xref: /illumos-gate/usr/src/cmd/rpcbind/bind.xml (revision 45818ee124adeaaf947698996b4f4c722afc6d1f) 
1<?xml version='1.0'?>
2<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
3
4<!--
5    CDDL HEADER START
6
7    The contents of this file are subject to the terms of the
8    Common Development and Distribution License (the "License").
9    You may not use this file except in compliance with the License.
10
11    You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
12    or http://www.opensolaris.org/os/licensing.
13    See the License for the specific language governing permissions
14    and limitations under the License.
15
16    When distributing Covered Code, include this CDDL HEADER in each
17    file and include the License file at usr/src/OPENSOLARIS.LICENSE.
18    If applicable, add the following below this CDDL HEADER, with the
19    fields enclosed by brackets "[]" replaced with your own identifying
20    information: Portions Copyright [yyyy] [name of copyright owner]
21
22    CDDL HEADER END
23
24    Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
25    Copyright 2014 OmniTI Computer Consulting, Inc. All rights reserved.
26    Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
27    Use is subject to license terms.
28
29    Service manifest for rpcbind
30
31    NOTE:  This service manifest is not editable; its contents will
32    be overwritten by package or patch operations, including
33    operating system upgrade.  Make customizations in a different
34    file.
35-->
36
37<service_bundle type='manifest' name='SUNWcsr:rpcbind'>
38
39<service
40    name='network/rpc/bind'
41    type='service'
42    version='1'>
43
44    	<create_default_instance enabled='true' />
45
46	<single_instance />
47
48	<dependency
49		name='fs'
50		grouping='require_all'
51		restart_on='none'
52		type='service'>
53		<service_fmri value='svc:/system/filesystem/minimal' />
54	</dependency>
55
56	<!--
57		rpcbind(1M) depends on multicast routes installed by the
58		routing-setup service, and should be started after any IPsec
59		policy is configured and TCP ndd tunables are set (both
60		currently carried out by network/initial).
61	-->
62	<dependency
63		name='network_initial'
64		grouping='optional_all'
65		restart_on='none'
66		type='service'>
67		<service_fmri value='svc:/network/routing-setup:default' />
68		<service_fmri value='svc:/network/initial:default' />
69	</dependency>
70
71	<dependency
72		name='network_ipfilter'
73		grouping='optional_all'
74		restart_on='none'
75		type='service'>
76		<service_fmri value='svc:/network/ipfilter:default' />
77	</dependency>
78
79	<exec_method
80		type='method'
81		name='start'
82		exec='/lib/svc/method/rpc-bind %m'
83		timeout_seconds='60'>
84		<method_context>
85			<method_credential
86				user='root'
87				group='root'
88				privileges='basic,file_chown,file_chown_self,file_owner,net_privaddr,proc_setid,sys_nfs,net_bindmlp'
89				/>
90		</method_context>
91	</exec_method>
92
93	<exec_method
94		type='method'
95		name='refresh'
96		exec=':kill -HUP'
97		timeout_seconds='0'>
98	</exec_method>
99
100	<exec_method
101		type='method'
102		name='stop'
103		exec='/lib/svc/method/rpc-bind %m %{restarter/contract}'
104		timeout_seconds='60'>
105		<method_context>
106			<method_credential
107				user='root'
108				group='root'
109				privileges='basic,proc_owner'
110				/>
111		</method_context>
112	</exec_method>
113
114	<property_group name='config' type='application' >
115		<!-- default property settings for rpcbind(1M). -->
116
117		<!-- enable_tcpwrappers affects the wrapping of rpcbind,
118		     see rpcbind(1M) and tcpd(1M) for details.
119		     The default value is 'false'.
120		     A values of 'true' results in wrapping all UDP/TCP
121		     calls to the portmapper with libwrap. Note that
122		     rpcbind(1M) will not resolve or lookup names while
123		     doing tcp wrapper processing.
124		-->
125		<propval
126			name='enable_tcpwrappers'
127			type='boolean'
128			value='false' />
129
130		<!-- verbose_logging affects the amount of information
131		     which is logged by the tcpwrapper code.
132		     The default is 'false'.
133		     This property has no effect when tcp wrappers are not
134		     enabled.
135		-->
136		<propval
137			name='verbose_logging'
138			type='boolean'
139			value='false' />
140
141		<!-- allow_indirect affects the forwarding of RPC calls
142		     indirect rpcbind calls using rpcb_rmtcall(3NSL).
143		     The default value is 'true'. By default this is allowed
144		     for all services except for a handful.
145		     A value of 'false' stops all indirect calls. This will
146		     also disable broadcast rpc. NIS broadcast clients rely
147		     on this functionality to exist on NIS servers.
148		-->
149		<propval
150			name='allow_indirect'
151			type='boolean'
152			value='true' />
153
154		<!-- local_only specifies whether rpcbind should allow
155		     calls from hosts other than the localhost.
156		     Setting local_only to true will make rpcbind serve
157		     only those requests that come in from the local machine.
158		     Setting local_only to false will allow access from
159		     other hosts.
160		-->
161		<propval
162			name='local_only'
163			type='boolean'
164			value='true' />
165
166		<!-- to configure rpc/bind -->
167		<propval name='value_authorization' type='astring'
168			value='solaris.smf.value.rpc.bind' />
169
170		<propval
171			name='listen_backlog'
172			type='integer'
173			value='64' />
174
175		<propval
176			name='max_threads'
177			type='integer'
178			value='72' />
179	</property_group>
180
181	<!-- Authorization -->
182	<property_group name='general' type='framework'>
183		<!-- to operate rpc/bind -->
184		<propval name='action_authorization' type='astring'
185			value='solaris.smf.manage.rpc.bind' />
186	</property_group>
187
188	<property_group name='firewall_context' type='com.sun,fw_definition'>
189		<propval name='name' type='astring' value='sunrpc' />
190	</property_group>
191
192	<property_group name='firewall_config' type='com.sun,fw_configuration'>
193		<propval name='policy' type='astring' value='use_global' />
194		<propval name='apply_to' type='astring' value='' />
195		<propval name='exceptions' type='astring' value='' />
196		<propval name='value_authorization' type='astring'
197			value='solaris.smf.value.firewall.config' />
198	</property_group>
199
200	<stability value='Unstable' />
201
202	<template>
203		<common_name>
204			<loctext xml:lang='C'>
205				RPC bindings
206			</loctext>
207		</common_name>
208		<documentation>
209			<manpage title='rpcbind' section='1M'
210				manpath='/usr/share/man' />
211		</documentation>
212	</template>
213
214</service>
215
216</service_bundle>
217