17c478bd9Sstevel@tonic-gate<?xml version='1.0'?> 27c478bd9Sstevel@tonic-gate<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'> 37c478bd9Sstevel@tonic-gate 47c478bd9Sstevel@tonic-gate<!-- 57c478bd9Sstevel@tonic-gate CDDL HEADER START 67c478bd9Sstevel@tonic-gate 77c478bd9Sstevel@tonic-gate The contents of this file are subject to the terms of the 845916cd2Sjpk Common Development and Distribution License (the "License"). 945916cd2Sjpk You may not use this file except in compliance with the License. 107c478bd9Sstevel@tonic-gate 117c478bd9Sstevel@tonic-gate You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 127c478bd9Sstevel@tonic-gate or http://www.opensolaris.org/os/licensing. 137c478bd9Sstevel@tonic-gate See the License for the specific language governing permissions 147c478bd9Sstevel@tonic-gate and limitations under the License. 157c478bd9Sstevel@tonic-gate 167c478bd9Sstevel@tonic-gate When distributing Covered Code, include this CDDL HEADER in each 177c478bd9Sstevel@tonic-gate file and include the License file at usr/src/OPENSOLARIS.LICENSE. 187c478bd9Sstevel@tonic-gate If applicable, add the following below this CDDL HEADER, with the 197c478bd9Sstevel@tonic-gate fields enclosed by brackets "[]" replaced with your own identifying 207c478bd9Sstevel@tonic-gate information: Portions Copyright [yyyy] [name of copyright owner] 217c478bd9Sstevel@tonic-gate 227c478bd9Sstevel@tonic-gate CDDL HEADER END 237c478bd9Sstevel@tonic-gate 24f6911211SMarcel Telka Copyright 2015 Nexenta Systems, Inc. All rights reserved. 25*b25362faSDan McDonald Copyright 2014 OmniTI Computer Consulting, Inc. All rights reserved. 26eb1a3463STruong Nguyen Copyright 2009 Sun Microsystems, Inc. All rights reserved. 270ea5e3a5Sjjj Use is subject to license terms. 2845916cd2Sjpk 290ea5e3a5Sjjj Service manifest for rpcbind 300ea5e3a5Sjjj 317c478bd9Sstevel@tonic-gate NOTE: This service manifest is not editable; its contents will 327c478bd9Sstevel@tonic-gate be overwritten by package or patch operations, including 337c478bd9Sstevel@tonic-gate operating system upgrade. Make customizations in a different 347c478bd9Sstevel@tonic-gate file. 357c478bd9Sstevel@tonic-gate--> 367c478bd9Sstevel@tonic-gate 377c478bd9Sstevel@tonic-gate<service_bundle type='manifest' name='SUNWcsr:rpcbind'> 387c478bd9Sstevel@tonic-gate 397c478bd9Sstevel@tonic-gate<service 407c478bd9Sstevel@tonic-gate name='network/rpc/bind' 417c478bd9Sstevel@tonic-gate type='service' 427c478bd9Sstevel@tonic-gate version='1'> 437c478bd9Sstevel@tonic-gate 447c478bd9Sstevel@tonic-gate <create_default_instance enabled='true' /> 457c478bd9Sstevel@tonic-gate 467c478bd9Sstevel@tonic-gate <single_instance /> 477c478bd9Sstevel@tonic-gate 487c478bd9Sstevel@tonic-gate <dependency 497c478bd9Sstevel@tonic-gate name='fs' 507c478bd9Sstevel@tonic-gate grouping='require_all' 517c478bd9Sstevel@tonic-gate restart_on='none' 527c478bd9Sstevel@tonic-gate type='service'> 537c478bd9Sstevel@tonic-gate <service_fmri value='svc:/system/filesystem/minimal' /> 547c478bd9Sstevel@tonic-gate </dependency> 557c478bd9Sstevel@tonic-gate 561c55ce03Samaguire <!-- 571c55ce03Samaguire rpcbind(1M) depends on multicast routes installed by the 581c55ce03Samaguire routing-setup service, and should be started after any IPsec 591c55ce03Samaguire policy is configured and TCP ndd tunables are set (both 601c55ce03Samaguire currently carried out by network/initial). 611c55ce03Samaguire --> 627c478bd9Sstevel@tonic-gate <dependency 631c55ce03Samaguire name='network_initial' 647c478bd9Sstevel@tonic-gate grouping='optional_all' 657c478bd9Sstevel@tonic-gate restart_on='none' 667c478bd9Sstevel@tonic-gate type='service'> 671c55ce03Samaguire <service_fmri value='svc:/network/routing-setup:default' /> 681c55ce03Samaguire <service_fmri value='svc:/network/initial:default' /> 697c478bd9Sstevel@tonic-gate </dependency> 707c478bd9Sstevel@tonic-gate 71eb1a3463STruong Nguyen <dependency 72eb1a3463STruong Nguyen name='network_ipfilter' 73eb1a3463STruong Nguyen grouping='optional_all' 74eb1a3463STruong Nguyen restart_on='none' 75eb1a3463STruong Nguyen type='service'> 76eb1a3463STruong Nguyen <service_fmri value='svc:/network/ipfilter:default' /> 77eb1a3463STruong Nguyen </dependency> 78eb1a3463STruong Nguyen 797c478bd9Sstevel@tonic-gate <exec_method 807c478bd9Sstevel@tonic-gate type='method' 817c478bd9Sstevel@tonic-gate name='start' 827c478bd9Sstevel@tonic-gate exec='/lib/svc/method/rpc-bind %m' 837c478bd9Sstevel@tonic-gate timeout_seconds='60'> 847c478bd9Sstevel@tonic-gate <method_context> 857c478bd9Sstevel@tonic-gate <method_credential 867c478bd9Sstevel@tonic-gate user='root' 877c478bd9Sstevel@tonic-gate group='root' 8845916cd2Sjpk privileges='basic,file_chown,file_chown_self,file_owner,net_privaddr,proc_setid,sys_nfs,net_bindmlp' 897c478bd9Sstevel@tonic-gate /> 907c478bd9Sstevel@tonic-gate </method_context> 917c478bd9Sstevel@tonic-gate </exec_method> 927c478bd9Sstevel@tonic-gate 937c478bd9Sstevel@tonic-gate <exec_method 947c478bd9Sstevel@tonic-gate type='method' 95064ed339Sjjj name='refresh' 96064ed339Sjjj exec=':kill -HUP' 97064ed339Sjjj timeout_seconds='0'> 98064ed339Sjjj </exec_method> 99064ed339Sjjj 100064ed339Sjjj <exec_method 101064ed339Sjjj type='method' 1027c478bd9Sstevel@tonic-gate name='stop' 1037c478bd9Sstevel@tonic-gate exec='/lib/svc/method/rpc-bind %m %{restarter/contract}' 1047c478bd9Sstevel@tonic-gate timeout_seconds='60'> 1057c478bd9Sstevel@tonic-gate <method_context> 1067c478bd9Sstevel@tonic-gate <method_credential 1077c478bd9Sstevel@tonic-gate user='root' 1087c478bd9Sstevel@tonic-gate group='root' 1097c478bd9Sstevel@tonic-gate privileges='basic,proc_owner' 1107c478bd9Sstevel@tonic-gate /> 1117c478bd9Sstevel@tonic-gate </method_context> 1127c478bd9Sstevel@tonic-gate </exec_method> 1137c478bd9Sstevel@tonic-gate 1147c478bd9Sstevel@tonic-gate <property_group name='config' type='application' > 1157c478bd9Sstevel@tonic-gate <!-- default property settings for rpcbind(1M). --> 1167c478bd9Sstevel@tonic-gate 1177c478bd9Sstevel@tonic-gate <!-- enable_tcpwrappers affects the wrapping of rpcbind, 1187c478bd9Sstevel@tonic-gate see rpcbind(1M) and tcpd(1M) for details. 1197c478bd9Sstevel@tonic-gate The default value is 'false'. 1207c478bd9Sstevel@tonic-gate A values of 'true' results in wrapping all UDP/TCP 1217c478bd9Sstevel@tonic-gate calls to the portmapper with libwrap. Note that 1227c478bd9Sstevel@tonic-gate rpcbind(1M) will not resolve or lookup names while 1237c478bd9Sstevel@tonic-gate doing tcp wrapper processing. 1247c478bd9Sstevel@tonic-gate --> 1257c478bd9Sstevel@tonic-gate <propval 1267c478bd9Sstevel@tonic-gate name='enable_tcpwrappers' 1277c478bd9Sstevel@tonic-gate type='boolean' 1287c478bd9Sstevel@tonic-gate value='false' /> 1297c478bd9Sstevel@tonic-gate 1307c478bd9Sstevel@tonic-gate <!-- verbose_logging affects the amount of information 1317c478bd9Sstevel@tonic-gate which is logged by the tcpwrapper code. 1327c478bd9Sstevel@tonic-gate The default is 'false'. 1337c478bd9Sstevel@tonic-gate This property has no effect when tcp wrappers are not 1347c478bd9Sstevel@tonic-gate enabled. 1357c478bd9Sstevel@tonic-gate --> 1367c478bd9Sstevel@tonic-gate <propval 1377c478bd9Sstevel@tonic-gate name='verbose_logging' 1387c478bd9Sstevel@tonic-gate type='boolean' 1397c478bd9Sstevel@tonic-gate value='false' /> 1407c478bd9Sstevel@tonic-gate 1417c478bd9Sstevel@tonic-gate <!-- allow_indirect affects the forwarding of RPC calls 1427c478bd9Sstevel@tonic-gate indirect rpcbind calls using rpcb_rmtcall(3NSL). 1437c478bd9Sstevel@tonic-gate The default value is 'true'. By default this is allowed 1447c478bd9Sstevel@tonic-gate for all services except for a handful. 1457c478bd9Sstevel@tonic-gate A value of 'false' stops all indirect calls. This will 1467c478bd9Sstevel@tonic-gate also disable broadcast rpc. NIS broadcast clients rely 1477c478bd9Sstevel@tonic-gate on this functionality to exist on NIS servers. 1487c478bd9Sstevel@tonic-gate --> 1497c478bd9Sstevel@tonic-gate <propval 1507c478bd9Sstevel@tonic-gate name='allow_indirect' 1517c478bd9Sstevel@tonic-gate type='boolean' 1527c478bd9Sstevel@tonic-gate value='true' /> 1530ea5e3a5Sjjj 1540ea5e3a5Sjjj <!-- local_only specifies whether rpcbind should allow 1550ea5e3a5Sjjj calls from hosts other than the localhost. 1560ea5e3a5Sjjj Setting local_only to true will make rpcbind serve 1570ea5e3a5Sjjj only those requests that come in from the local machine. 158878f29a1Sgww Setting local_only to false will allow access from 159878f29a1Sgww other hosts. 1600ea5e3a5Sjjj --> 1610ea5e3a5Sjjj <propval 1620ea5e3a5Sjjj name='local_only' 1630ea5e3a5Sjjj type='boolean' 164ed1b5e11Sgww value='true' /> 1650ea5e3a5Sjjj 1660ea5e3a5Sjjj <!-- to configure rpc/bind --> 1670ea5e3a5Sjjj <propval name='value_authorization' type='astring' 1680ea5e3a5Sjjj value='solaris.smf.value.rpc.bind' /> 169c6b31111SMarcel Telka 170c6b31111SMarcel Telka <propval 171c6b31111SMarcel Telka name='listen_backlog' 172c6b31111SMarcel Telka type='integer' 173c6b31111SMarcel Telka value='64' /> 174c6b31111SMarcel Telka 175c6b31111SMarcel Telka <propval 176c6b31111SMarcel Telka name='max_threads' 177c6b31111SMarcel Telka type='integer' 178c6b31111SMarcel Telka value='72' /> 1790ea5e3a5Sjjj </property_group> 1800ea5e3a5Sjjj 1810ea5e3a5Sjjj <!-- Authorization --> 1820ea5e3a5Sjjj <property_group name='general' type='framework'> 183c817a439Sjohnz <!-- to operate rpc/bind --> 1840ea5e3a5Sjjj <propval name='action_authorization' type='astring' 1850ea5e3a5Sjjj value='solaris.smf.manage.rpc.bind' /> 1867c478bd9Sstevel@tonic-gate </property_group> 1877c478bd9Sstevel@tonic-gate 188eb1a3463STruong Nguyen <property_group name='firewall_context' type='com.sun,fw_definition'> 189eb1a3463STruong Nguyen <propval name='name' type='astring' value='sunrpc' /> 190eb1a3463STruong Nguyen </property_group> 191eb1a3463STruong Nguyen 192eb1a3463STruong Nguyen <property_group name='firewall_config' type='com.sun,fw_configuration'> 193eb1a3463STruong Nguyen <propval name='policy' type='astring' value='use_global' /> 194eb1a3463STruong Nguyen <propval name='apply_to' type='astring' value='' /> 195eb1a3463STruong Nguyen <propval name='exceptions' type='astring' value='' /> 196eb1a3463STruong Nguyen <propval name='value_authorization' type='astring' 197eb1a3463STruong Nguyen value='solaris.smf.value.firewall.config' /> 198eb1a3463STruong Nguyen </property_group> 199eb1a3463STruong Nguyen 2007c478bd9Sstevel@tonic-gate <stability value='Unstable' /> 2017c478bd9Sstevel@tonic-gate 2027c478bd9Sstevel@tonic-gate <template> 2037c478bd9Sstevel@tonic-gate <common_name> 2047c478bd9Sstevel@tonic-gate <loctext xml:lang='C'> 2057c478bd9Sstevel@tonic-gate RPC bindings 2067c478bd9Sstevel@tonic-gate </loctext> 2077c478bd9Sstevel@tonic-gate </common_name> 2087c478bd9Sstevel@tonic-gate <documentation> 2097c478bd9Sstevel@tonic-gate <manpage title='rpcbind' section='1M' 2107c478bd9Sstevel@tonic-gate manpath='/usr/share/man' /> 2117c478bd9Sstevel@tonic-gate </documentation> 2127c478bd9Sstevel@tonic-gate </template> 2137c478bd9Sstevel@tonic-gate 2147c478bd9Sstevel@tonic-gate</service> 2157c478bd9Sstevel@tonic-gate 2167c478bd9Sstevel@tonic-gate</service_bundle> 217