1#
2# CDDL HEADER START
3#
4# The contents of this file are subject to the terms of the
5# Common Development and Distribution License (the "License").
6# You may not use this file except in compliance with the License.
7#
8# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9# or http://www.opensolaris.org/os/licensing.
10# See the License for the specific language governing permissions
11# and limitations under the License.
12#
13# When distributing Covered Code, include this CDDL HEADER in each
14# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15# If applicable, add the following below this CDDL HEADER, with the
16# fields enclosed by brackets "[]" replaced with your own identifying
17# information: Portions Copyright [yyyy] [name of copyright owner]
18#
19# CDDL HEADER END
20#
21
22#
23# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
24#
25
26#
27# The default for payload-bearing actions in this package is to appear in the
28# global zone only.  See the include file for greater detail, as well as
29# information about overriding the defaults.
30#
31#
32# CDDL HEADER START
33#
34# The contents of this file are subject to the terms of the
35# Common Development and Distribution License (the "License").
36# You may not use this file except in compliance with the License.
37#
38# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
39# or http://www.opensolaris.org/os/licensing.
40# See the License for the specific language governing permissions
41# and limitations under the License.
42#
43# When distributing Covered Code, include this CDDL HEADER in each
44# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
45# If applicable, add the following below this CDDL HEADER, with the
46# fields enclosed by brackets "[]" replaced with your own identifying
47# information: Portions Copyright [yyyy] [name of copyright owner]
48#
49# CDDL HEADER END
50#
51
52#
53# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
54#
55
56#
57# For packagers:
58#
59# This ruleset is useful for "system" components-- ones which are expected
60# to appear primarily in the global zone, but which may have some small
61# pieces (man pages, header files) which may need to appear in all zones.
62#
63# The current rules specify that all payload-bearing actions (file,
64# dir, hardlink, link) should appear *only* in the global zone, with
65# the following exceptions:
66#
67# 	- man pages appear in all zones
68# 	- header files appear in all zones
69# 	- mdb(1) modules appear in all zones
70#
71# You may well have other actions which you wish to appear in all zones.
72# An example would be an administrative utility for a driver which has
73# been virtualized to work within zones.  For those actions you wish to
74# appear in all zones, add the following attribute to your action.
75#
76#         variant.opensolaris.zone=__NODEFAULT
77#
78# You DO NOT need to specify __NODEFAULT for man pages, headers, or
79# mdb modules, as those are covered by the automatic rules below.
80#
81# Note: When you specify variant.opensolaris.zone=__NODEFAULT, the
82# net effect is that *no* variant.opensolaris.zone attribute will
83# appear in the post-processed manifest.
84#
85
86#
87# For packaging nerds:
88#
89# We have a problem to solve here: To make an action appear in all zones,
90# it should have *no* variant.opensolaris.zone attribute.  So it's a bit
91# more complicated to use "default".
92#
93# Here's what we do: we use "default" to set all payload bearing actions
94# which have no variant.opensolaris.zone attribute to be
95# variant.opensolaris.zone=global.  For those actions which need to appear
96# in all zones, the packager must specify
97# variant.opensolaris.zone=__NODEFAULT.  Additionally we have some rules
98# which set __NODEFAULT for a few classes of well known things, like man
99# pages and headers.
100#
101# We then go through and clean up all of the __NODEFAULTed attributes by
102# simply deleting them.
103#
104
105# Man pages should appear in all zones.
106
107# Headers should appear in all zones.
108
109# MDB modules should appear in all zones, as one might debug a crash dump
110# in a zone.
111
112# Everything else is global zone only unless the user overrides
113# action-by-action with __NODEFAULT.
114
115#
116# Buff out the __NODEFAULT attributes.
117#
118set name=pkg.fmri value=pkg:/system/trusted/global-zone@0.5.11,5.11-0.155.53
119set name=pkg.description value="Solaris Trusted Extensions, globalzone-only files"
120set name=pkg.summary value="Trusted Extensions global"
121set name=info.classification value=org.opensolaris.category.2008:System/Trusted
122set name=variant.arch value=i386
123dir group=sys mode=0755 owner=root path=etc variant.opensolaris.zone=global
124dir group=sys mode=0755 owner=root path=etc/security variant.opensolaris.zone=global
125dir group=sys mode=0755 owner=root path=etc/security/audio variant.opensolaris.zone=global
126dir group=sys mode=0755 owner=root path=etc/security/lib variant.opensolaris.zone=global
127dir group=sys mode=0755 owner=root path=etc/security/tsol variant.opensolaris.zone=global
128dir group=sys mode=0755 owner=root path=etc/zones variant.opensolaris.zone=global
129dir group=bin mode=0755 owner=root path=lib variant.opensolaris.zone=global
130dir group=bin mode=0755 owner=root path=lib/svc variant.opensolaris.zone=global
131dir group=sys mode=0755 owner=root path=lib/svc/manifest variant.opensolaris.zone=global
132dir group=sys mode=0755 owner=root path=lib/svc/manifest/network variant.opensolaris.zone=global
133dir group=sys mode=0755 owner=root path=lib/svc/manifest/system variant.opensolaris.zone=global
134dir group=bin mode=0755 owner=root path=lib/svc/method variant.opensolaris.zone=global
135dir facet.doc.man=true group=bin mode=0755 owner=root path=usr/share/man/man1m
136dir group=sys mode=0755 owner=root path=var variant.opensolaris.zone=global
137dir group=sys mode=0755 owner=root path=var/tsol variant.opensolaris.zone=global
138dir group=sys mode=0755 owner=root path=var/tsol/doors variant.opensolaris.zone=global
139file NOHASH group=sys mode=0555 owner=root path=etc/security/lib/disk_clean variant.opensolaris.zone=global
140file NOHASH group=sys mode=0555 owner=root path=etc/security/lib/wdwmsg variant.opensolaris.zone=global
141file NOHASH group=sys mode=0555 owner=root path=etc/security/lib/wdwwrapper variant.opensolaris.zone=global
142file NOHASH group=sys mode=0644 original_name=SUNWtsg:etc/security/tsol/devalloc_defaults owner=root path=etc/security/tsol/devalloc_defaults preserve=true variant.opensolaris.zone=global
143file NOHASH group=sys mode=0400 original_name=SUNWtsg:etc/security/tsol/label_encodings owner=root path=etc/security/tsol/label_encodings preserve=renamenew variant.opensolaris.zone=global
144file NOHASH group=sys mode=0444 owner=root path=etc/security/tsol/label_encodings.example variant.opensolaris.zone=global
145file NOHASH group=sys mode=0444 owner=root path=etc/security/tsol/label_encodings.gfi.multi variant.opensolaris.zone=global
146file NOHASH group=sys mode=0444 owner=root path=etc/security/tsol/label_encodings.gfi.single variant.opensolaris.zone=global
147file NOHASH group=sys mode=0444 owner=root path=etc/security/tsol/label_encodings.multi variant.opensolaris.zone=global
148file NOHASH group=sys mode=0444 owner=root path=etc/security/tsol/label_encodings.single variant.opensolaris.zone=global
149file NOHASH group=sys mode=0755 original_name=SUNWtsg:etc/security/tsol/relabel owner=root path=etc/security/tsol/relabel preserve=renamenew variant.opensolaris.zone=global
150file NOHASH group=sys mode=0644 original_name=SUNWtsg:etc/security/tsol/tnrhdb owner=root path=etc/security/tsol/tnrhdb preserve=renamenew variant.opensolaris.zone=global
151file NOHASH group=sys mode=0644 original_name=SUNWtsg:etc/security/tsol/tnrhtp owner=root path=etc/security/tsol/tnrhtp preserve=renamenew variant.opensolaris.zone=global
152file NOHASH group=sys mode=0644 original_name=SUNWtsg:etc/security/tsol/tnzonecfg owner=root path=etc/security/tsol/tnzonecfg preserve=renamenew variant.opensolaris.zone=global
153file NOHASH group=bin mode=0444 owner=root path=etc/zones/SUNWtsoldef.xml variant.opensolaris.zone=global
154file NOHASH group=sys mode=0444 owner=root path=lib/svc/manifest/network/tnctl.xml restart_fmri=svc:/system/manifest-import:default variant.opensolaris.zone=global
155file NOHASH group=sys mode=0444 owner=root path=lib/svc/manifest/network/tnd.xml restart_fmri=svc:/system/manifest-import:default variant.opensolaris.zone=global
156file NOHASH group=sys mode=0444 owner=root path=lib/svc/manifest/system/labeld.xml restart_fmri=svc:/system/manifest-import:default variant.opensolaris.zone=global
157file NOHASH group=bin mode=0555 owner=root path=lib/svc/method/svc-labeld variant.opensolaris.zone=global
158file NOHASH group=bin mode=0555 owner=root path=lib/svc/method/svc-tnctl variant.opensolaris.zone=global
159file NOHASH group=bin mode=0555 owner=root path=lib/svc/method/svc-tnd variant.opensolaris.zone=global
160file NOHASH facet.doc.man=true group=bin mode=0444 owner=root path=usr/share/man/man1m/smtnrhdb.1m
161file NOHASH facet.doc.man=true group=bin mode=0444 owner=root path=usr/share/man/man1m/smtnrhtp.1m
162file NOHASH facet.doc.man=true group=bin mode=0444 owner=root path=usr/share/man/man1m/smtnzonecfg.1m
163legacy arch=i386 category=system desc="Solaris Trusted Extensions, globalzone-only files" hotline="Please contact your local service provider" name="Trusted Extensions global" pkg=SUNWtsg vendor=Illumos version=11.11,REV=2009.11.11
164license cr_Sun license=cr_Sun
165license lic_CDDL license=lic_CDDL
166link path=etc/security/lib/audio_clean.windowing target=./audio_clean variant.opensolaris.zone=global
167link path=etc/security/lib/disk_clean.windowing target=./disk_clean variant.opensolaris.zone=global
168link path=etc/security/lib/st_clean.windowing target=./st_clean variant.opensolaris.zone=global
169# etc/security/lib/wdwmsg runs usr/bin/zenity
170depend fmri=gnome/zenity type=require
171#
172# CDDL HEADER START
173#
174# The contents of this file are subject to the terms of the
175# Common Development and Distribution License (the "License").
176# You may not use this file except in compliance with the License.
177#
178# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
179# or http://www.opensolaris.org/os/licensing.
180# See the License for the specific language governing permissions
181# and limitations under the License.
182#
183# When distributing Covered Code, include this CDDL HEADER in each
184# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
185# If applicable, add the following below this CDDL HEADER, with the
186# fields enclosed by brackets "[]" replaced with your own identifying
187# information: Portions Copyright [yyyy] [name of copyright owner]
188#
189# CDDL HEADER END
190#
191
192#
193# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
194#
195
196#
197# These actions represent settings which should appear in every package.
198#
199
200#
201# Name the consolidation this package came from.
202#
203set name=org.opensolaris.consolidation value=osnet
204
205#
206# Indicate that the package was published in a zones aware
207# fashion.
208#
209set name=variant.opensolaris.zone value=global value=nonglobal
210#
211# CDDL HEADER START
212#
213# The contents of this file are subject to the terms of the
214# Common Development and Distribution License (the "License").
215# You may not use this file except in compliance with the License.
216#
217# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
218# or http://www.opensolaris.org/os/licensing.
219# See the License for the specific language governing permissions
220# and limitations under the License.
221#
222# When distributing Covered Code, include this CDDL HEADER in each
223# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
224# If applicable, add the following below this CDDL HEADER, with the
225# fields enclosed by brackets "[]" replaced with your own identifying
226# information: Portions Copyright [yyyy] [name of copyright owner]
227#
228# CDDL HEADER END
229#
230
231#
232# Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
233# Use is subject to license terms.
234#
235
236#
237# Only publish packages for the currently specified architecture
238#
239# This is somewhat nonintuitive.  In English:
240#
241#	For any action of type "set",
242#	if the "name" property matches the regex "variant.arch",
243#	and *every* occurrence of the "value" property does not match
244#		$ARCH, then don't publish it.
245#
246# ...in other words, if *any* occurrence of "value" matches i386,
247# then the negative lookahead assertion in the regex will fail, and we
248# won't abort based on the action.
249#
250
251#
252# Catch don't-publish settings from manifest-embedded transforms
253#
254#
255# CDDL HEADER START
256#
257# The contents of this file are subject to the terms of the
258# Common Development and Distribution License (the "License").
259# You may not use this file except in compliance with the License.
260#
261# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
262# or http://www.opensolaris.org/os/licensing.
263# See the License for the specific language governing permissions
264# and limitations under the License.
265#
266# When distributing Covered Code, include this CDDL HEADER in each
267# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
268# If applicable, add the following below this CDDL HEADER, with the
269# fields enclosed by brackets "[]" replaced with your own identifying
270# information: Portions Copyright [yyyy] [name of copyright owner]
271#
272# CDDL HEADER END
273#
274
275#
276# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
277#
278
279#
280# This file and its contents are supplied under the terms of the
281# Common Development and Distribution License ("CDDL"), version 1.0.
282# You may only use this file in accordance with the terms of version
283# 1.0 of the CDDL.
284#
285# A full copy of the text of the CDDL should have accompanied this
286# source.  A copy of the CDDL is also available via the Internet
287# at http://www.illumos.org/license/CDDL.
288#
289
290# Copyright 2011, Richard Lowe
291
292# Manual pages are documentation, and more specifically 'man' documentation
293#
294# CDDL HEADER START
295#
296# The contents of this file are subject to the terms of the
297# Common Development and Distribution License (the "License").
298# You may not use this file except in compliance with the License.
299#
300# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
301# or http://www.opensolaris.org/os/licensing.
302# See the License for the specific language governing permissions
303# and limitations under the License.
304#
305# When distributing Covered Code, include this CDDL HEADER in each
306# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
307# If applicable, add the following below this CDDL HEADER, with the
308# fields enclosed by brackets "[]" replaced with your own identifying
309# information: Portions Copyright [yyyy] [name of copyright owner]
310#
311# CDDL HEADER END
312#
313
314#
315# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
316# Copyright 2011, Richard Lowe
317#
318
319#
320# For kernel/drv, set .conf files to mode 0644.  Assume all other
321# files there are drivers, and give them mode 0755 and reboot-needed.
322#
323# The (?<!r) construct in the reboot-needed transform is a negative
324# lookbehind assertion: it says "only match this regex if the
325# previously matched text does NOT match regex r."  So it will match
326# all files in the various kernel trees, except for .conf files.
327#
328
329
330#
331# Non-global zones should not have content in kernel, usr/kernel (and
332# other kernel dirs) or in boot/.
333#
334
335
336#
337# shared objects should generally have mode 0755
338#
339
340#
341# Catch some of the collections of largely read-only files
342#
343
344
345#
346# For what's left, go with root:bin 0644, +x for directories
347#
348
349#
350# Default values for legacy actions
351#
352#
353# CDDL HEADER START
354#
355# The contents of this file are subject to the terms of the
356# Common Development and Distribution License (the "License").
357# You may not use this file except in compliance with the License.
358#
359# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
360# or http://www.opensolaris.org/os/licensing.
361# See the License for the specific language governing permissions
362# and limitations under the License.
363#
364# When distributing Covered Code, include this CDDL HEADER in each
365# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
366# If applicable, add the following below this CDDL HEADER, with the
367# fields enclosed by brackets "[]" replaced with your own identifying
368# information: Portions Copyright [yyyy] [name of copyright owner]
369#
370# CDDL HEADER END
371#
372
373#
374# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
375#
376
377#
378# Pull out the license paths for staging in the proto area.  Ignore
379# those with no path separators, as that indicates a file kept in
380# $SRC/pkg/license_files, rather than alongside the associated source.
381#
382
383#
384# Ordering is important here, and the last line wins.
385#
386# The default of "current" is provided by the calling environment,
387# rather than a print operation.
388#
389depend fmri=consolidation/osnet/osnet-incorporation type=require
390depend fmri=__TBD pkg.debug.depend.file=client.xml pkg.debug.depend.path=lib/svc/manifest/network/ldap pkg.debug.depend.reason=lib/svc/manifest/network/tnd.xml pkg.debug.depend.type=smf_manifest type=require variant.opensolaris.zone=global
391depend fmri=__TBD pkg.debug.depend.file=ksh pkg.debug.depend.path=usr/bin pkg.debug.depend.reason=etc/security/lib/wdwmsg pkg.debug.depend.type=script type=require variant.opensolaris.zone=global
392depend fmri=__TBD pkg.debug.depend.file=ksh pkg.debug.depend.path=usr/bin pkg.debug.depend.reason=etc/security/lib/wdwwrapper pkg.debug.depend.type=script type=require variant.opensolaris.zone=global
393depend fmri=__TBD pkg.debug.depend.file=minimal-fs.xml pkg.debug.depend.path=lib/svc/manifest/system/filesystem pkg.debug.depend.reason=lib/svc/manifest/network/tnd.xml pkg.debug.depend.type=smf_manifest type=require variant.opensolaris.zone=global
394depend fmri=__TBD pkg.debug.depend.file=minimal-fs.xml pkg.debug.depend.path=lib/svc/manifest/system/filesystem pkg.debug.depend.reason=lib/svc/manifest/system/labeld.xml pkg.debug.depend.type=smf_manifest type=require variant.opensolaris.zone=global
395depend fmri=__TBD pkg.debug.depend.file=name-service-cache.xml pkg.debug.depend.path=lib/svc/manifest/system pkg.debug.depend.reason=lib/svc/manifest/network/tnd.xml pkg.debug.depend.type=smf_manifest type=require variant.opensolaris.zone=global
396depend fmri=__TBD pkg.debug.depend.file=sh pkg.debug.depend.path=sbin pkg.debug.depend.reason=lib/svc/method/svc-labeld pkg.debug.depend.type=script type=require variant.opensolaris.zone=global
397depend fmri=__TBD pkg.debug.depend.file=sh pkg.debug.depend.path=sbin pkg.debug.depend.reason=lib/svc/method/svc-tnctl pkg.debug.depend.type=script type=require variant.opensolaris.zone=global
398depend fmri=__TBD pkg.debug.depend.file=sh pkg.debug.depend.path=sbin pkg.debug.depend.reason=lib/svc/method/svc-tnd pkg.debug.depend.type=script type=require variant.opensolaris.zone=global
399depend fmri=__TBD pkg.debug.depend.file=sh pkg.debug.depend.path=usr/bin pkg.debug.depend.reason=etc/security/lib/disk_clean pkg.debug.depend.type=script type=require variant.opensolaris.zone=global
400depend fmri=__TBD pkg.debug.depend.file=sh pkg.debug.depend.path=usr/bin pkg.debug.depend.reason=etc/security/tsol/relabel pkg.debug.depend.type=script type=require variant.opensolaris.zone=global
401set name=org.opensolaris.smf.fmri value=svc:/network/tnctl value=svc:/network/tnctl:default value=svc:/network/tnd value=svc:/network/tnd:default value=svc:/system/labeld value=svc:/system/labeld:default
402