usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/policy.xml

   1 <?xml version="1.0"?>
   2 <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
   3 <!--
   4         Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
   5         Use is subject to license terms.
   6
   7  CDDL HEADER START
   8
   9  The contents of this file are subject to the terms of the
  10  Common Development and Distribution License (the "License").
  11  You may not use this file except in compliance with the License.
  12
  13  You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  14  or http://www.opensolaris.org/os/licensing.
  15  See the License for the specific language governing permissions
  16  and limitations under the License.
  17
  18  When distributing Covered Code, include this CDDL HEADER in each
  19  file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  20  If applicable, add the following below this CDDL HEADER, with the
  21  fields enclosed by brackets "[]" replaced with your own identifying
  22  information: Portions Copyright [yyyy] [name of copyright owner]
  23
  24  CDDL HEADER END
  25
  26         NOTE:  This service manifest is not editable; its contents will
  27         be overwritten by package or patch operations, including
  28         operating system upgrade.  Make customizations in a different
  29         file.
  30 -->
  31 <service_bundle type='manifest' name='SUNWcsr:policy'>
  32
  33 <service
  34         name='network/ipsec/policy'
  35         type='service'
  36         version='1'>
  37
  38         <!-- The 'policy' service is delivered enabled for backwards
  39         compatability with existing adminstrative proceedure. -->
  40
  41         <create_default_instance enabled='true' />
  42
  43         <single_instance />
  44
  45         <!-- Read/Write access to /var/run required for lock files -->
  46         <dependency
  47                 name='filesystem'
  48                 grouping='require_all'
  49                 restart_on='none'
  50                 type='service'>
  51                 <service_fmri
  52                         value='svc:/system/filesystem/minimal'
  53                 />
  54         </dependency>
  55         <!-- Kernel needs to know supported IPsec algorithms -->
  56         <dependency
  57                 name='algorithms'
  58                 grouping='require_all'
  59                 restart_on='none'
  60                 type='service'>
  61                 <service_fmri
  62                         value='svc:/network/ipsec/ipsecalgs'
  63                 />
  64         </dependency>
  65         <!-- General networking services should not start untill IPsec
  66         policy has been configured. -->
  67         <dependent
  68                 name='policy-network'
  69                 grouping='optional_all'
  70                 restart_on='none'>
  71                 <service_fmri
  72                         value='svc:/milestone/network'
  73                 />
  74         </dependent>
  75
  76         <exec_method
  77                 type='method'
  78                 name='start'
  79                 exec='/usr/sbin/ipsecconf -q -a %{config/config_file}'
  80                 timeout_seconds='60'
  81         />
  82
  83         <exec_method
  84                 type='method'
  85                 name='refresh'
  86                 exec='/usr/sbin/ipsecconf -q -F -a %{config/config_file}'
  87                 timeout_seconds='60'
  88         />
  89
  90         <exec_method
  91                 type='method'
  92                 name='stop'
  93                 exec='/usr/sbin/ipsecconf -F'
  94                 timeout_seconds='60'
  95         />
  96
  97         <property_group name='general' type='framework'>
  98                 <!-- A user with this authorization can:
  99
 100                         svcadm restart policy
 101                         svcadm refresh policy
 102                         svcadm mark <state> policy
 103                         svcadm clear policy
 104
 105                 see auths(1) and user_attr(4)-->
 106
 107                 <propval
 108                         name='action_authorization'
 109                         type='astring'
 110                         value='solaris.smf.manage.ipsec'
 111                 />
 112                 <!-- A user with this authorization can:
 113                         svcadm disable policy
 114                         svcadm enable policy
 115
 116                 see auths(1) and user_attr(4)-->
 117
 118                 <propval
 119                         name='value_authorization'
 120                         type='astring'
 121                         value='solaris.smf.manage.ipsec'
 122                 />
 123         </property_group>
 124
 125         <!-- The properties defined below can be changed by a user
 126         with 'solaris.smf.value.ipsec' authorization using the
 127         svccfg(1M) command.
 128
 129         EG:
 130
 131         svccfg -s ipsec/policy setprop config/config_file = /new/config_file
 132
 133         The new configurations will be read on service refresh:
 134
 135         svcadm refresh ipsec/policy
 136
 137         Note: svcadm stop/start does not use the new property
 138         until after the service has been refreshed.
 139
 140         ***Dont edit this manifest to change these properties! -->
 141
 142         <property_group name='config' type='application'>
 143                 <propval
 144                         name='config_file'
 145                         type='astring'
 146                         value='/etc/inet/ipsecinit.conf'
 147                 />
 148                 <propval
 149                         name='value_authorization'
 150                         type='astring'
 151                         value='solaris.smf.value.ipsec'
 152                 />
 153         </property_group>
 154
 155         <property_group name='startd' type='framework'>
 156                 <propval
 157                         name='duration'
 158                         type='astring'
 159                         value='transient'
 160                 />
 161         </property_group>
 162
 163         <stability value='Unstable' />
 164
 165         <template>
 166                 <common_name>
 167                         <loctext xml:lang='C'>
 168                                 IPsec policy initialization
 169                         </loctext>
 170                 </common_name>
 171                 <description>
 172                         <loctext xml:lang='C'>
 173                                 IPsec policy configuration involves
 174                                 loading rules into the kernel Security
 175                                 Policy Database (SPD)
 176                         </loctext>
 177                 </description>
 178                 <documentation>
 179                         <manpage title='ipsecconf' section='1M'
 180                                 manpath='/usr/share/man' />
 181                 </documentation>
 182         </template>
 183 </service>
 184 </service_bundle>