17c478bd9Sstevel@tonic-gate<?xml version='1.0'?> 27c478bd9Sstevel@tonic-gate<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'> 37c478bd9Sstevel@tonic-gate 47c478bd9Sstevel@tonic-gate<!-- 57c478bd9Sstevel@tonic-gate CDDL HEADER START 67c478bd9Sstevel@tonic-gate 77c478bd9Sstevel@tonic-gate The contents of this file are subject to the terms of the 845916cd2Sjpk Common Development and Distribution License (the "License"). 945916cd2Sjpk You may not use this file except in compliance with the License. 107c478bd9Sstevel@tonic-gate 117c478bd9Sstevel@tonic-gate You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 127c478bd9Sstevel@tonic-gate or http://www.opensolaris.org/os/licensing. 137c478bd9Sstevel@tonic-gate See the License for the specific language governing permissions 147c478bd9Sstevel@tonic-gate and limitations under the License. 157c478bd9Sstevel@tonic-gate 167c478bd9Sstevel@tonic-gate When distributing Covered Code, include this CDDL HEADER in each 177c478bd9Sstevel@tonic-gate file and include the License file at usr/src/OPENSOLARIS.LICENSE. 187c478bd9Sstevel@tonic-gate If applicable, add the following below this CDDL HEADER, with the 197c478bd9Sstevel@tonic-gate fields enclosed by brackets "[]" replaced with your own identifying 207c478bd9Sstevel@tonic-gate information: Portions Copyright [yyyy] [name of copyright owner] 217c478bd9Sstevel@tonic-gate 227c478bd9Sstevel@tonic-gate CDDL HEADER END 237c478bd9Sstevel@tonic-gate 24*7ddce999SHans Rosenfeld Copyright 2016 Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org> 256935f61bSMarcel Telka Copyright 2015 Nexenta Systems, Inc. All rights reserved. 263e8c3b95SDan McDonald Copyright 2014 OmniTI Computer Consulting, Inc. All rights reserved. 27eb1a3463STruong Nguyen Copyright 2009 Sun Microsystems, Inc. All rights reserved. 280ea5e3a5Sjjj Use is subject to license terms. 2945916cd2Sjpk 300ea5e3a5Sjjj Service manifest for rpcbind 310ea5e3a5Sjjj 327c478bd9Sstevel@tonic-gate NOTE: This service manifest is not editable; its contents will 337c478bd9Sstevel@tonic-gate be overwritten by package or patch operations, including 347c478bd9Sstevel@tonic-gate operating system upgrade. Make customizations in a different 357c478bd9Sstevel@tonic-gate file. 367c478bd9Sstevel@tonic-gate--> 377c478bd9Sstevel@tonic-gate 387c478bd9Sstevel@tonic-gate<service_bundle type='manifest' name='SUNWcsr:rpcbind'> 397c478bd9Sstevel@tonic-gate 407c478bd9Sstevel@tonic-gate<service 417c478bd9Sstevel@tonic-gate name='network/rpc/bind' 427c478bd9Sstevel@tonic-gate type='service' 437c478bd9Sstevel@tonic-gate version='1'> 447c478bd9Sstevel@tonic-gate 457c478bd9Sstevel@tonic-gate <create_default_instance enabled='true' /> 467c478bd9Sstevel@tonic-gate 477c478bd9Sstevel@tonic-gate <single_instance /> 487c478bd9Sstevel@tonic-gate 497c478bd9Sstevel@tonic-gate <dependency 507c478bd9Sstevel@tonic-gate name='fs' 517c478bd9Sstevel@tonic-gate grouping='require_all' 527c478bd9Sstevel@tonic-gate restart_on='none' 537c478bd9Sstevel@tonic-gate type='service'> 547c478bd9Sstevel@tonic-gate <service_fmri value='svc:/system/filesystem/minimal' /> 557c478bd9Sstevel@tonic-gate </dependency> 567c478bd9Sstevel@tonic-gate 571c55ce03Samaguire <!-- 581c55ce03Samaguire rpcbind(1M) depends on multicast routes installed by the 591c55ce03Samaguire routing-setup service, and should be started after any IPsec 601c55ce03Samaguire policy is configured and TCP ndd tunables are set (both 611c55ce03Samaguire currently carried out by network/initial). 621c55ce03Samaguire --> 637c478bd9Sstevel@tonic-gate <dependency 641c55ce03Samaguire name='network_initial' 657c478bd9Sstevel@tonic-gate grouping='optional_all' 667c478bd9Sstevel@tonic-gate restart_on='none' 677c478bd9Sstevel@tonic-gate type='service'> 681c55ce03Samaguire <service_fmri value='svc:/network/routing-setup:default' /> 691c55ce03Samaguire <service_fmri value='svc:/network/initial:default' /> 707c478bd9Sstevel@tonic-gate </dependency> 717c478bd9Sstevel@tonic-gate 72eb1a3463STruong Nguyen <dependency 73eb1a3463STruong Nguyen name='network_ipfilter' 74eb1a3463STruong Nguyen grouping='optional_all' 75eb1a3463STruong Nguyen restart_on='none' 76eb1a3463STruong Nguyen type='service'> 77eb1a3463STruong Nguyen <service_fmri value='svc:/network/ipfilter:default' /> 78eb1a3463STruong Nguyen </dependency> 79eb1a3463STruong Nguyen 807c478bd9Sstevel@tonic-gate <exec_method 817c478bd9Sstevel@tonic-gate type='method' 827c478bd9Sstevel@tonic-gate name='start' 837c478bd9Sstevel@tonic-gate exec='/lib/svc/method/rpc-bind %m' 847c478bd9Sstevel@tonic-gate timeout_seconds='60'> 857c478bd9Sstevel@tonic-gate <method_context> 867c478bd9Sstevel@tonic-gate <method_credential 877c478bd9Sstevel@tonic-gate user='root' 887c478bd9Sstevel@tonic-gate group='root' 8945916cd2Sjpk privileges='basic,file_chown,file_chown_self,file_owner,net_privaddr,proc_setid,sys_nfs,net_bindmlp' 907c478bd9Sstevel@tonic-gate /> 917c478bd9Sstevel@tonic-gate </method_context> 927c478bd9Sstevel@tonic-gate </exec_method> 937c478bd9Sstevel@tonic-gate 947c478bd9Sstevel@tonic-gate <exec_method 957c478bd9Sstevel@tonic-gate type='method' 96064ed339Sjjj name='refresh' 97064ed339Sjjj exec=':kill -HUP' 98064ed339Sjjj timeout_seconds='0'> 99064ed339Sjjj </exec_method> 100064ed339Sjjj 101064ed339Sjjj <exec_method 102064ed339Sjjj type='method' 1037c478bd9Sstevel@tonic-gate name='stop' 1047c478bd9Sstevel@tonic-gate exec='/lib/svc/method/rpc-bind %m %{restarter/contract}' 1057c478bd9Sstevel@tonic-gate timeout_seconds='60'> 1067c478bd9Sstevel@tonic-gate <method_context> 1077c478bd9Sstevel@tonic-gate <method_credential 1087c478bd9Sstevel@tonic-gate user='root' 1097c478bd9Sstevel@tonic-gate group='root' 1107c478bd9Sstevel@tonic-gate privileges='basic,proc_owner' 1117c478bd9Sstevel@tonic-gate /> 1127c478bd9Sstevel@tonic-gate </method_context> 1137c478bd9Sstevel@tonic-gate </exec_method> 1147c478bd9Sstevel@tonic-gate 1157c478bd9Sstevel@tonic-gate <property_group name='config' type='application' > 1167c478bd9Sstevel@tonic-gate <!-- default property settings for rpcbind(1M). --> 1177c478bd9Sstevel@tonic-gate 1187c478bd9Sstevel@tonic-gate <!-- enable_tcpwrappers affects the wrapping of rpcbind, 1197c478bd9Sstevel@tonic-gate see rpcbind(1M) and tcpd(1M) for details. 1207c478bd9Sstevel@tonic-gate The default value is 'false'. 1217c478bd9Sstevel@tonic-gate A values of 'true' results in wrapping all UDP/TCP 1227c478bd9Sstevel@tonic-gate calls to the portmapper with libwrap. Note that 1237c478bd9Sstevel@tonic-gate rpcbind(1M) will not resolve or lookup names while 1247c478bd9Sstevel@tonic-gate doing tcp wrapper processing. 1257c478bd9Sstevel@tonic-gate --> 1267c478bd9Sstevel@tonic-gate <propval 1277c478bd9Sstevel@tonic-gate name='enable_tcpwrappers' 1287c478bd9Sstevel@tonic-gate type='boolean' 1297c478bd9Sstevel@tonic-gate value='false' /> 1307c478bd9Sstevel@tonic-gate 1317c478bd9Sstevel@tonic-gate <!-- verbose_logging affects the amount of information 1327c478bd9Sstevel@tonic-gate which is logged by the tcpwrapper code. 1337c478bd9Sstevel@tonic-gate The default is 'false'. 1347c478bd9Sstevel@tonic-gate This property has no effect when tcp wrappers are not 1357c478bd9Sstevel@tonic-gate enabled. 1367c478bd9Sstevel@tonic-gate --> 1377c478bd9Sstevel@tonic-gate <propval 1387c478bd9Sstevel@tonic-gate name='verbose_logging' 1397c478bd9Sstevel@tonic-gate type='boolean' 1407c478bd9Sstevel@tonic-gate value='false' /> 1417c478bd9Sstevel@tonic-gate 1427c478bd9Sstevel@tonic-gate <!-- allow_indirect affects the forwarding of RPC calls 1437c478bd9Sstevel@tonic-gate indirect rpcbind calls using rpcb_rmtcall(3NSL). 1447c478bd9Sstevel@tonic-gate The default value is 'true'. By default this is allowed 1457c478bd9Sstevel@tonic-gate for all services except for a handful. 1467c478bd9Sstevel@tonic-gate A value of 'false' stops all indirect calls. This will 1477c478bd9Sstevel@tonic-gate also disable broadcast rpc. NIS broadcast clients rely 1487c478bd9Sstevel@tonic-gate on this functionality to exist on NIS servers. 1497c478bd9Sstevel@tonic-gate --> 1507c478bd9Sstevel@tonic-gate <propval 1517c478bd9Sstevel@tonic-gate name='allow_indirect' 1527c478bd9Sstevel@tonic-gate type='boolean' 1537c478bd9Sstevel@tonic-gate value='true' /> 1540ea5e3a5Sjjj 1550ea5e3a5Sjjj <!-- local_only specifies whether rpcbind should allow 1560ea5e3a5Sjjj calls from hosts other than the localhost. 1570ea5e3a5Sjjj Setting local_only to true will make rpcbind serve 1580ea5e3a5Sjjj only those requests that come in from the local machine. 159878f29a1Sgww Setting local_only to false will allow access from 160878f29a1Sgww other hosts. 1610ea5e3a5Sjjj --> 1620ea5e3a5Sjjj <propval 1630ea5e3a5Sjjj name='local_only' 1640ea5e3a5Sjjj type='boolean' 165ed1b5e11Sgww value='true' /> 1660ea5e3a5Sjjj 1670ea5e3a5Sjjj <!-- to configure rpc/bind --> 1680ea5e3a5Sjjj <propval name='value_authorization' type='astring' 1690ea5e3a5Sjjj value='solaris.smf.value.rpc.bind' /> 1708f6d9daeSMarcel Telka 1718f6d9daeSMarcel Telka <propval 1728f6d9daeSMarcel Telka name='listen_backlog' 1738f6d9daeSMarcel Telka type='integer' 1748f6d9daeSMarcel Telka value='64' /> 1758f6d9daeSMarcel Telka 1768f6d9daeSMarcel Telka <propval 1778f6d9daeSMarcel Telka name='max_threads' 1788f6d9daeSMarcel Telka type='integer' 1798f6d9daeSMarcel Telka value='72' /> 1800ea5e3a5Sjjj </property_group> 1810ea5e3a5Sjjj 1820ea5e3a5Sjjj <!-- Authorization --> 1830ea5e3a5Sjjj <property_group name='general' type='framework'> 184c817a439Sjohnz <!-- to operate rpc/bind --> 1850ea5e3a5Sjjj <propval name='action_authorization' type='astring' 1860ea5e3a5Sjjj value='solaris.smf.manage.rpc.bind' /> 1877c478bd9Sstevel@tonic-gate </property_group> 1887c478bd9Sstevel@tonic-gate 189eb1a3463STruong Nguyen <property_group name='firewall_context' type='com.sun,fw_definition'> 190eb1a3463STruong Nguyen <propval name='name' type='astring' value='sunrpc' /> 191eb1a3463STruong Nguyen </property_group> 192eb1a3463STruong Nguyen 193eb1a3463STruong Nguyen <property_group name='firewall_config' type='com.sun,fw_configuration'> 194eb1a3463STruong Nguyen <propval name='policy' type='astring' value='use_global' /> 195*7ddce999SHans Rosenfeld <propval name='block_policy' type='astring' 196*7ddce999SHans Rosenfeld value='use_global' /> 197eb1a3463STruong Nguyen <propval name='apply_to' type='astring' value='' /> 198*7ddce999SHans Rosenfeld <propval name='apply_to_6' type='astring' value='' /> 199eb1a3463STruong Nguyen <propval name='exceptions' type='astring' value='' /> 200*7ddce999SHans Rosenfeld <propval name='exceptions_6' type='astring' value='' /> 201*7ddce999SHans Rosenfeld <propval name='target' type='astring' value='' /> 202*7ddce999SHans Rosenfeld <propval name='target_6' type='astring' value='' /> 203eb1a3463STruong Nguyen <propval name='value_authorization' type='astring' 204eb1a3463STruong Nguyen value='solaris.smf.value.firewall.config' /> 205eb1a3463STruong Nguyen </property_group> 206eb1a3463STruong Nguyen 2077c478bd9Sstevel@tonic-gate <stability value='Unstable' /> 2087c478bd9Sstevel@tonic-gate 2097c478bd9Sstevel@tonic-gate <template> 2107c478bd9Sstevel@tonic-gate <common_name> 2117c478bd9Sstevel@tonic-gate <loctext xml:lang='C'> 2127c478bd9Sstevel@tonic-gate RPC bindings 2137c478bd9Sstevel@tonic-gate </loctext> 2147c478bd9Sstevel@tonic-gate </common_name> 2157c478bd9Sstevel@tonic-gate <documentation> 2167c478bd9Sstevel@tonic-gate <manpage title='rpcbind' section='1M' 2177c478bd9Sstevel@tonic-gate manpath='/usr/share/man' /> 2187c478bd9Sstevel@tonic-gate </documentation> 2197c478bd9Sstevel@tonic-gate </template> 2207c478bd9Sstevel@tonic-gate 2217c478bd9Sstevel@tonic-gate</service> 2227c478bd9Sstevel@tonic-gate 2237c478bd9Sstevel@tonic-gate</service_bundle> 224