xref: /illumos-gate/usr/src/cmd/rpcbind/bind.xml (revision d9c5840bd764434fd93f85a52eb4cbc24bff03da)
1<?xml version='1.0'?>
2<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
3
4<!--
5    CDDL HEADER START
6
7    The contents of this file are subject to the terms of the
8    Common Development and Distribution License (the "License").
9    You may not use this file except in compliance with the License.
10
11    You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
12    or http://www.opensolaris.org/os/licensing.
13    See the License for the specific language governing permissions
14    and limitations under the License.
15
16    When distributing Covered Code, include this CDDL HEADER in each
17    file and include the License file at usr/src/OPENSOLARIS.LICENSE.
18    If applicable, add the following below this CDDL HEADER, with the
19    fields enclosed by brackets "[]" replaced with your own identifying
20    information: Portions Copyright [yyyy] [name of copyright owner]
21
22    CDDL HEADER END
23
24    Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
25    Use is subject to license terms.
26
27    Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
28
29    Service manifest for rpcbind
30
31    NOTE:  This service manifest is not editable; its contents will
32    be overwritten by package or patch operations, including
33    operating system upgrade.  Make customizations in a different
34    file.
35-->
36
37<service_bundle type='manifest' name='SUNWcsr:rpcbind'>
38
39<service
40    name='network/rpc/bind'
41    type='service'
42    version='1'>
43
44    	<create_default_instance enabled='true' />
45
46	<single_instance />
47
48	<dependency
49		name='fs'
50		grouping='require_all'
51		restart_on='none'
52		type='service'>
53		<service_fmri value='svc:/system/filesystem/minimal' />
54	</dependency>
55
56	<!--
57		rpcbind(1M) has a strong dependency on the hostname.
58	-->
59	<dependency
60		name='identity'
61		grouping='require_all'
62		restart_on='refresh'
63		type='service'>
64		<service_fmri
65			value='svc:/system/identity:node' />
66	</dependency>
67
68	<dependency
69		name='sysidtool'
70		grouping='require_all'
71		restart_on='none'
72		type='service'>
73		<service_fmri
74			value='svc:/system/sysidtool:net' />
75	</dependency>
76
77	<!--
78		rpcbind(1M) depends on multicast routes installed by the
79		routing-setup service, and should be started after any IPsec
80		policy is configured and TCP ndd tunables are set (both
81		currently carried out by network/initial).
82	-->
83	<dependency
84		name='network_initial'
85		grouping='optional_all'
86		restart_on='none'
87		type='service'>
88		<service_fmri value='svc:/network/routing-setup:default' />
89		<service_fmri value='svc:/network/initial:default' />
90	</dependency>
91
92	<dependency
93		name='network_ipfilter'
94		grouping='optional_all'
95		restart_on='none'
96		type='service'>
97		<service_fmri value='svc:/network/ipfilter:default' />
98	</dependency>
99
100	<exec_method
101		type='method'
102		name='start'
103		exec='/lib/svc/method/rpc-bind %m'
104		timeout_seconds='60'>
105		<method_context>
106			<method_credential
107				user='root'
108				group='root'
109				privileges='basic,file_chown,file_chown_self,file_owner,net_privaddr,proc_setid,sys_nfs,net_bindmlp'
110				/>
111		</method_context>
112	</exec_method>
113
114	<exec_method
115		type='method'
116		name='refresh'
117		exec=':kill -HUP'
118		timeout_seconds='0'>
119	</exec_method>
120
121	<exec_method
122		type='method'
123		name='stop'
124		exec='/lib/svc/method/rpc-bind %m %{restarter/contract}'
125		timeout_seconds='60'>
126		<method_context>
127			<method_credential
128				user='root'
129				group='root'
130				privileges='basic,proc_owner'
131				/>
132		</method_context>
133	</exec_method>
134
135	<property_group name='config' type='application' >
136		<!-- default property settings for rpcbind(1M). -->
137
138		<!-- enable_tcpwrappers affects the wrapping of rpcbind,
139		     see rpcbind(1M) and tcpd(1M) for details.
140		     The default value is 'false'.
141		     A values of 'true' results in wrapping all UDP/TCP
142		     calls to the portmapper with libwrap. Note that
143		     rpcbind(1M) will not resolve or lookup names while
144		     doing tcp wrapper processing.
145		-->
146		<propval
147			name='enable_tcpwrappers'
148			type='boolean'
149			value='false' />
150
151		<!-- verbose_logging affects the amount of information
152		     which is logged by the tcpwrapper code.
153		     The default is 'false'.
154		     This property has no effect when tcp wrappers are not
155		     enabled.
156		-->
157		<propval
158			name='verbose_logging'
159			type='boolean'
160			value='false' />
161
162		<!-- allow_indirect affects the forwarding of RPC calls
163		     indirect rpcbind calls using rpcb_rmtcall(3NSL).
164		     The default value is 'true'. By default this is allowed
165		     for all services except for a handful.
166		     A value of 'false' stops all indirect calls. This will
167		     also disable broadcast rpc. NIS broadcast clients rely
168		     on this functionality to exist on NIS servers.
169		-->
170		<propval
171			name='allow_indirect'
172			type='boolean'
173			value='true' />
174
175		<!-- local_only specifies whether rpcbind should allow
176		     calls from hosts other than the localhost.
177		     Setting local_only to true will make rpcbind serve
178		     only those requests that come in from the local machine.
179		     Setting local_only to false will allow access from
180		     other hosts.
181		-->
182		<propval
183			name='local_only'
184			type='boolean'
185			value='true' />
186
187		<!-- to configure rpc/bind -->
188		<propval name='value_authorization' type='astring'
189			value='solaris.smf.value.rpc.bind' />
190
191		<propval
192			name='listen_backlog'
193			type='integer'
194			value='64' />
195
196		<propval
197			name='max_threads'
198			type='integer'
199			value='72' />
200	</property_group>
201
202	<!-- Authorization -->
203	<property_group name='general' type='framework'>
204		<!-- to operate rpc/bind -->
205		<propval name='action_authorization' type='astring'
206			value='solaris.smf.manage.rpc.bind' />
207	</property_group>
208
209	<property_group name='firewall_context' type='com.sun,fw_definition'>
210		<propval name='name' type='astring' value='sunrpc' />
211	</property_group>
212
213	<property_group name='firewall_config' type='com.sun,fw_configuration'>
214		<propval name='policy' type='astring' value='use_global' />
215		<propval name='apply_to' type='astring' value='' />
216		<propval name='exceptions' type='astring' value='' />
217		<propval name='value_authorization' type='astring'
218			value='solaris.smf.value.firewall.config' />
219	</property_group>
220
221	<stability value='Unstable' />
222
223	<template>
224		<common_name>
225			<loctext xml:lang='C'>
226				RPC bindings
227			</loctext>
228		</common_name>
229		<documentation>
230			<manpage title='rpcbind' section='1M'
231				manpath='/usr/share/man' />
232		</documentation>
233	</template>
234
235</service>
236
237</service_bundle>
238