Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/svc/milestone/restarter.xml
+++ new/usr/src/cmd/svc/milestone/restarter.xml
1 1 <?xml version="1.0"?>
2 2 <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
3 3 <!--
4 4 Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
5 5 Copyright 2015 Nexenta Systems, Inc. All rights reserved.
6 6
7 7 CDDL HEADER START
8 8
9 9 The contents of this file are subject to the terms of the
10 10 Common Development and Distribution License (the "License").
11 11 You may not use this file except in compliance with the License.
12 12
13 13 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
14 14 or http://www.opensolaris.org/os/licensing.
15 15 See the License for the specific language governing permissions
16 16 and limitations under the License.
17 17
18 18 When distributing Covered Code, include this CDDL HEADER in each
19 19 file and include the License file at usr/src/OPENSOLARIS.LICENSE.
20 20 If applicable, add the following below this CDDL HEADER, with the
21 21 fields enclosed by brackets "[]" replaced with your own identifying
22 22 information: Portions Copyright [yyyy] [name of copyright owner]
23 23
24 24 CDDL HEADER END
25 25
26 26 NOTE: This service manifest is not editable; its contents will
27 27 be overwritten by package or patch operations, including
28 28 operating system upgrade. Make customizations in a different
29 29 file.
30 30 -->
31 31
32 32 <service_bundle type='manifest' name='SUNWcsr:restarter'>
33 33
34 34 <service
35 35 name='system/svc/restarter'
36 36 type='restarter'
37 37 version='1'>
38 38
39 39 <!--
40 40 svc.startd manages itself. However, this manifest allows
41 41 us to set non-persistent properties before filesystems
42 42 have been mounted r/w.
43 43 -->
44 44
45 45 <create_default_instance enabled='true' />
46 46
47 47 <single_instance/>
48 48
49 49 <!--
50 50 The restarter is actually started by init, so these methods are
51 51 ignored. However, they are required by definition and are
52 52 included here to avoid spurious validation errors.
53 53 -->
54 54 <exec_method
55 55 type='method'
56 56 name='start'
57 57 exec=':true'
58 58 timeout_seconds='0' />
59 59
60 60 <exec_method
61 61 type='method'
62 62 name='stop'
63 63 exec=':true'
64 64 timeout_seconds='0' />
65 65
66 66 <stability value='Unstable' />
67 67
68 68 <template>
69 69 <common_name>
70 70 <loctext xml:lang='C'>
71 71 master restarter
72 72 </loctext>
73 73 </common_name>
74 74 <documentation>
75 75 <manpage title='svc.startd' section='1M'
76 76 manpath='/usr/share/man' />
77 77 <manpage title='smf_method' section='5'
78 78 manpath='/usr/share/man' />
79 79 <manpage title='smf' section='5'
80 80 manpath='/usr/share/man' />
81 81 </documentation>
82 82
83 83 <!--
84 84 Much of the restarter pg is populated by librestart, but
85 85 because svc.startd augments the property group, we choose
86 86 to define the entire property group as restarter-specific
87 87 rather than define it globally and miss some of the
88 88 properties. Templates does not currently provide a way
89 89 to have multiple entities 'own' and describe a property
90 90 group.
91 91 -->
92 92 <pg_pattern name='restarter' type='framework'
93 93 target='delegate' required='false'>
94 94 <description>
95 95 <loctext xml:lang='C'>
96 96 Communicate restarter-set status of the service.
97 97 </loctext>
98 98 </description>
99 99 <prop_pattern name='alt_logfile' type='astring'
100 100 required='false'>
101 101 <description>
102 102 <loctext xml:lang='C'>
103 103 The logfile for restarter actions on this service and any direct output from its methods which occurred before the /var filesystem was available.
104 104 </loctext>
105 105 </description>
106 106 <visibility value='readonly'/>
107 107 <cardinality min='1' max='1'/>
108 108 </prop_pattern>
109 109 <prop_pattern name='logfile' type='astring'
110 110 required='false'>
111 111 <description>
112 112 <loctext xml:lang='C'>
113 113 The logfile for restarter actions on this service and any direct output from its methods.
114 114 </loctext>
115 115 </description>
116 116 <visibility value='readonly'/>
117 117 <cardinality min='1' max='1'/>
118 118 </prop_pattern>
119 119 <prop_pattern name='contract' type='count'
120 120 required='false'>
121 121 <description>
122 122 <loctext xml:lang='C'>
123 123 Primary process contract for a 'contract' or 'child' service.
124 124 </loctext>
125 125 </description>
126 126 <visibility value='readonly'/>
127 127 <cardinality min='1' max='1'/>
128 128 </prop_pattern>
129 129 <prop_pattern name='start_pid' type='count'
130 130 required='false'>
131 131 <description>
132 132 <loctext xml:lang='C'>
133 133 PID last launched as the start method for this service.
134 134 </loctext>
135 135 </description>
136 136 <visibility value='readonly'/>
137 137 <cardinality min='1' max='1'/>
138 138 </prop_pattern>
139 139 <prop_pattern name='start_method_timestamp' type='time'
140 140 required='false'>
141 141 <description>
142 142 <loctext xml:lang='C'>
143 143 Time the start method was last run.
144 144 </loctext>
145 145 </description>
146 146 <visibility value='readonly'/>
147 147 <cardinality min='1' max='1'/>
148 148 </prop_pattern>
149 149 <prop_pattern name='auxiliary_state' type='astring'
150 150 required='false'>
151 151 <description>
152 152 <loctext xml:lang='C'>
153 153 Restarter-set auxiliary information about the current state.
154 154 </loctext>
155 155 </description>
156 156 <visibility value='readonly'/>
157 157 <cardinality min='1' max='1'/>
158 158 </prop_pattern>
159 159 <prop_pattern name='auxiliary_fmri' type='astring'
160 160 required='false'>
161 161 <description>
162 162 <loctext xml:lang='C'>
163 163 Auxiliary fmri information for service state diagnosis.
164 164 </loctext>
165 165 </description>
166 166 <visibility value='hidden' />
167 167 </prop_pattern>
168 168 <prop_pattern name='state_timestamp' type='time'
169 169 required='false'>
170 170 <description>
171 171 <loctext xml:lang='C'>
172 172 Time the current state was reached.
173 173 </loctext>
174 174 </description>
175 175 <visibility value='readonly'/>
176 176 <cardinality min='1' max='1'/>
177 177 </prop_pattern>
178 178 <prop_pattern name='state' type='astring'
179 179 required='false'>
180 180 <description>
181 181 <loctext xml:lang='C'>
182 182 The current state of this service instance.
183 183 </loctext>
184 184 </description>
185 185 <visibility value='readonly'/>
186 186 <cardinality min='1' max='1'/>
187 187 <constraints>
188 188 <value name="online">
189 189 <description>
190 190 <loctext xml:lang='C'>
191 191 The instance is online and running.
192 192 </loctext>
193 193 </description>
194 194 </value>
195 195 <value name="offline">
196 196 <description>
197 197 <loctext xml:lang='C'>
198 198 The instance is enabled, but not yet running or available to run. The most common reason for service instances to be in this state is because one or more of their dependencies are not satisfied.
199 199 </loctext>
200 200 </description>
201 201 </value>
202 202 <value name="uninitialized">
203 203 <description>
204 204 <loctext xml:lang='C'>
205 205 The initial state for all instances before svc.startd has had a chance to evaluate on them. Instances are in this state when their restarter has not yet started.
206 206 </loctext>
207 207 </description>
208 208 </value>
209 209 <value name="degraded">
210 210 <description>
211 211 <loctext xml:lang='C'>
212 212 The instance is enabled and running or available to run. The instance, however, is functioning at a limited capacity in comparison to normal operation.
213 213 </loctext>
214 214 </description>
215 215 </value>
216 216 <value name="disabled">
217 217 <description>
218 218 <loctext xml:lang='C'>
219 219 The instance is disabled.
220 220 </loctext>
221 221 </description>
222 222 </value>
223 223 <value name="maintenance">
224 224 <description>
225 225 <loctext xml:lang='C'>
226 226 The instance is enabled, but not able to run. Administrative action is required to restore the instance to offline and subsequent states.
227 227 </loctext>
228 228 </description>
229 229 </value>
230 230 </constraints>
231 231 </prop_pattern>
232 232 <prop_pattern name='next_state' type='astring'
233 233 required='false'>
234 234 <description>
235 235 <loctext xml:lang='C'>
236 236 The next expected state of this instance.
237 237 </loctext>
238 238 </description>
239 239 <visibility value='readonly'/>
240 240 <cardinality min='1' max='1'/>
241 241 <constraints>
242 242 <value name="online">
243 243 <description>
244 244 <loctext xml:lang='C'>
245 245 The instance is being started, and will soon be online and running. This transition may fail and the instance may end up in offiline or maintenance instead.
246 246 </loctext>
247 247 </description>
248 248 </value>
249 249 <value name="offline">
250 250 <description>
251 251 <loctext xml:lang='C'>
252 252 The instance has been temporarily stopped. Most instances will leave this state once their dependencies are satisfied.
253 253 </loctext>
254 254 </description>
255 255 </value>
256 256 <value name="degraded">
257 257 <description>
258 258 <loctext xml:lang='C'>
259 259 The instance will be enabled and availble to run, although in a limited capacity.
260 260 </loctext>
261 261 </description>
262 262 </value>
263 263 <value name="disabled">
264 264 <description>
265 265 <loctext xml:lang='C'>
266 266 The instance will be disabled.
267 267 </loctext>
268 268 </description>
269 269 </value>
270 270 <value name="maintenance">
271 271 <description>
272 272 <loctext xml:lang='C'>
273 273 The instance will be in maintenance, and administrative action will be required to restore the instance to offline and subsequent states.
274 274 </loctext>
275 275 </description>
276 276 </value>
277 277 <value name="none">
278 278 <description>
279 279 <loctext xml:lang='C'>
280 280 The instance is not currently transitioning between states.
281 281 </loctext>
282 282 </description>
283 283 </value>
284 284 </constraints>
285 285 </prop_pattern>
286 286 </pg_pattern>
287 287
288 288 <pg_pattern name='options' type='application'
289 289 target='this' required='false'>
290 290 <description>
291 291 <loctext xml:lang='C'>
292 292 Specify options for the svc.startd restarter.
293 293 </loctext>
294 294 </description>
295 295
296 296 <prop_pattern name='boot_messages' type='astring'
297 297 required='false'>
298 298 <description>
299 299 <loctext xml:lang='C'>
300 300 Define verbosity of messages to print to the console during boot.
301 301 </loctext>
302 302 </description>
303 303 <cardinality min='1' max='1'/>
304 304 <constraints>
305 305 <value name='quiet'>
306 306 <description>
307 307 <loctext xml:lang='C'>
308 308 Issue console messages only on service failures.
309 309 </loctext>
310 310 </description>
311 311 </value>
312 312 <value name='verbose'>
313 313 <description>
314 314 <loctext xml:lang='C'>
315 315 Print a message per service started to indicate success or failure.
316 316 </loctext>
317 317 </description>
318 318 </value>
319 319 </constraints>
320 320 <choices>
321 321 <include_values type='constraints'/>
322 322 </choices>
323 323 </prop_pattern>
324 324
325 325 <prop_pattern name='logging' type='astring'
326 326 required='false'>
327 327 <description>
328 328 <loctext xml:lang='C'>
329 329 Control the level of global service logging for svc.startd.
330 330 </loctext>
331 331 </description>
332 332 <cardinality min='1' max='1'/>
333 333 <constraints>
334 334 <value name='quiet'>
335 335 <description>
336 336 <loctext xml:lang='C'>
337 337 Send error messages requiring administrative intervention to console, syslog, and svc.startd's global logfile.
338 338 </loctext>
339 339 </description>
340 340 </value>
341 341 <value name='verbose'>
342 342 <description>
343 343 <loctext xml:lang='C'>
344 344 Sends a message per service started to the console, error messages requiring administrative intervention to console, syslog, and svc.startd's global logfile, and information about errors which do not require intervention to the logfile.
345 345 </loctext>
346 346 </description>
347 347 </value>
348 348 <value name='debug'>
349 349 <description>
350 350 <loctext xml:lang='C'>
351 351 Send debug messages to svc.startd's global logfile, error messages requiring administrative intervention to the console, syslog, and the logfile, and a message per service started to the console.
352 352 </loctext>
353 353 </description>
354 354 </value>
355 355 </constraints>
356 356 <choices>
357 357 <include_values type='constraints'/>
358 358 </choices>
359 359 </prop_pattern>
360 360
361 361 <prop_pattern name='milestone' type='astring'
362 362 required='false'>
363 363 <description>
364 364 <loctext xml:lang='C'>
365 365 An FRMI which defines the milestone used as the default boot level.
366 366 </loctext>
367 367 </description>
368 368 <cardinality min='1' max='1'/>
369 369 <constraints>
370 370 <value
371 371 name='svc:/milestone/single-user:default'>
372 372 </value>
373 373 <value
374 374 name='svc:/milestone/multi-user:default'>
375 375 </value>
376 376 <value name=
377 377 'svc:/milestone/multi-user-server:default'>
378 378 </value>
379 379 <value name='all'>
380 380 <description>
381 381 <loctext xml:lang='C'>
382 382 Start all enabled services.
383 383 </loctext>
384 384 </description>
385 385 </value>
386 386 <value name='none'>
387 387 <description>
388 388 <loctext xml:lang='C'>
389 389 Start no services.
390 390 </loctext>
391 391 </description>
392 392 </value>
393 393 </constraints>
394 394 </prop_pattern>
395 395 <prop_pattern name='info_events_all' type='boolean'
396 396 required='false'>
397 397 <description>
398 398 <loctext xml:lang='C'>
399 399 Override notification parameters and raise Information Events on all state transitions
400 400 </loctext>
401 401 </description>
402 402 <visibility value='hidden' />
403 403 </prop_pattern>
404 404 </pg_pattern>
405 405
406 406 <pg_pattern name='system' type='framework'
407 407 target='this' required='false'>
408 408 <prop_pattern name='reconfigure' type='boolean'
409 409 required='false'>
410 410 <description>
411 411 <loctext xml:lang='C'>
412 412 Indicates that a reconfiguration reboot has been requested.
413 413 </loctext>
414 414 </description>
415 415 <visibility value='readonly'/>
416 416 <cardinality min='1' max='1'/>
417 417 </prop_pattern>
418 418 </pg_pattern>
419 419
420 420 <pg_pattern name='startd' type='framework'
421 421 target='delegate' required='false'>
422 422 <description>
423 423 <loctext xml:lang='C'>
424 424 Information about how a service instance is managed by svc.startd, which is supplied by the service author, sometimes modified by the administrator.
425 425 </loctext>
426 426 </description>
427 427
428 428 <prop_pattern name='duration' type='astring'
429 429 required='false'>
430 430 <description>
431 431 <loctext xml:lang='C'>
432 432 Defines the service's model.
433 433 </loctext>
434 434 </description>
435 435 <cardinality min='1' max='1'/>
436 436 <constraints>
437 437 <value name='contract'>
438 438 <description>
439 439 <loctext xml:lang='C'>
440 440 A standard system daemon, which runs forever to provide a service. It is not considered online until the start method process exits, though child processes are monitored for errors.
441 441 </loctext>
442 442 </description>
443 443 </value>
444 444 <value name='transient'>
445 445 <description>
446 446 <loctext xml:lang='C'>
447 447 The service is online as soon as its start method returns -- child processes are not monitored.
448 448 </loctext>
449 449 </description>
450 450 </value>
451 451 <value name='child'>
452 452 <description>
453 453 <loctext xml:lang='C'>
454 454 A service which runs for the lifetime of the child process, and is restarted when that process exits.
455 455 </loctext>
456 456 </description>
457 457 </value>
458 458 </constraints>
459 459 <choices>
460 460 <include_values type='constraints'/>
461 461 </choices>
462 462 </prop_pattern>
463 463 <prop_pattern name='ignore_error' type='astring'
464 464 required='false'>
465 465 <description>
466 466 <loctext xml:lang='C'>
467 467 A list of events which should not be considered service errors by svc.startd.
468 468 </loctext>
469 469 </description>
470 470 <cardinality min='1' max='1'/>
471 471 <!--
472 472 We won't recommend this as a choice since
473 473 it's only here to work around the fact
474 474 that startd defines this as a single
475 475 value rather than a value list *and*
476 476 templates doesn't currently take care
477 477 of assembling separately defined
478 478 values with the defined internal separator.
479 479 -->
480 480 <values>
481 481 <value name='signal,core'>
482 482 <description>
483 483 <loctext xml:lang='C'>
484 484 svc.startd should ignore coredumps and signals sent from outside the service.
485 485 </loctext>
486 486 </description>
487 487 </value>
488 488 </values>
489 489 <choices>
490 490 <value name='core'>
491 491 <description>
492 492 <loctext xml:lang='C'>
493 493 svc.startd should ignore coredumps from subprocesses.
494 494 </loctext>
495 495 </description>
496 496 </value>
497 497 <value name='signal'>
498 498 <description>
499 499 <loctext xml:lang='C'>
500 500 svc.startd should ignore signals sent from outside the service.
501 501 </loctext>
502 502 </description>
503 503 </value>
504 504 <value name='core,signal'>
505 505 <description>
506 506 <loctext xml:lang='C'>
507 507 svc.startd should ignore coredumps and signals sent from outside the service.
508 508 </loctext>
509 509 </description>
510 510 </value>
511 511 </choices>
512 512 </prop_pattern>
513 513 <prop_pattern name='need_session' type='boolean'
514 514 required='false'>
515 515 <description>
516 516 <loctext xml:lang='C'>
517 517 The instance should be launched in its own session per setpgrp(2).
518 518 </loctext>
519 519 </description>
520 520 <cardinality min='1' max='1'/>
521 521 </prop_pattern>
522 522 <prop_pattern name='utmpx_prefix' type='astring'
523 523 required='false'>
524 524 <description>
525 525 <loctext xml:lang='C'>
526 526 The instance requires that svc.startd create a valid utmpx entry prior to start method execution.
527 527 </loctext>
528 528 </description>
529 529 <cardinality min='1' max='1'/>
530 530 </prop_pattern>
531 531 </pg_pattern>
532 532
533 533 <pg_pattern name='start' type='method' target='delegate'
534 534 required='true'>
535 535 <description>
536 536 <loctext xml:lang='C'>
537 537 The start method defines how svc.startd should start the instance.
538 538 </loctext>
539 539 </description>
540 540 <prop_pattern name='exec' type='astring'
541 541 required='true'>
542 542 <common_name>
543 543 <loctext xml:lang='C'>
544 544 method executable
545 545 </loctext>
546 546 </common_name>
547 547 <description>
548 548 <loctext xml:lang='C'>
549 549 The method executable may be a script, program, or keyword.
550 550 </loctext>
551 551 </description>
552 552 <cardinality min='1' max='1'/>
553 553 <values>
554 554 <value name=':true'>
555 555 <description>
556 556 <loctext xml:lang='C'>
557 557 Always returns SMF_EXIT_OK. This token should be used when the start method is unnecessary for the particular service implementation.
558 558 </loctext>
559 559 </description>
560 560 </value>
561 561 <value name=':kill [-signal]'>
562 562 <description>
563 563 <loctext xml:lang='C'>
564 564 Sends the specified signal, which is SIGTERM by default, to all processes in the primary instance contract. Always returns SMF_EXIT_OK. This token should be used to replace common pkill invocations.
565 565
566 566 </loctext>
567 567 </description>
568 568 </value>
569 569 </values>
570 570 <choices>
571 571 <include_values type='values'/>
572 572 </choices>
573 573 </prop_pattern>
574 574
575 575 <prop_pattern name='type' type='astring'
576 576 required='true'>
577 577 <description>
578 578 <loctext xml:lang='C'>
579 579 A method may only be of type method.
580 580 </loctext>
581 581 </description>
582 582 <cardinality min='1' max='1'/>
583 583 <constraints>
584 584 <value name="method"/>
585 585 </constraints>
586 586 </prop_pattern>
587 587
588 588 <prop_pattern name='timeout_seconds' type='count'
589 589 required='true'>
590 590 <description>
591 591 <loctext xml:lang='C'>
592 592 Number of seconds before the method is considered unresponsive. After the method timeout expires, the method will be killed.
593 593 </loctext>
594 594 </description>
595 595 <cardinality min='1' max='1'/>
596 596 <values>
597 597 <value name="0">
598 598 <common_name>
599 599 <loctext xml:lang='C'>
600 600 infinite
601 601 </loctext>
602 602 </common_name>
603 603 <description>
604 604 <loctext xml:lang='C'>
605 605 This method will never time out.
606 606 </loctext>
607 607 </description>
608 608 </value>
609 609 <value name="-1">
610 610 <common_name>
611 611 <loctext xml:lang='C'>
612 612 infinite (legacy)
613 613 </loctext>
614 614 </common_name>
615 615 <description>
616 616 <loctext xml:lang='C'>
617 617 This method will never time out. 0 is the preferred value.
618 618 </loctext>
619 619 </description>
620 620 </value>
621 621 </values>
622 622 </prop_pattern>
623 623
624 624 <!-- method_context direct properties -->
625 625 <prop_pattern name='working_directory' type='astring'
626 626 required='false'>
627 627 <description>
628 628 <loctext xml:lang='C'>
629 629 The working directory to launch the method from. ":default" can be used as a token to indicate the home directory of the user specified by the credential or profile.
630 630 </loctext>
631 631 </description>
632 632 <cardinality min='1' max='1'/>
633 633 </prop_pattern>
634 634 <prop_pattern name='project' type='astring'
635 635 required='false'>
636 636 <description>
637 637 <loctext xml:lang='C'>
638 638 The project ID in numeric or text form. :default can be used as a token to indicate a project identified by getdefaultproj(3PROJECT) for the user whose uid is used to launch the method.
639 639 </loctext>
640 640 </description>
641 641 <cardinality min='1' max='1'/>
642 642 </prop_pattern>
643 643 <prop_pattern name='resource_pool' type='astring'
644 644 required='false'>
645 645 <common_name>
646 646 <loctext xml:lang='C'>
647 647 method context resource pool
648 648 </loctext>
649 649 </common_name>
|
↓ open down ↓ |
649 lines elided |
↑ open up ↑ |
650 650 <description>
651 651 <loctext xml:lang='C'>
652 652 The resource pool name on which to launch the method. :default can be used
653 653 as a token to indicate the pool specified in the project(4) entry given in
654 654 the project attribute.
655 655 </loctext>
656 656 </description>
657 657 <cardinality min='1' max='1'/>
658 658 </prop_pattern>
659 659
660 + <prop_pattern name='security_flags' type='astring'
661 + required='false'>
662 + <common_name>
663 + <loctext xml:lang='C'>
664 +method credential security flags
665 + </loctext>
666 + </common_name>
667 + <description>
668 + <loctext xml:lang='C'>
669 +An optional string specifying the security flags as defined in security-flags(5).
670 + </loctext>
671 + </description>
672 + <cardinality min='1' max='1'/>
673 + <internal_separators>,</internal_separators>
674 + </prop_pattern>
675 +
660 676 <!-- method_credential properties -->
661 677 <prop_pattern name='user' type='astring'
662 678 required='false'>
663 679 <common_name>
664 680 <loctext xml:lang='C'>
665 681 method credential user
666 682 </loctext>
667 683 </common_name>
668 684 <description>
669 685 <loctext xml:lang='C'>
670 686 The user ID in numeric or text form.
671 687 </loctext>
672 688 </description>
673 689 <cardinality min='1' max='1'/>
674 690 </prop_pattern>
675 691 <prop_pattern name='group' type='astring'
676 692 required='false'>
677 693 <common_name>
678 694 <loctext xml:lang='C'>
679 695 method credential group
680 696 </loctext>
681 697 </common_name>
682 698 <description>
683 699 <loctext xml:lang='C'>
684 700 The group ID in numeric or text form.
685 701 </loctext>
686 702 </description>
687 703 <cardinality min='1' max='1'/>
688 704 </prop_pattern>
689 705 <prop_pattern name='supp_groups' type='astring'
690 706 required='false'>
691 707 <common_name>
692 708 <loctext xml:lang='C'>
693 709 method credential supplemental groups
694 710 </loctext>
695 711 </common_name>
696 712 <description>
697 713 <loctext xml:lang='C'>
698 714 An optional string that specifies the supplemental group memberships by ID,
699 715 in numeric or text form.
700 716 </loctext>
701 717 </description>
702 718 <cardinality min='1' max='1'/>
703 719 <internal_separators>,</internal_separators>
704 720 </prop_pattern>
705 721 <prop_pattern name='privileges' type='astring'
706 722 required='false'>
707 723 <common_name>
708 724 <loctext xml:lang='C'>
709 725 method credential privileges
710 726 </loctext>
711 727 </common_name>
712 728 <description>
713 729 <loctext xml:lang='C'>
714 730 An optional string specifying the privilege set as defined in privileges(5).
715 731 </loctext>
716 732 </description>
717 733 <cardinality min='1' max='1'/>
718 734 <internal_separators>,</internal_separators>
719 735 </prop_pattern>
720 736 <prop_pattern name='limit_privileges' type='astring'
721 737 required='false'>
722 738 <common_name>
723 739 <loctext xml:lang='C'>
724 740 method credential limit privilege set
725 741 </loctext>
726 742 </common_name>
727 743 <description>
728 744 <loctext xml:lang='C'>
729 745 An optional string specifying the limit privilege set as defined in
730 746 privileges(5).
731 747 </loctext>
732 748 </description>
733 749 <cardinality min='1' max='1'/>
734 750 <internal_separators>,</internal_separators>
735 751 </prop_pattern>
736 752
737 753 <!-- method_profile properties -->
738 754 <prop_pattern name='use_profile' type='boolean'
739 755 required='false'>
740 756 <description>
741 757 <loctext xml:lang='C'>
|
↓ open down ↓ |
72 lines elided |
↑ open up ↑ |
742 758 A boolean that specifies whether the profile should be used instead of the
743 759 user, group, privileges, and limit_privileges properties.
744 760 </loctext>
745 761 </description>
746 762 <cardinality min='1' max='1'/>
747 763 </prop_pattern>
748 764 <prop_pattern name='profile' type='astring'
749 765 required='false'>
750 766 <common_name>
751 767 <loctext xml:lang='C'>
752 -method profile RBAC profile specification
768 +method profile RBAC profile specification
753 769 </loctext>
754 770 </common_name>
755 771 <description>
756 772 <loctext xml:lang='C'>
757 773 The name of an RBAC (role-based access control) profile which, along with the
758 774 method executable, identifies an entry in exec_attr(4).
759 775 </loctext>
760 776 </description>
761 777 <cardinality min='1' max='1'/>
762 778 </prop_pattern>
763 779
764 780 <!-- method_environment properties -->
765 781 <prop_pattern name='environment' type='astring'
766 782 required='false'>
767 783 <common_name>
768 784 <loctext xml:lang='C'>
769 785 method environment variables
770 786 </loctext>
771 787 </common_name>
772 788 <description>
773 789 <loctext xml:lang='C'>
774 790 Environment variables to insert into the environment of the method, in the
775 791 form of a number of NAME=value strings.
776 792 </loctext>
777 793 </description>
778 794 </prop_pattern>
779 795 </pg_pattern>
780 796
781 797 <pg_pattern name='stop' type='method' target='delegate'
782 798 required='true'>
783 799 <description>
784 800 <loctext xml:lang='C'>
785 801 The stop method defines how svc.startd should stop the instance.
786 802 </loctext>
787 803 </description>
788 804 <prop_pattern name='exec' type='astring'
789 805 required='true'>
790 806 <common_name>
791 807 <loctext xml:lang='C'>
792 808 method executable
793 809 </loctext>
794 810 </common_name>
795 811 <description>
796 812 <loctext xml:lang='C'>
797 813 The method executable may be a script, program, or keyword.
798 814 </loctext>
799 815 </description>
800 816 <cardinality min='1' max='1'/>
801 817 <values>
802 818 <value name=':true'>
803 819 <description>
804 820 <loctext xml:lang='C'>
805 821 Always returns SMF_EXIT_OK. This token should be used when the stop method is unnecessary for the particular service implementation.
806 822 </loctext>
807 823 </description>
808 824 </value>
809 825 <value name=':kill [-signal]'>
810 826 <description>
811 827 <loctext xml:lang='C'>
812 828 Sends the specified signal, which is SIGTERM by default, to all processes in the primary instance contract. Always returns SMF_EXIT_OK. This token should be used to replace common pkill invocations.
813 829 </loctext>
814 830 </description>
815 831 </value>
816 832 </values>
817 833 <choices>
818 834 <include_values type='values'/>
819 835 </choices>
820 836 </prop_pattern>
821 837
822 838 <prop_pattern name='type' type='astring'
823 839 required='true'>
824 840 <description>
825 841 <loctext xml:lang='C'>
826 842 A method may only be of type method.
827 843 </loctext>
828 844 </description>
829 845 <cardinality min='1' max='1'/>
830 846 <constraints>
831 847 <value name="method"/>
832 848 </constraints>
833 849 </prop_pattern>
834 850
835 851 <prop_pattern name='timeout_seconds' type='count'
836 852 required='true'>
837 853 <description>
838 854 <loctext xml:lang='C'>
839 855 Number of seconds before the method is considered unresponsive. After the method timeout expires, the method will be killed.
840 856 </loctext>
841 857 </description>
842 858 <cardinality min='1' max='1'/>
843 859 <values>
844 860 <value name="0">
845 861 <common_name>
846 862 <loctext xml:lang='C'>
847 863 infinite
848 864 </loctext>
849 865 </common_name>
850 866 <description>
851 867 <loctext xml:lang='C'>
852 868 This method will never time out.
853 869 </loctext>
854 870 </description>
855 871 </value>
856 872 <value name="-1">
857 873 <common_name>
858 874 <loctext xml:lang='C'>
859 875 infinite (legacy)
860 876 </loctext>
861 877 </common_name>
862 878 <description>
863 879 <loctext xml:lang='C'>
864 880 This method will never time out. 0 is the preferred value.
865 881 </loctext>
866 882 </description>
867 883 </value>
868 884 </values>
869 885 </prop_pattern>
870 886
871 887 <!-- method_context direct properties -->
872 888 <prop_pattern name='working_directory' type='astring'
873 889 required='false'>
874 890 <description>
875 891 <loctext xml:lang='C'>
876 892 The working directory to launch the method from. ":default" can be used as a token to indicate the home directory of the user specified by the credential or profile.
877 893 </loctext>
878 894 </description>
879 895 <cardinality min='1' max='1'/>
880 896 </prop_pattern>
881 897 <prop_pattern name='project' type='astring'
882 898 required='false'>
883 899 <description>
884 900 <loctext xml:lang='C'>
885 901 The project ID in numeric or text form. :default can be used as a token to indicate a project identified by getdefaultproj(3PROJECT) for the user whose uid is used to launch the method.
886 902 </loctext>
887 903 </description>
888 904 <cardinality min='1' max='1'/>
889 905 </prop_pattern>
890 906 <prop_pattern name='resource_pool' type='astring'
891 907 required='false'>
892 908 <common_name>
893 909 <loctext xml:lang='C'>
894 910 method context resource pool
895 911 </loctext>
896 912 </common_name>
|
↓ open down ↓ |
134 lines elided |
↑ open up ↑ |
897 913 <description>
898 914 <loctext xml:lang='C'>
899 915 The resource pool name on which to launch the method. :default can be used
900 916 as a token to indicate the pool specified in the project(4) entry given in
901 917 the project attribute.
902 918 </loctext>
903 919 </description>
904 920 <cardinality min='1' max='1'/>
905 921 </prop_pattern>
906 922
923 + <prop_pattern name='security_flags' type='astring'
924 + required='false'>
925 + <common_name>
926 + <loctext xml:lang='C'>
927 +method credential security flags
928 + </loctext>
929 + </common_name>
930 + <description>
931 + <loctext xml:lang='C'>
932 +An optional string specifying the security flags as defined in security-flags(5).
933 + </loctext>
934 + </description>
935 + <cardinality min='1' max='1'/>
936 + <internal_separators>,</internal_separators>
937 + </prop_pattern>
938 +
907 939 <!-- method_credential properties -->
908 940 <prop_pattern name='user' type='astring'
909 941 required='false'>
910 942 <common_name>
911 943 <loctext xml:lang='C'>
912 944 method credential user
913 945 </loctext>
914 946 </common_name>
915 947 <description>
916 948 <loctext xml:lang='C'>
917 949 The user ID in numeric or text form.
918 950 </loctext>
919 951 </description>
920 952 <cardinality min='1' max='1'/>
921 953 </prop_pattern>
922 954 <prop_pattern name='group' type='astring'
923 955 required='false'>
924 956 <common_name>
925 957 <loctext xml:lang='C'>
926 958 method credential group
927 959 </loctext>
928 960 </common_name>
929 961 <description>
930 962 <loctext xml:lang='C'>
931 963 The group ID in numeric or text form.
932 964 </loctext>
933 965 </description>
934 966 <cardinality min='1' max='1'/>
935 967 </prop_pattern>
936 968 <prop_pattern name='supp_groups' type='astring'
937 969 required='false'>
938 970 <common_name>
939 971 <loctext xml:lang='C'>
940 972 method credential supplemental groups
941 973 </loctext>
942 974 </common_name>
943 975 <description>
944 976 <loctext xml:lang='C'>
945 977 An optional string that specifies the supplemental group memberships by ID,
946 978 in numeric or text form.
947 979 </loctext>
948 980 </description>
949 981 <cardinality min='1' max='1'/>
950 982 <internal_separators>,</internal_separators>
951 983 </prop_pattern>
952 984 <prop_pattern name='privileges' type='astring'
953 985 required='false'>
954 986 <common_name>
955 987 <loctext xml:lang='C'>
956 988 method credential privileges
957 989 </loctext>
958 990 </common_name>
959 991 <description>
960 992 <loctext xml:lang='C'>
961 993 An optional string specifying the privilege set as defined in privileges(5).
962 994 </loctext>
963 995 </description>
964 996 <cardinality min='1' max='1'/>
965 997 <internal_separators>,</internal_separators>
966 998 </prop_pattern>
967 999 <prop_pattern name='limit_privileges' type='astring'
968 1000 required='false'>
969 1001 <common_name>
970 1002 <loctext xml:lang='C'>
971 1003 method credential limit privilege set
972 1004 </loctext>
973 1005 </common_name>
974 1006 <description>
975 1007 <loctext xml:lang='C'>
976 1008 An optional string specifying the limit privilege set as defined in
977 1009 privileges(5).
978 1010 </loctext>
979 1011 </description>
980 1012 <cardinality min='1' max='1'/>
981 1013 <internal_separators>,</internal_separators>
982 1014 </prop_pattern>
983 1015
984 1016 <!-- method_profile properties -->
985 1017 <prop_pattern name='use_profile' type='boolean'
986 1018 required='false'>
987 1019 <description>
988 1020 <loctext xml:lang='C'>
|
↓ open down ↓ |
72 lines elided |
↑ open up ↑ |
989 1021 A boolean that specifies whether the profile should be used instead of the
990 1022 user, group, privileges, and limit_privileges properties.
991 1023 </loctext>
992 1024 </description>
993 1025 <cardinality min='1' max='1'/>
994 1026 </prop_pattern>
995 1027 <prop_pattern name='profile' type='astring'
996 1028 required='false'>
997 1029 <common_name>
998 1030 <loctext xml:lang='C'>
999 -method profile RBAC profile specification
1031 +method profile RBAC profile specification
1000 1032 </loctext>
1001 1033 </common_name>
1002 1034 <description>
1003 1035 <loctext xml:lang='C'>
1004 1036 The name of an RBAC (role-based access control) profile which, along with the
1005 1037 method executable, identifies an entry in exec_attr(4).
1006 1038 </loctext>
1007 1039 </description>
1008 1040 <cardinality min='1' max='1'/>
1009 1041 </prop_pattern>
1010 1042
1011 1043 <!-- method_environment properties -->
1012 1044 <prop_pattern name='environment' type='astring'
1013 1045 required='false'>
1014 1046 <common_name>
1015 1047 <loctext xml:lang='C'>
1016 1048 method environment variables
1017 1049 </loctext>
1018 1050 </common_name>
1019 1051 <description>
1020 1052 <loctext xml:lang='C'>
1021 1053 Environment variables to insert into the environment of the method, in the
1022 1054 form of a number of NAME=value strings.
1023 1055 </loctext>
1024 1056 </description>
1025 1057 </prop_pattern>
1026 1058 </pg_pattern>
1027 1059
1028 1060 <pg_pattern name='refresh' type='method' target='delegate'
1029 1061 required='false'>
1030 1062 <description>
1031 1063 <loctext xml:lang='C'>
1032 1064 The refresh method defines how svc.startd should upload new configuration to the service without interrupting its operation.
1033 1065 </loctext>
1034 1066 </description>
1035 1067 <prop_pattern name='exec' type='astring'
1036 1068 required='true'>
1037 1069 <common_name>
1038 1070 <loctext xml:lang='C'>
1039 1071 method executable
1040 1072 </loctext>
1041 1073 </common_name>
1042 1074 <description>
1043 1075 <loctext xml:lang='C'>
1044 1076 The method executable may be a script, program, or keyword.
1045 1077 </loctext>
1046 1078 </description>
1047 1079 <cardinality min='1' max='1'/>
1048 1080 <values>
1049 1081 <value name=':true'>
1050 1082 <description>
1051 1083 <loctext xml:lang='C'>
1052 1084 Always returns SMF_EXIT_OK.
1053 1085 </loctext>
1054 1086 </description>
1055 1087 </value>
1056 1088 <value name=':kill [-signal]'>
1057 1089 <description>
1058 1090 <loctext xml:lang='C'>
1059 1091 Sends the specified signal, which is SIGTERM by default, to all processes in the primary instance contract. Always returns SMF_EXIT_OK. This token should be used to replace common kill -HUP invocations.
1060 1092 </loctext>
1061 1093 </description>
1062 1094 </value>
1063 1095 </values>
1064 1096 <choices>
1065 1097 <include_values type='values'/>
1066 1098 </choices>
1067 1099 </prop_pattern>
1068 1100
1069 1101 <prop_pattern name='type' type='astring'
1070 1102 required='true'>
1071 1103 <description>
1072 1104 <loctext xml:lang='C'>
1073 1105 A method may only be of type method.
1074 1106 </loctext>
1075 1107 </description>
1076 1108 <cardinality min='1' max='1'/>
1077 1109 <constraints>
1078 1110 <value name="method"/>
1079 1111 </constraints>
1080 1112 </prop_pattern>
1081 1113
1082 1114 <prop_pattern name='timeout_seconds' type='count'
1083 1115 required='true'>
1084 1116 <description>
1085 1117 <loctext xml:lang='C'>
1086 1118 Number of seconds before the method is considered unresponsive. After the method timeout expires, the method will be killed.
1087 1119 </loctext>
1088 1120 </description>
1089 1121 <cardinality min='1' max='1'/>
1090 1122 <values>
1091 1123 <value name="0">
1092 1124 <common_name>
1093 1125 <loctext xml:lang='C'>
1094 1126 infinite
1095 1127 </loctext>
1096 1128 </common_name>
1097 1129 <description>
1098 1130 <loctext xml:lang='C'>
1099 1131 This method will never time out.
1100 1132 </loctext>
1101 1133 </description>
1102 1134 </value>
1103 1135 <value name="-1">
1104 1136 <common_name>
1105 1137 <loctext xml:lang='C'>
1106 1138 infinite (legacy)
1107 1139 </loctext>
1108 1140 </common_name>
1109 1141 <description>
1110 1142 <loctext xml:lang='C'>
1111 1143 This method will never time out. 0 is the preferred value.
1112 1144 </loctext>
1113 1145 </description>
1114 1146 </value>
1115 1147 </values>
1116 1148 </prop_pattern>
1117 1149
1118 1150 <!-- method_context direct properties -->
1119 1151 <prop_pattern name='working_directory' type='astring'
1120 1152 required='false'>
1121 1153 <description>
1122 1154 <loctext xml:lang='C'>
1123 1155 The working directory to launch the method from. ":default" can be used as a token to indicate the home directory of the user specified by the credential or profile.
1124 1156 </loctext>
1125 1157 </description>
1126 1158 <cardinality min='1' max='1'/>
1127 1159 </prop_pattern>
1128 1160 <prop_pattern name='project' type='astring'
1129 1161 required='false'>
1130 1162 <description>
1131 1163 <loctext xml:lang='C'>
1132 1164 The project ID in numeric or text form. :default can be used as a token to indicate a project identified by getdefaultproj(3PROJECT) for the user whose uid is used to launch the method.
1133 1165 </loctext>
1134 1166 </description>
1135 1167 <cardinality min='1' max='1'/>
1136 1168 </prop_pattern>
1137 1169 <prop_pattern name='resource_pool' type='astring'
1138 1170 required='false'>
1139 1171 <common_name>
1140 1172 <loctext xml:lang='C'>
1141 1173 method context resource pool
1142 1174 </loctext>
|
↓ open down ↓ |
133 lines elided |
↑ open up ↑ |
1143 1175 </common_name>
1144 1176 <description>
1145 1177 <loctext xml:lang='C'>
1146 1178 The resource pool name on which to launch the method. :default can be used
1147 1179 as a token to indicate the pool specified in the project(4) entry given in
1148 1180 the project attribute.
1149 1181 </loctext>
1150 1182 </description>
1151 1183 <cardinality min='1' max='1'/>
1152 1184 </prop_pattern>
1185 + <prop_pattern name='security_flags' type='astring'
1186 + required='false'>
1187 + <common_name>
1188 + <loctext xml:lang='C'>
1189 +method security flags
1190 + </loctext>
1191 + </common_name>
1192 + <description>
1193 + <loctext xml:lang='C'>
1194 +An optional string specifying the security flags as defined in security-flags(5).
1195 + </loctext>
1196 + </description>
1197 + <cardinality min='1' max='1'/>
1198 + <internal_separators>,</internal_separators>
1199 + </prop_pattern>
1153 1200
1154 1201 <!-- method_credential properties -->
1155 1202 <prop_pattern name='user' type='astring'
1156 1203 required='false'>
1157 1204 <common_name>
1158 1205 <loctext xml:lang='C'>
1159 1206 method credential user
1160 1207 </loctext>
1161 1208 </common_name>
1162 1209 <description>
1163 1210 <loctext xml:lang='C'>
1164 1211 The user ID in numeric or text form.
1165 1212 </loctext>
1166 1213 </description>
1167 1214 <cardinality min='1' max='1'/>
1168 1215 </prop_pattern>
1169 1216 <prop_pattern name='group' type='astring'
1170 1217 required='false'>
1171 1218 <common_name>
1172 1219 <loctext xml:lang='C'>
1173 1220 method credential group
1174 1221 </loctext>
1175 1222 </common_name>
1176 1223 <description>
1177 1224 <loctext xml:lang='C'>
1178 1225 The group ID in numeric or text form.
1179 1226 </loctext>
1180 1227 </description>
1181 1228 <cardinality min='1' max='1'/>
1182 1229 </prop_pattern>
1183 1230 <prop_pattern name='supp_groups' type='astring'
1184 1231 required='false'>
1185 1232 <common_name>
1186 1233 <loctext xml:lang='C'>
1187 1234 method credential supplemental groups
1188 1235 </loctext>
1189 1236 </common_name>
1190 1237 <description>
1191 1238 <loctext xml:lang='C'>
1192 1239 An optional string that specifies the supplemental group memberships by ID,
1193 1240 in numeric or text form.
1194 1241 </loctext>
1195 1242 </description>
1196 1243 <cardinality min='1' max='1'/>
1197 1244 <internal_separators>,</internal_separators>
1198 1245 </prop_pattern>
1199 1246 <prop_pattern name='privileges' type='astring'
1200 1247 required='false'>
1201 1248 <common_name>
1202 1249 <loctext xml:lang='C'>
1203 1250 method credential privileges
1204 1251 </loctext>
1205 1252 </common_name>
1206 1253 <description>
1207 1254 <loctext xml:lang='C'>
1208 1255 An optional string specifying the privilege set as defined in privileges(5).
1209 1256 </loctext>
1210 1257 </description>
1211 1258 <cardinality min='1' max='1'/>
1212 1259 <internal_separators>,</internal_separators>
1213 1260 </prop_pattern>
1214 1261 <prop_pattern name='limit_privileges' type='astring'
1215 1262 required='false'>
1216 1263 <common_name>
1217 1264 <loctext xml:lang='C'>
1218 1265 method credential limit privilege set
1219 1266 </loctext>
1220 1267 </common_name>
1221 1268 <description>
1222 1269 <loctext xml:lang='C'>
1223 1270 An optional string specifying the limit privilege set as defined in
1224 1271 privileges(5).
1225 1272 </loctext>
1226 1273 </description>
1227 1274 <cardinality min='1' max='1'/>
1228 1275 <internal_separators>,</internal_separators>
1229 1276 </prop_pattern>
1230 1277
1231 1278 <!-- method_profile properties -->
1232 1279 <prop_pattern name='use_profile' type='boolean'
1233 1280 required='false'>
1234 1281 <description>
1235 1282 <loctext xml:lang='C'>
|
↓ open down ↓ |
73 lines elided |
↑ open up ↑ |
1236 1283 A boolean that specifies whether the profile should be used instead of the
1237 1284 user, group, privileges, and limit_privileges properties.
1238 1285 </loctext>
1239 1286 </description>
1240 1287 <cardinality min='1' max='1'/>
1241 1288 </prop_pattern>
1242 1289 <prop_pattern name='profile' type='astring'
1243 1290 required='false'>
1244 1291 <common_name>
1245 1292 <loctext xml:lang='C'>
1246 -method profile RBAC profile specification
1293 +method profile RBAC profile specification
1247 1294 </loctext>
1248 1295 </common_name>
1249 1296 <description>
1250 1297 <loctext xml:lang='C'>
1251 1298 The name of an RBAC (role-based access control) profile which, along with the
1252 1299 method executable, identifies an entry in exec_attr(4).
1253 1300 </loctext>
1254 1301 </description>
1255 1302 <cardinality min='1' max='1'/>
1256 1303 </prop_pattern>
1257 1304
1258 1305 <!-- method_environment properties -->
1259 1306 <prop_pattern name='environment' type='astring'
1260 1307 required='false'>
1261 1308 <common_name>
1262 1309 <loctext xml:lang='C'>
1263 1310 method environment variables
1264 1311 </loctext>
1265 1312 </common_name>
1266 1313 <description>
1267 1314 <loctext xml:lang='C'>
1268 1315 Environment variables to insert into the environment of the method, in the
1269 1316 form of a number of NAME=value strings.
1270 1317 </loctext>
1271 1318 </description>
1272 1319 </prop_pattern>
1273 1320 </pg_pattern>
1274 1321
1275 1322 </template>
1276 1323 </service>
1277 1324
1278 1325 </service_bundle>
|
↓ open down ↓ |
22 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX