17c478bd9Sstevel@tonic-gate<?xml version='1.0'?> 27c478bd9Sstevel@tonic-gate<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'> 37c478bd9Sstevel@tonic-gate 47c478bd9Sstevel@tonic-gate<!-- 50ea5e3a5Sjjj CDDL HEADER START 6*bbf21555SRichard Lowe 70ea5e3a5Sjjj The contents of this file are subject to the terms of the 80ea5e3a5Sjjj Common Development and Distribution License (the "License"). 90ea5e3a5Sjjj You may not use this file except in compliance with the License. 10*bbf21555SRichard Lowe 110ea5e3a5Sjjj You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 120ea5e3a5Sjjj or http://www.opensolaris.org/os/licensing. 130ea5e3a5Sjjj See the License for the specific language governing permissions 140ea5e3a5Sjjj and limitations under the License. 15*bbf21555SRichard Lowe 160ea5e3a5Sjjj When distributing Covered Code, include this CDDL HEADER in each 170ea5e3a5Sjjj file and include the License file at usr/src/OPENSOLARIS.LICENSE. 180ea5e3a5Sjjj If applicable, add the following below this CDDL HEADER, with the 190ea5e3a5Sjjj fields enclosed by brackets "[]" replaced with your own identifying 200ea5e3a5Sjjj information: Portions Copyright [yyyy] [name of copyright owner] 21*bbf21555SRichard Lowe 220ea5e3a5Sjjj CDDL HEADER END 23*bbf21555SRichard Lowe 247ddce999SHans Rosenfeld Copyright 2016 Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org> 256935f61bSMarcel Telka Copyright 2015 Nexenta Systems, Inc. All rights reserved. 263e8c3b95SDan McDonald Copyright 2014 OmniTI Computer Consulting, Inc. All rights reserved. 27eb1a3463STruong Nguyen Copyright 2009 Sun Microsystems, Inc. All rights reserved. 280ea5e3a5Sjjj Use is subject to license terms. 290ea5e3a5Sjjj 300ea5e3a5Sjjj Service manifest for rpcbind 310ea5e3a5Sjjj 320ea5e3a5Sjjj NOTE: This service manifest is not editable; its contents will 330ea5e3a5Sjjj be overwritten by package or patch operations, including 340ea5e3a5Sjjj operating system upgrade. Make customizations in a different 350ea5e3a5Sjjj file. 367c478bd9Sstevel@tonic-gate--> 377c478bd9Sstevel@tonic-gate 387c478bd9Sstevel@tonic-gate<service_bundle type='manifest' name='SUNWcsr:rpcbind'> 397c478bd9Sstevel@tonic-gate 407c478bd9Sstevel@tonic-gate<service 417c478bd9Sstevel@tonic-gate name='network/rpc/bind' 427c478bd9Sstevel@tonic-gate type='service' 437c478bd9Sstevel@tonic-gate version='1'> 447c478bd9Sstevel@tonic-gate 45*bbf21555SRichard Lowe <create_default_instance enabled='true' /> 467c478bd9Sstevel@tonic-gate 477c478bd9Sstevel@tonic-gate <single_instance /> 487c478bd9Sstevel@tonic-gate 497c478bd9Sstevel@tonic-gate <dependency 507c478bd9Sstevel@tonic-gate name='fs' 517c478bd9Sstevel@tonic-gate grouping='require_all' 527c478bd9Sstevel@tonic-gate restart_on='none' 537c478bd9Sstevel@tonic-gate type='service'> 547c478bd9Sstevel@tonic-gate <service_fmri value='svc:/system/filesystem/minimal' /> 557c478bd9Sstevel@tonic-gate </dependency> 567c478bd9Sstevel@tonic-gate 571c55ce03Samaguire <!-- 58*bbf21555SRichard Lowe rpcbind(8) depends on multicast routes installed by the 591c55ce03Samaguire routing-setup service, and should be started after any IPsec 601c55ce03Samaguire policy is configured and TCP ndd tunables are set (both 611c55ce03Samaguire currently carried out by network/initial). 621c55ce03Samaguire --> 637c478bd9Sstevel@tonic-gate <dependency 641c55ce03Samaguire name='network_initial' 657c478bd9Sstevel@tonic-gate grouping='optional_all' 667c478bd9Sstevel@tonic-gate restart_on='none' 677c478bd9Sstevel@tonic-gate type='service'> 681c55ce03Samaguire <service_fmri value='svc:/network/routing-setup:default' /> 691c55ce03Samaguire <service_fmri value='svc:/network/initial:default' /> 707c478bd9Sstevel@tonic-gate </dependency> 717c478bd9Sstevel@tonic-gate 72eb1a3463STruong Nguyen <dependency 73eb1a3463STruong Nguyen name='network_ipfilter' 74eb1a3463STruong Nguyen grouping='optional_all' 75eb1a3463STruong Nguyen restart_on='none' 76eb1a3463STruong Nguyen type='service'> 77eb1a3463STruong Nguyen <service_fmri value='svc:/network/ipfilter:default' /> 78eb1a3463STruong Nguyen </dependency> 79eb1a3463STruong Nguyen 807c478bd9Sstevel@tonic-gate <exec_method 817c478bd9Sstevel@tonic-gate type='method' 827c478bd9Sstevel@tonic-gate name='start' 837c478bd9Sstevel@tonic-gate exec='/lib/svc/method/rpc-bind %m' 847c478bd9Sstevel@tonic-gate timeout_seconds='60'> 857c478bd9Sstevel@tonic-gate <method_context> 867c478bd9Sstevel@tonic-gate <method_credential 877c478bd9Sstevel@tonic-gate user='root' 887c478bd9Sstevel@tonic-gate group='root' 8945916cd2Sjpk privileges='basic,file_chown,file_chown_self,file_owner,net_privaddr,proc_setid,sys_nfs,net_bindmlp' 907c478bd9Sstevel@tonic-gate /> 917c478bd9Sstevel@tonic-gate </method_context> 927c478bd9Sstevel@tonic-gate </exec_method> 937c478bd9Sstevel@tonic-gate 94064ed339Sjjj <exec_method 95064ed339Sjjj type='method' 96064ed339Sjjj name='refresh' 97064ed339Sjjj exec=':kill -HUP' 98064ed339Sjjj timeout_seconds='0'> 99064ed339Sjjj </exec_method> 100064ed339Sjjj 1017c478bd9Sstevel@tonic-gate <exec_method 1027c478bd9Sstevel@tonic-gate type='method' 1037c478bd9Sstevel@tonic-gate name='stop' 1047c478bd9Sstevel@tonic-gate exec='/lib/svc/method/rpc-bind %m %{restarter/contract}' 1057c478bd9Sstevel@tonic-gate timeout_seconds='60'> 1067c478bd9Sstevel@tonic-gate <method_context> 1077c478bd9Sstevel@tonic-gate <method_credential 1087c478bd9Sstevel@tonic-gate user='root' 1097c478bd9Sstevel@tonic-gate group='root' 1107c478bd9Sstevel@tonic-gate privileges='basic,proc_owner' 1117c478bd9Sstevel@tonic-gate /> 1127c478bd9Sstevel@tonic-gate </method_context> 1137c478bd9Sstevel@tonic-gate </exec_method> 1147c478bd9Sstevel@tonic-gate 1157c478bd9Sstevel@tonic-gate <property_group name='config' type='application' > 116*bbf21555SRichard Lowe <!-- default property settings for rpcbind(8). --> 1177c478bd9Sstevel@tonic-gate 1187c478bd9Sstevel@tonic-gate <!-- enable_tcpwrappers affects the wrapping of rpcbind, 119*bbf21555SRichard Lowe see rpcbind(8) and tcpd(8) for details. 1207c478bd9Sstevel@tonic-gate The default value is 'false'. 1217c478bd9Sstevel@tonic-gate A values of 'true' results in wrapping all UDP/TCP 1227c478bd9Sstevel@tonic-gate calls to the portmapper with libwrap. Note that 123*bbf21555SRichard Lowe rpcbind(8) will not resolve or lookup names while 1247c478bd9Sstevel@tonic-gate doing tcp wrapper processing. 1257c478bd9Sstevel@tonic-gate --> 1267c478bd9Sstevel@tonic-gate <propval 1277c478bd9Sstevel@tonic-gate name='enable_tcpwrappers' 1287c478bd9Sstevel@tonic-gate type='boolean' 1297c478bd9Sstevel@tonic-gate value='false' /> 1307c478bd9Sstevel@tonic-gate 1317c478bd9Sstevel@tonic-gate <!-- verbose_logging affects the amount of information 1327c478bd9Sstevel@tonic-gate which is logged by the tcpwrapper code. 1337c478bd9Sstevel@tonic-gate The default is 'false'. 1347c478bd9Sstevel@tonic-gate This property has no effect when tcp wrappers are not 1357c478bd9Sstevel@tonic-gate enabled. 1367c478bd9Sstevel@tonic-gate --> 1377c478bd9Sstevel@tonic-gate <propval 1387c478bd9Sstevel@tonic-gate name='verbose_logging' 1397c478bd9Sstevel@tonic-gate type='boolean' 1407c478bd9Sstevel@tonic-gate value='false' /> 1417c478bd9Sstevel@tonic-gate 1427c478bd9Sstevel@tonic-gate <!-- allow_indirect affects the forwarding of RPC calls 1437c478bd9Sstevel@tonic-gate indirect rpcbind calls using rpcb_rmtcall(3NSL). 1447c478bd9Sstevel@tonic-gate The default value is 'true'. By default this is allowed 1457c478bd9Sstevel@tonic-gate for all services except for a handful. 1467c478bd9Sstevel@tonic-gate A value of 'false' stops all indirect calls. This will 1477c478bd9Sstevel@tonic-gate also disable broadcast rpc. NIS broadcast clients rely 1487c478bd9Sstevel@tonic-gate on this functionality to exist on NIS servers. 1497c478bd9Sstevel@tonic-gate --> 1507c478bd9Sstevel@tonic-gate <propval 1517c478bd9Sstevel@tonic-gate name='allow_indirect' 1527c478bd9Sstevel@tonic-gate type='boolean' 1537c478bd9Sstevel@tonic-gate value='true' /> 1540ea5e3a5Sjjj 1550ea5e3a5Sjjj <!-- local_only specifies whether rpcbind should allow 1560ea5e3a5Sjjj calls from hosts other than the localhost. 1570ea5e3a5Sjjj Setting local_only to true will make rpcbind serve 1580ea5e3a5Sjjj only those requests that come in from the local machine. 159878f29a1Sgww Setting local_only to false will allow access from 160878f29a1Sgww other hosts. 1610ea5e3a5Sjjj --> 1620ea5e3a5Sjjj <propval 1630ea5e3a5Sjjj name='local_only' 1640ea5e3a5Sjjj type='boolean' 165ed1b5e11Sgww value='true' /> 1660ea5e3a5Sjjj 1670ea5e3a5Sjjj <!-- to configure rpc/bind --> 1680ea5e3a5Sjjj <propval name='value_authorization' type='astring' 1690ea5e3a5Sjjj value='solaris.smf.value.rpc.bind' /> 1708f6d9daeSMarcel Telka 1718f6d9daeSMarcel Telka <propval 1728f6d9daeSMarcel Telka name='listen_backlog' 1738f6d9daeSMarcel Telka type='integer' 1748f6d9daeSMarcel Telka value='64' /> 1758f6d9daeSMarcel Telka 1768f6d9daeSMarcel Telka <propval 1778f6d9daeSMarcel Telka name='max_threads' 1788f6d9daeSMarcel Telka type='integer' 1798f6d9daeSMarcel Telka value='72' /> 1807c478bd9Sstevel@tonic-gate </property_group> 1817c478bd9Sstevel@tonic-gate 1820ea5e3a5Sjjj <!-- Authorization --> 1830ea5e3a5Sjjj <property_group name='general' type='framework'> 184c817a439Sjohnz <!-- to operate rpc/bind --> 1850ea5e3a5Sjjj <propval name='action_authorization' type='astring' 1860ea5e3a5Sjjj value='solaris.smf.manage.rpc.bind' /> 1870ea5e3a5Sjjj </property_group> 188eb1a3463STruong Nguyen 189eb1a3463STruong Nguyen <property_group name='firewall_context' type='com.sun,fw_definition'> 190eb1a3463STruong Nguyen <propval name='name' type='astring' value='sunrpc' /> 191eb1a3463STruong Nguyen </property_group> 192eb1a3463STruong Nguyen 193eb1a3463STruong Nguyen <property_group name='firewall_config' type='com.sun,fw_configuration'> 194eb1a3463STruong Nguyen <propval name='policy' type='astring' value='use_global' /> 1957ddce999SHans Rosenfeld <propval name='block_policy' type='astring' 1967ddce999SHans Rosenfeld value='use_global' /> 197eb1a3463STruong Nguyen <propval name='apply_to' type='astring' value='' /> 1987ddce999SHans Rosenfeld <propval name='apply_to_6' type='astring' value='' /> 199eb1a3463STruong Nguyen <propval name='exceptions' type='astring' value='' /> 2007ddce999SHans Rosenfeld <propval name='exceptions_6' type='astring' value='' /> 2017ddce999SHans Rosenfeld <propval name='target' type='astring' value='' /> 2027ddce999SHans Rosenfeld <propval name='target_6' type='astring' value='' /> 203eb1a3463STruong Nguyen <propval name='value_authorization' type='astring' 204eb1a3463STruong Nguyen value='solaris.smf.value.firewall.config' /> 205eb1a3463STruong Nguyen </property_group> 206eb1a3463STruong Nguyen 2077c478bd9Sstevel@tonic-gate <stability value='Unstable' /> 2087c478bd9Sstevel@tonic-gate 2097c478bd9Sstevel@tonic-gate <template> 2107c478bd9Sstevel@tonic-gate <common_name> 2117c478bd9Sstevel@tonic-gate <loctext xml:lang='C'> 2127c478bd9Sstevel@tonic-gate RPC bindings 2137c478bd9Sstevel@tonic-gate </loctext> 2147c478bd9Sstevel@tonic-gate </common_name> 2157c478bd9Sstevel@tonic-gate <documentation> 216*bbf21555SRichard Lowe <manpage title='rpcbind' section='8' 2177c478bd9Sstevel@tonic-gate manpath='/usr/share/man' /> 2187c478bd9Sstevel@tonic-gate </documentation> 2197c478bd9Sstevel@tonic-gate </template> 2207c478bd9Sstevel@tonic-gate 2217c478bd9Sstevel@tonic-gate</service> 2227c478bd9Sstevel@tonic-gate 2237c478bd9Sstevel@tonic-gate</service_bundle> 224