usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/manual-key.xml

   1 <?xml version="1.0"?>
   2 <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
   3 <!--
   4  Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
   5  Use is subject to license terms.
   6
   7  CDDL HEADER START
   8
   9  The contents of this file are subject to the terms of the
  10  Common Development and Distribution License (the "License").
  11  You may not use this file except in compliance with the License.
  12
  13  You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  14  or http://www.opensolaris.org/os/licensing.
  15  See the License for the specific language governing permissions
  16  and limitations under the License.
  17
  18  When distributing Covered Code, include this CDDL HEADER in each
  19  file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  20  If applicable, add the following below this CDDL HEADER, with the
  21  fields enclosed by brackets "[]" replaced with your own identifying
  22  information: Portions Copyright [yyyy] [name of copyright owner]
  23
  24  CDDL HEADER END
  25
  26         ident   "%Z%%M% %I%     %E% SMI"
  27
  28         NOTE:  This service manifest is not editable; its contents will
  29         be overwritten by package or patch operations, including
  30         operating system upgrade.  Make customizations in a different
  31         file.
  32 -->
  33 <service_bundle type='manifest' name='SUNWcsr:manual-key'>
  34
  35 <service
  36         name='network/ipsec/manual-key'
  37         type='service'
  38         version='1'>
  39
  40         <!-- The 'manual-key' service is delivered disabled
  41         because there is not a default configuration file.
  42         See note below on changing the default configuration file. -->
  43
  44         <create_default_instance enabled='false' />
  45
  46         <single_instance />
  47
  48         <!-- Read/Write access to /var/run required for lock files -->
  49         <dependency
  50                 name='filesystem'
  51                 grouping='require_all'
  52                 restart_on='none'
  53                 type='service'>
  54                 <service_fmri
  55                         value='svc:/system/filesystem/minimal'
  56                 />
  57         </dependency>
  58         <!-- Kernel needs to know IPsec supported algorithms -->
  59         <dependency
  60                 name='algorithms'
  61                 grouping='require_all'
  62                 restart_on='none'
  63                 type='service'>
  64                 <service_fmri
  65                         value='svc:/network/ipsec/ipsecalgs'
  66                 />
  67         </dependency>
  68
  69         <!-- If we are enabled, we should be running fairly early -->
  70
  71         <dependent
  72                 name='ipseckey-network'
  73                 grouping='optional_all'
  74                 restart_on='none'>
  75                 <service_fmri
  76                         value='svc:/milestone/network'
  77                 />
  78         </dependent>
  79
  80         <exec_method
  81                 type='method'
  82                 name='start'
  83                 exec='/usr/sbin/ipseckey -f  %{config/config_file}'
  84                 timeout_seconds='60'
  85         />
  86
  87         <!-- To prevent ipseckey generating warnings about duplicate
  88         SAs when the service is refreshed, ipseckey will flush the
  89         existing SAs when its called from smf(5). -->
  90
  91         <exec_method
  92                 type='method'
  93                 name='refresh'
  94                 exec='/usr/sbin/ipseckey -f  %{config/config_file}'
  95                 timeout_seconds='60'
  96         />
  97
  98         <exec_method
  99                 type='method'
 100                 name='stop'
 101                 exec='/usr/sbin/ipseckey flush'
 102                 timeout_seconds='60'
 103         />
 104
 105         <property_group name='general' type='framework'>
 106                 <!-- A user with this authorization can:
 107
 108                         svcadm restart manual-key
 109                         svcadm refresh manual-key
 110                         svcadm mark <state> manual-key
 111                         svcadm clear manual-key
 112
 113                 see auths(1) and user_attr(4)-->
 114
 115                 <propval
 116                         name='action_authorization'
 117                         type='astring'
 118                         value='solaris.smf.manage.ipsec'
 119                 />
 120                 <!-- A user with this authorization can:
 121
 122                         svcadm disable manual-key
 123                         svcadm enable manual-key
 124
 125                 see auths(1) and user_attr(4)-->
 126
 127                 <propval
 128                         name='value_authorization'
 129                         type='astring'
 130                         value='solaris.smf.manage.ipsec'
 131                 />
 132         </property_group>
 133
 134         <!-- The properties defined below can be changed by a user
 135         with 'solaris.smf.value.ipsec' authorization using the
 136         svccfg(1M) command.
 137
 138         EG:
 139
 140         svccfg -s manual-key setprop config/config_file = /new/config_file
 141
 142         The new configurations will be read on service refresh:
 143
 144         svcadm refresh ipsec/manual-key
 145
 146         Note: svcadm disable/enable does not use the new property
 147         until after the service has been refreshed.
 148
 149         ***Do not edit this manifest to change these properties! -->
 150
 151         <property_group name='config' type='application'>
 152                 <propval
 153                         name='config_file'
 154                         type='astring'
 155                         value='/etc/inet/secret/ipseckeys'
 156                 />
 157                 <propval
 158                         name='value_authorization'
 159                         type='astring'
 160                         value='solaris.smf.value.ipsec'
 161                 />
 162         </property_group>
 163
 164         <property_group name='startd' type='framework'>
 165                 <propval
 166                         name='duration'
 167                         type='astring'
 168                         value='transient'
 169                 />
 170         </property_group>
 171
 172         <stability value='Unstable' />
 173
 174         <template>
 175                 <common_name>
 176                         <loctext xml:lang='C'>
 177                                 manually keyed IPsec startup
 178                         </loctext>
 179                 </common_name>
 180                 <description>
 181                         <loctext xml:lang='C'>
 182                                 Loads static security associations
 183                         </loctext>
 184                 </description>
 185                 <documentation>
 186                         <manpage title='ipseckey' section='1M'
 187                                 manpath='/usr/share/man' />
 188                 </documentation>
 189         </template>
 190 </service>
 191 </service_bundle>
 192