		<service_fmri value='svc:/network/routing-setup:default' />
69		<service_fmri value='svc:/network/initial:default' />
70	</dependency>
71
72	<dependency
73		name='network_ipfilter'
74		grouping='optional_all'
75		restart_on='none'
76		type='service'>
77		<service_fmri value='svc:/network/ipfilter:default' />
78	</dependency>
79
80	<exec_method
81		type='method'
82		name='start'
83		exec='/lib/svc/method/rpc-bind %m'
84		timeout_seconds='60'>
85		<method_context>
86			<method_credential
87				user='root'
88				group='root'
89				privileges='basic,file_chown,file_chown_self,file_owner,net_privaddr,proc_setid,sys_nfs,net_bindmlp'
90				/>
91		</method_context>
92	</exec_method>
93
94	<exec_method
95		type='method'
96		name='refresh'
97		exec=':kill -HUP'
98		timeout_seconds='0'>
99	</exec_method>
100
101	<exec_method
102		type='method'
103		name='stop'
104		exec='/lib/svc/method/rpc-bind %m %{restarter/contract}'
105		timeout_seconds='60'>
106		<method_context>
107			<method_credential
108				user='root'
109				group='root'
110				privileges='basic,proc_owner'
111				/>
112		</method_context>
113	</exec_method>
114
115	<property_group name='config' type='application' >
116		<!-- default property settings for rpcbind(1M). -->
117
118		<!-- enable_tcpwrappers affects the wrapping of rpcbind,
119		     see rpcbind(1M) and tcpd(1M) for details.
120		     The default value is 'false'.
121		     A values of 'true' results in wrapping all UDP/TCP
122		     calls to the portmapper with libwrap. Note that
123		     rpcbind(1M) will not resolve or lookup names while
124		     doing tcp wrapper processing.
125		-->
126		<propval
127			name='enable_tcpwrappers'
128			type='boolean'
129			value='false' />
130
131		<!-- verbose_logging affects the amount of information
132		     which is logged by the tcpwrapper code.
133		     The default is 'false'.
134		     This property has no effect when tcp wrappers are not
135		     enabled.
136		-->
137		<propval
138			name='verbose_logging'
139			type='boolean'
140			value='false' />
141
142		<!-- allow_indirect affects the forwarding of RPC calls
143		     indirect rpcbind calls using rpcb_rmtcall(3NSL).
144		     The default value is 'true'. By default this is allowed
145		     for all services except for a handful.
146		     A value of 'false' stops all indirect calls. This will
147		     also disable broadcast rpc. NIS broadcast clients rely
148		     on this functionality to exist on NIS servers.
149		-->
150		<propval
151			name='allow_indirect'
152			type='boolean'
153			value='true' />
154
155		<!-- local_only specifies whether rpcbind should allow
156		     calls from hosts other than the localhost.
157		     Setting local_only to true will make rpcbind serve
158		     only those requests that come in from the local machine.
159		     Setting local_only to false will allow access from
160		     other hosts.
161		-->
162		<propval
163			name='local_only'
164			type='boolean'
165			value='true' />
166
167		<!-- to configure rpc/bind -->
168		<propval name='value_authorization' type='astring'
169			value='solaris.smf.value.rpc.bind' />
170
171		<propval
172			name='listen_backlog'
173			type='integer'
174			value='64' />
175
176		<propval
177			name='max_threads'
178			type='integer'
179			value='72' />
180	</property_group>
181
182	<!-- Authorization -->
183	<property_group name='general' type='framework'>
184		<!-- to operate rpc/bind -->
185		<propval name='action_authorization' type='astring'
186			value='solaris.smf.manage.rpc.bind' />
187	</property_group>
188
189	<property_group name='firewall_context' type='com.sun,fw_definition'>
190		<propval name='name' type='astring' value='sunrpc' />
191	</property_group>
192
193	<property_group name='firewall_config' type='com.sun,fw_configuration'>
194		<propval name='policy' type='astring' value='use_global' />
195		<propval name='block_policy' type='astring'
196			value='use_global' />
197		<propval name='apply_to' type='astring' value='' />
198		<propval name='apply_to_6' type='astring' value='' />
199		<propval name='exceptions' type='astring' value='' />
200		<propval name='exceptions_6' type='astring' value='' />
201		<propval name='target' type='astring' value='' />
202		<propval name='target_6' type='astring' value='' />
203		<propval name='value_authorization' type='astring'
204			value='solaris.smf.value.firewall.config' />
205	</property_group>
206
207	<stability value='Unstable' />
208
209	<template>
210		<common_name>
211			<loctext xml:lang='C'>
212				RPC bindings
213			</loctext>
214		</common_name>
215		<documentation>
216			<manpage title='rpcbind' section='1M'
217				manpath='/usr/share/man' />
218		</documentation>
219	</template>
220
221</service>
222
223</service_bundle>
224