Merge remote-tracking branch 'origin/master'
[unleashed/lotheac.git] / usr / src / cmd / cmd-inet / usr.sbin / ipsecutils / policy.xml
blob99c3d0ed4db05bdadb83669c4ff8c7072e86315c
1 <?xml version="1.0"?>
2 <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
3 <!--
4         Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
5         Use is subject to license terms.
7  CDDL HEADER START
9  The contents of this file are subject to the terms of the
10  Common Development and Distribution License (the "License").
11  You may not use this file except in compliance with the License.
13  You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
14  or http://www.opensolaris.org/os/licensing.
15  See the License for the specific language governing permissions
16  and limitations under the License.
18  When distributing Covered Code, include this CDDL HEADER in each
19  file and include the License file at usr/src/OPENSOLARIS.LICENSE.
20  If applicable, add the following below this CDDL HEADER, with the
21  fields enclosed by brackets "[]" replaced with your own identifying
22  information: Portions Copyright [yyyy] [name of copyright owner]
24  CDDL HEADER END
26         NOTE:  This service manifest is not editable; its contents will
27         be overwritten by package or patch operations, including
28         operating system upgrade.  Make customizations in a different
29         file.
30 -->
31 <service_bundle type='manifest' name='SUNWcsr:policy'>
33 <service
34         name='network/ipsec/policy'
35         type='service'
36         version='1'>
38         <!-- The 'policy' service is delivered enabled for backwards
39         compatability with existing adminstrative proceedure. -->
41         <create_default_instance enabled='true' />
43         <single_instance />
45         <!-- Read/Write access to /var/run required for lock files -->
46         <dependency
47                 name='filesystem'
48                 grouping='require_all'
49                 restart_on='none'
50                 type='service'>
51                 <service_fmri
52                         value='svc:/system/filesystem/minimal'
53                 />
54         </dependency>
55         <!-- Kernel needs to know supported IPsec algorithms -->
56         <dependency
57                 name='algorithms'
58                 grouping='require_all'
59                 restart_on='none'
60                 type='service'>
61                 <service_fmri
62                         value='svc:/network/ipsec/ipsecalgs'
63                 />
64         </dependency>
65         <!-- General networking services should not start untill IPsec
66         policy has been configured. -->
67         <dependent
68                 name='policy-network'
69                 grouping='optional_all'
70                 restart_on='none'>
71                 <service_fmri
72                         value='svc:/milestone/network'
73                 />
74         </dependent>
76         <exec_method
77                 type='method'
78                 name='start'
79                 exec='/usr/sbin/ipsecconf -q -a %{config/config_file}'
80                 timeout_seconds='60'
81         />
83         <exec_method
84                 type='method'
85                 name='refresh'
86                 exec='/usr/sbin/ipsecconf -q -F -a %{config/config_file}'
87                 timeout_seconds='60'
88         />
90         <exec_method
91                 type='method'
92                 name='stop'
93                 exec='/usr/sbin/ipsecconf -F'
94                 timeout_seconds='60'
95         />
97         <property_group name='general' type='framework'>
98                 <!-- A user with this authorization can:
100                         svcadm restart policy
101                         svcadm refresh policy
102                         svcadm mark <state> policy
103                         svcadm clear policy
105                 see auths(1) and user_attr(4)-->
107                 <propval
108                         name='action_authorization'
109                         type='astring'
110                         value='solaris.smf.manage.ipsec'
111                 />
112                 <!-- A user with this authorization can:
113                         svcadm disable policy
114                         svcadm enable policy
116                 see auths(1) and user_attr(4)-->
118                 <propval
119                         name='value_authorization'
120                         type='astring'
121                         value='solaris.smf.manage.ipsec'
122                 />
123         </property_group>
125         <!-- The properties defined below can be changed by a user
126         with 'solaris.smf.value.ipsec' authorization using the 
127         svccfg(8) command.
129         EG:
131         svccfg -s ipsec/policy setprop config/config_file = /new/config_file
133         The new configurations will be read on service refresh:
135         svcadm refresh ipsec/policy
137         Note: svcadm stop/start does not use the new property
138         until after the service has been refreshed.
140         ***Dont edit this manifest to change these properties! -->
142         <property_group name='config' type='application'>
143                 <propval
144                         name='config_file'
145                         type='astring'
146                         value='/etc/inet/ipsecinit.conf'
147                 />
148                 <propval
149                         name='value_authorization'
150                         type='astring'
151                         value='solaris.smf.value.ipsec'
152                 />
153         </property_group>
155         <property_group name='startd' type='framework'>
156                 <propval
157                         name='duration'
158                         type='astring'
159                         value='transient'
160                 />
161         </property_group>
163         <stability value='Unstable' />
165         <template>
166                 <common_name>
167                         <loctext xml:lang='C'>
168                                 IPsec policy initialization
169                         </loctext>
170                 </common_name>
171                 <description>
172                         <loctext xml:lang='C'>
173                                 IPsec policy configuration involves
174                                 loading rules into the kernel Security
175                                 Policy Database (SPD)
176                         </loctext>
177                 </description>
178                 <documentation>
179                         <manpage title='ipsecconf' section='8'
180                                 manpath='/usr/share/man' />
181                 </documentation>
182         </template>
183 </service>
184 </service_bundle>