xref: /titanic_52/usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/policy.xml (revision 2dea4eed7ad1c66ae4770263aa2911815a8b86eb)
1<?xml version="1.0"?>
2<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
3<!--
4	Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
5	Use is subject to license terms.
6
7 CDDL HEADER START
8
9 The contents of this file are subject to the terms of the
10 Common Development and Distribution License (the "License").
11 You may not use this file except in compliance with the License.
12
13 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
14 or http://www.opensolaris.org/os/licensing.
15 See the License for the specific language governing permissions
16 and limitations under the License.
17
18 When distributing Covered Code, include this CDDL HEADER in each
19 file and include the License file at usr/src/OPENSOLARIS.LICENSE.
20 If applicable, add the following below this CDDL HEADER, with the
21 fields enclosed by brackets "[]" replaced with your own identifying
22 information: Portions Copyright [yyyy] [name of copyright owner]
23
24 CDDL HEADER END
25
26	NOTE:  This service manifest is not editable; its contents will
27	be overwritten by package or patch operations, including
28	operating system upgrade.  Make customizations in a different
29	file.
30-->
31<service_bundle type='manifest' name='SUNWcsr:policy'>
32
33<service
34	name='network/ipsec/policy'
35	type='service'
36	version='1'>
37
38	<!-- The 'policy' service is delivered enabled for backwards
39	compatability with existing adminstrative proceedure. -->
40
41	<create_default_instance enabled='true' />
42
43	<single_instance />
44
45	<!-- Read/Write access to /var/run required for lock files -->
46	<dependency
47		name='filesystem'
48		grouping='require_all'
49		restart_on='none'
50		type='service'>
51		<service_fmri
52			value='svc:/system/filesystem/minimal'
53		/>
54	</dependency>
55	<!-- Kernel needs to know supported IPsec algorithms -->
56	<dependency
57		name='algorithms'
58		grouping='require_all'
59		restart_on='none'
60		type='service'>
61		<service_fmri
62			value='svc:/network/ipsec/ipsecalgs'
63		/>
64	</dependency>
65	<!-- General networking services should not start untill IPsec
66	policy has been configured. -->
67	<dependent
68		name='policy-network'
69		grouping='optional_all'
70		restart_on='none'>
71		<service_fmri
72			value='svc:/milestone/network'
73		/>
74	</dependent>
75
76	<exec_method
77		type='method'
78		name='start'
79		exec='/usr/sbin/ipsecconf -q -a %{config/config_file}'
80		timeout_seconds='60'
81	/>
82
83	<exec_method
84		type='method'
85		name='refresh'
86		exec='/usr/sbin/ipsecconf -q -F -a %{config/config_file}'
87		timeout_seconds='60'
88	/>
89
90	<exec_method
91		type='method'
92		name='stop'
93		exec='/usr/sbin/ipsecconf -F'
94		timeout_seconds='60'
95	/>
96
97	<property_group name='general' type='framework'>
98		<!-- A user with this authorization can:
99
100			svcadm restart policy
101			svcadm refresh policy
102			svcadm mark <state> policy
103			svcadm clear policy
104
105		see auths(1) and user_attr(4)-->
106
107		<propval
108			name='action_authorization'
109			type='astring'
110			value='solaris.smf.manage.ipsec'
111		/>
112		<!-- A user with this authorization can:
113			svcadm disable policy
114			svcadm enable policy
115
116		see auths(1) and user_attr(4)-->
117
118		<propval
119			name='value_authorization'
120			type='astring'
121			value='solaris.smf.manage.ipsec'
122		/>
123	</property_group>
124
125	<!-- The properties defined below can be changed by a user
126	with 'solaris.smf.value.ipsec' authorization using the
127	svccfg(1M) command.
128
129	EG:
130
131	svccfg -s ipsec/policy setprop config/config_file = /new/config_file
132
133	The new configurations will be read on service refresh:
134
135	svcadm refresh ipsec/policy
136
137	Note: svcadm stop/start does not use the new property
138	until after the service has been refreshed.
139
140	***Dont edit this manifest to change these properties! -->
141
142	<property_group name='config' type='application'>
143		<propval
144			name='config_file'
145			type='astring'
146			value='/etc/inet/ipsecinit.conf'
147		/>
148		<propval
149			name='value_authorization'
150			type='astring'
151			value='solaris.smf.value.ipsec'
152		/>
153	</property_group>
154
155	<property_group name='startd' type='framework'>
156		<propval
157			name='duration'
158			type='astring'
159			value='transient'
160		/>
161	</property_group>
162
163	<stability value='Unstable' />
164
165	<template>
166		<common_name>
167			<loctext xml:lang='C'>
168				IPsec policy initialization
169			</loctext>
170		</common_name>
171		<description>
172			<loctext xml:lang='C'>
173				IPsec policy configuration involves
174				loading rules into the kernel Security
175				Policy Database (SPD)
176			</loctext>
177		</description>
178		<documentation>
179			<manpage title='ipsecconf' section='1M'
180				manpath='/usr/share/man' />
181		</documentation>
182	</template>
183</service>
184</service_bundle>
185