xref: /titanic_41/usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/policy.xml (revision bf56214c0556fa6864189c826d39dbe156bb22a0) 
1<?xml version="1.0"?>
2<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
3<!--
4	Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
5	Use is subject to license terms.
6
7 CDDL HEADER START
8
9 The contents of this file are subject to the terms of the
10 Common Development and Distribution License (the "License").
11 You may not use this file except in compliance with the License.
12
13 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
14 or http://www.opensolaris.org/os/licensing.
15 See the License for the specific language governing permissions
16 and limitations under the License.
17
18 When distributing Covered Code, include this CDDL HEADER in each
19 file and include the License file at usr/src/OPENSOLARIS.LICENSE.
20 If applicable, add the following below this CDDL HEADER, with the
21 fields enclosed by brackets "[]" replaced with your own identifying
22 information: Portions Copyright [yyyy] [name of copyright owner]
23
24 CDDL HEADER END
25
26	ident	"%Z%%M%	%I%	%E% SMI"
27
28	NOTE:  This service manifest is not editable; its contents will
29	be overwritten by package or patch operations, including
30	operating system upgrade.  Make customizations in a different
31	file.
32-->
33<service_bundle type='manifest' name='SUNWcsr:policy'>
34
35<service
36	name='network/ipsec/policy'
37	type='service'
38	version='1'>
39
40	<!-- The 'policy' service is delivered enabled for backwards
41	compatability with existing adminstrative proceedure. -->
42
43	<create_default_instance enabled='true' />
44
45	<single_instance />
46
47	<!-- Read/Write access to /var/run required for lock files -->
48	<dependency
49		name='filesystem'
50		grouping='require_all'
51		restart_on='none'
52		type='service'>
53		<service_fmri
54			value='svc:/system/filesystem/minimal'
55		/>
56	</dependency>
57	<!-- Kernel needs to know supported IPsec algorithms -->
58	<dependency
59		name='algorithms'
60		grouping='require_all'
61		restart_on='none'
62		type='service'>
63		<service_fmri
64			value='svc:/network/ipsec/ipsecalgs'
65		/>
66	</dependency>
67	<!-- General networking services should not start untill IPsec
68	policy has been configured. -->
69	<dependent
70		name='policy-network'
71		grouping='optional_all'
72		restart_on='none'>
73		<service_fmri
74			value='svc:/milestone/network'
75		/>
76	</dependent>
77
78	<exec_method
79		type='method'
80		name='start'
81		exec='/usr/sbin/ipsecconf -q -a %{config/config_file}'
82		timeout_seconds='60'
83	/>
84
85	<exec_method
86		type='method'
87		name='refresh'
88		exec='/usr/sbin/ipsecconf -q -a %{config/config_file}'
89		timeout_seconds='60'
90	/>
91
92	<exec_method
93		type='method'
94		name='stop'
95		exec='/usr/sbin/ipsecconf -F'
96		timeout_seconds='60'
97	/>
98
99	<property_group name='general' type='framework'>
100		<!-- A user with this authorization can:
101
102			svcadm restart policy
103			svcadm refresh policy
104			svcadm mark <state> policy
105			svcadm clear policy
106
107		see auths(1) and user_attr(4)-->
108
109		<propval
110			name='action_authorization'
111			type='astring'
112			value='solaris.smf.manage.ipsec'
113		/>
114		<!-- A user with this authorization can:
115			svcadm disable policy
116			svcadm enable policy
117
118		see auths(1) and user_attr(4)-->
119
120		<propval
121			name='value_authorization'
122			type='astring'
123			value='solaris.smf.manage.ipsec'
124		/>
125	</property_group>
126
127	<!-- The properties defined below can be changed by a user
128	with 'solaris.smf.value.ipsec' authorization using the
129	svccfg(1M) command.
130
131	EG:
132
133	svccfg -s ipsec/policy setprop config/config_file = /new/config_file
134
135	The new configurations will be read on service refresh:
136
137	svcadm refresh ipsec/policy
138
139	Note: svcadm stop/start does not use the new property
140	until after the service has been refreshed.
141
142	***Dont edit this manifest to change these properties! -->
143
144	<property_group name='config' type='application'>
145		<propval
146			name='config_file'
147			type='astring'
148			value='/etc/inet/ipsecinit.conf'
149		/>
150		<propval
151			name='value_authorization'
152			type='astring'
153			value='solaris.smf.value.ipsec'
154		/>
155	</property_group>
156
157	<property_group name='startd' type='framework'>
158		<propval
159			name='duration'
160			type='astring'
161			value='transient'
162		/>
163	</property_group>
164
165	<stability value='Unstable' />
166
167	<template>
168		<common_name>
169			<loctext xml:lang='C'>
170				IPsec policy initialization
171			</loctext>
172		</common_name>
173		<description>
174			<loctext xml:lang='C'>
175				IPsec policy configuration involves
176				loading rules into the kernel Security
177				Policy Database (SPD)
178			</loctext>
179		</description>
180		<documentation>
181			<manpage title='ipsecconf' section='1M'
182				manpath='/usr/share/man' />
183		</documentation>
184	</template>
185</service>
186</service_bundle>
187