xref: /illumos-gate/usr/src/cmd/rpcbind/bind.xml (revision 8c0bf40606925ed935ffe66e78665e0a32791e48)
1<?xml version='1.0'?>
2<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
3
4<!--
5    CDDL HEADER START
6
7    The contents of this file are subject to the terms of the
8    Common Development and Distribution License (the "License").
9    You may not use this file except in compliance with the License.
10
11    You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
12    or http://www.opensolaris.org/os/licensing.
13    See the License for the specific language governing permissions
14    and limitations under the License.
15
16    When distributing Covered Code, include this CDDL HEADER in each
17    file and include the License file at usr/src/OPENSOLARIS.LICENSE.
18    If applicable, add the following below this CDDL HEADER, with the
19    fields enclosed by brackets "[]" replaced with your own identifying
20    information: Portions Copyright [yyyy] [name of copyright owner]
21
22    CDDL HEADER END
23
24    Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
25    Use is subject to license terms.
26
27    ident	"%Z%%M%	%I%	%E% SMI"
28
29    Service manifest for rpcbind
30
31    NOTE:  This service manifest is not editable; its contents will
32    be overwritten by package or patch operations, including
33    operating system upgrade.  Make customizations in a different
34    file.
35-->
36
37<service_bundle type='manifest' name='SUNWcsr:rpcbind'>
38
39<service
40    name='network/rpc/bind'
41    type='service'
42    version='1'>
43
44    	<create_default_instance enabled='true' />
45
46	<single_instance />
47
48	<dependency
49		name='fs'
50		grouping='require_all'
51		restart_on='none'
52		type='service'>
53		<service_fmri value='svc:/system/filesystem/minimal' />
54	</dependency>
55
56	<!--
57		rpcbind(1M) has a strong dependency on the hostname.
58	-->
59	<dependency
60		name='identity'
61		grouping='require_all'
62		restart_on='refresh'
63		type='service'>
64		<service_fmri
65			value='svc:/system/identity:node' />
66	</dependency>
67
68	<dependency
69		name='sysidtool'
70		grouping='require_all'
71		restart_on='none'
72		type='service'>
73		<service_fmri
74			value='svc:/system/sysidtool:net' />
75	</dependency>
76
77	<!--
78		rpcbind(1M) depends on multicast routes installed by the
79		routing-setup service, and should be started after any IPsec
80		policy is configured and TCP ndd tunables are set (both
81		currently carried out by network/initial).
82	-->
83	<dependency
84		name='network_initial'
85		grouping='optional_all'
86		restart_on='none'
87		type='service'>
88		<service_fmri value='svc:/network/routing-setup:default' />
89		<service_fmri value='svc:/network/initial:default' />
90	</dependency>
91
92	<exec_method
93		type='method'
94		name='start'
95		exec='/lib/svc/method/rpc-bind %m'
96		timeout_seconds='60'>
97		<method_context>
98			<method_credential
99				user='root'
100				group='root'
101				privileges='basic,file_chown,file_chown_self,file_owner,net_privaddr,proc_setid,sys_nfs,net_bindmlp'
102				/>
103		</method_context>
104	</exec_method>
105
106	<exec_method
107		type='method'
108		name='refresh'
109		exec=':kill -HUP'
110		timeout_seconds='0'>
111	</exec_method>
112
113	<exec_method
114		type='method'
115		name='stop'
116		exec='/lib/svc/method/rpc-bind %m %{restarter/contract}'
117		timeout_seconds='60'>
118		<method_context>
119			<method_credential
120				user='root'
121				group='root'
122				privileges='basic,proc_owner'
123				/>
124		</method_context>
125	</exec_method>
126
127	<property_group name='config' type='application' >
128		<!-- default property settings for rpcbind(1M). -->
129
130		<!-- enable_tcpwrappers affects the wrapping of rpcbind,
131		     see rpcbind(1M) and tcpd(1M) for details.
132		     The default value is 'false'.
133		     A values of 'true' results in wrapping all UDP/TCP
134		     calls to the portmapper with libwrap. Note that
135		     rpcbind(1M) will not resolve or lookup names while
136		     doing tcp wrapper processing.
137		-->
138		<propval
139			name='enable_tcpwrappers'
140			type='boolean'
141			value='false' />
142
143		<!-- verbose_logging affects the amount of information
144		     which is logged by the tcpwrapper code.
145		     The default is 'false'.
146		     This property has no effect when tcp wrappers are not
147		     enabled.
148		-->
149		<propval
150			name='verbose_logging'
151			type='boolean'
152			value='false' />
153
154		<!-- allow_indirect affects the forwarding of RPC calls
155		     indirect rpcbind calls using rpcb_rmtcall(3NSL).
156		     The default value is 'true'. By default this is allowed
157		     for all services except for a handful.
158		     A value of 'false' stops all indirect calls. This will
159		     also disable broadcast rpc. NIS broadcast clients rely
160		     on this functionality to exist on NIS servers.
161		-->
162		<propval
163			name='allow_indirect'
164			type='boolean'
165			value='true' />
166
167		<!-- local_only specifies whether rpcbind should allow
168		     calls from hosts other than the localhost.
169		     Setting local_only to true will make rpcbind serve
170		     only those requests that come in from the local machine.
171		     the default value is false, i.e. allow connections
172		     from other systems too.
173		-->
174		<propval
175			name='local_only'
176			type='boolean'
177			value='true' />
178
179		<!-- to configure rpc/bind -->
180		<propval name='value_authorization' type='astring'
181			value='solaris.smf.value.rpc.bind' />
182	</property_group>
183
184	<!-- Authorization -->
185	<property_group name='general' type='framework'>
186		<!-- to operate rpc/bind -->
187		<propval name='action_authorization' type='astring'
188			value='solaris.smf.manage.rpc.bind' />
189	</property_group>
190
191	<stability value='Unstable' />
192
193	<template>
194		<common_name>
195			<loctext xml:lang='C'>
196				RPC bindings
197			</loctext>
198		</common_name>
199		<documentation>
200			<manpage title='rpcbind' section='1M'
201				manpath='/usr/share/man' />
202		</documentation>
203	</template>
204
205</service>
206
207</service_bundle>
208