Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/svc/milestone/global.xml
+++ new/usr/src/cmd/svc/milestone/global.xml
1 1 <?xml version="1.0"?>
2 2 <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
3 3 <!--
4 4 Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
5 5 Copyright 2016 Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
6 6
7 7 CDDL HEADER START
8 8
9 9 The contents of this file are subject to the terms of the
10 10 Common Development and Distribution License (the "License").
11 11 You may not use this file except in compliance with the License.
12 12
13 13 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
14 14 or http://www.opensolaris.org/os/licensing.
15 15 See the License for the specific language governing permissions
16 16 and limitations under the License.
17 17
18 18 When distributing Covered Code, include this CDDL HEADER in each
19 19 file and include the License file at usr/src/OPENSOLARIS.LICENSE.
20 20 If applicable, add the following below this CDDL HEADER, with the
21 21 fields enclosed by brackets "[]" replaced with your own identifying
22 22 information: Portions Copyright [yyyy] [name of copyright owner]
23 23
24 24 CDDL HEADER END
25 25
26 26 NOTE: This service manifest is not editable; its contents will
27 27 be overwritten by package or patch operations, including
28 28 operating system upgrade. Make customizations in a different
29 29 file.
30 30 -->
31 31
32 32 <service_bundle type='manifest' name='SUNWcsr:global'>
33 33
34 34 <service
35 35 name='system/svc/global'
36 36 type='service'
37 37 version='1'>
38 38
39 39 <!--
40 40 There's no running configuration to manage here. However,
41 41 this service stores the system-wide definitions for
42 42 templates.
43 43 -->
44 44
45 45 <create_default_instance enabled='false' />
46 46
47 47 <single_instance/>
48 48
49 49 <exec_method
50 50 type='method'
51 51 name='start'
52 52 exec=':true'
53 53 timeout_seconds='0' />
54 54
55 55 <exec_method
56 56 type='method'
57 57 name='stop'
58 58 exec=':true'
59 59 timeout_seconds='0' />
60 60
61 61 <stability value='Unstable' />
62 62
63 63 <template>
64 64 <common_name>
65 65 <loctext xml:lang='C'>
66 66 system-wide configuration definitions
67 67 </loctext>
68 68 </common_name>
69 69 <documentation>
70 70 <manpage title='smf' section='5'
71 71 manpath='/usr/share/man' />
72 72 <manpage title='smf_template' section='5'
73 73 manpath='/usr/share/man' />
74 74 </documentation>
75 75
76 76 <pg_pattern name='general' type='framework'
77 77 target='all' required='true'>
78 78 <description>
79 79 <loctext xml:lang='C'>
80 80 Basic information about a service instance which is supplied by the service author, sometimes modified by the administrator, and consumed by SMF and the service's restarter.
81 81 </loctext>
82 82 </description>
83 83 <prop_pattern name='enabled' type='boolean'
84 84 required='true'>
85 85 <description>
86 86 <loctext xml:lang='C'>
87 87 The service instance is expected to be started once all of its dependencies are satisfied. If this property is not defined, the restarter will not be notified about this service instance.
88 88 </loctext>
89 89 </description>
90 90 <cardinality min='1' max='1'/>
91 91 </prop_pattern>
92 92 <prop_pattern name='restarter' type='fmri'
93 93 required='false'>
94 94 <description>
95 95 <loctext xml:lang='C'>
96 96 The restarter responsible for managing this service instance. If the property is unset, the default restarter, svc.startd, is assumed.
97 97 </loctext>
98 98 </description>
99 99 <cardinality min='1' max='1'/>
100 100 </prop_pattern>
101 101 <prop_pattern name='single_instance' type='boolean'
102 102 required='false'>
103 103 <description>
104 104 <loctext xml:lang='C'>
105 105 Only one instance of this service may be run. This property is currently unenforced, but will be at some point in the future.
106 106 </loctext>
107 107 </description>
108 108 <cardinality min='1' max='1'/>
109 109 </prop_pattern>
110 110 </pg_pattern>
111 111
112 112 <pg_pattern type='dependency' target='all' required='false'>
113 113 <description>
114 114 <loctext xml:lang='C'>
115 115 A dependency declares a required condition for a service instance to start or stay running. It is defined by the service author and consumed by SMF.
116 116 </loctext>
117 117 </description>
118 118 <prop_pattern name='entities' type='fmri'
119 119 required='true'>
120 120 <description>
121 121 <loctext xml:lang='C'>
122 122 The services, service instances, or files used to calculate this dependency.
123 123 </loctext>
124 124 </description>
125 125 <cardinality min='1'/>
126 126 </prop_pattern>
127 127 <prop_pattern name='external' type='boolean'>
128 128 <description>
129 129 <loctext xml:lang='C'>
130 130 This dependency was declared by the service defined in entities. It will be removed only when that service is deleted.
131 131 </loctext>
132 132 </description>
133 133 <visibility value='readonly'/>
134 134 <cardinality min='1' max='1'/>
135 135 </prop_pattern>
136 136 <prop_pattern name='grouping' type='astring'
137 137 required='true'>
138 138 <description>
139 139 <loctext xml:lang='C'>
140 140 How to decide whether this dependency is satisfied.
141 141 </loctext>
142 142 </description>
143 143 <cardinality min='1' max='1'/>
144 144 <constraints>
145 145 <value name='require_all'>
146 146 <description>
147 147 <loctext xml:lang='C'>
148 148 Satisfied when all cited services are running (online or degraded), or when all indicated files are present.
149 149 </loctext>
150 150 </description>
151 151 </value>
152 152 <value name='require_any'>
153 153 <description>
154 154 <loctext xml:lang='C'>
155 155 Satisfied when one of the cited services is running (online or degraded), or when at least one of the indicated files is present.
156 156 </loctext>
157 157 </description>
158 158 </value>
159 159 <value name='optional_all'>
160 160 <description>
161 161 <loctext xml:lang='C'>
162 162 Satisfied if the cited services are running (online or degraded) or will not run without administrative action (disabled, maintenance, not present, or offline waiting for dependencies which will not start without administrative action).
163 163
164 164 </loctext>
165 165 </description>
166 166 </value>
167 167 <value name='exclude_all'>
168 168 <description>
169 169 <loctext xml:lang='C'>
170 170 Satisfied when all of the cited services are disabled, in the maintenance state, or when cited services or files are not present.
171 171 </loctext>
172 172 </description>
173 173 </value>
174 174 </constraints>
175 175 <choices>
176 176 <include_values type='constraints'/>
177 177 </choices>
178 178 </prop_pattern>
179 179 <prop_pattern name='restart_on' type='astring'
180 180 required='true'>
181 181 <description>
182 182 <loctext xml:lang='C'>
183 183 Determines whether to restart the service due to a dependency refresh, restart, or failure.
184 184 </loctext>
185 185 </description>
186 186 <cardinality min='1' max='1'/>
187 187 <constraints>
188 188 <value name='none'>
189 189 <description>
190 190 <loctext xml:lang='C'>
191 191 Never restart due to dependency refresh, restart, or failure.
192 192 </loctext>
193 193 </description>
194 194 </value>
195 195 <value name='error'>
196 196 <description>
197 197 <loctext xml:lang='C'>
198 198 Restart only if the dependency encounters an error, such as an uncorrectable hardware error, or a software error such as a core dump.
199 199 </loctext>
200 200 </description>
201 201 </value>
202 202 <value name='restart'>
203 203 <description>
204 204 <loctext xml:lang='C'>
205 205 Restart if the dependency encounters an error or is explicitly restarted.
206 206 </loctext>
207 207 </description>
208 208 </value>
209 209 <value name='refresh'>
210 210 <description>
211 211 <loctext xml:lang='C'>
212 212 Restart if the dependency encounters an error, is explicitly restarted, or explicitly refreshed.
213 213 </loctext>
214 214 </description>
215 215 </value>
216 216 </constraints>
217 217 <choices>
218 218 <include_values type='constraints'/>
219 219 </choices>
220 220 </prop_pattern>
221 221 <prop_pattern name='type' type='astring'
222 222 required='true'>
223 223 <description>
224 224 <loctext xml:lang='C'>
225 225 The type of the dependency: service or file.
226 226 </loctext>
227 227 </description>
228 228 <cardinality min='1' max='1'/>
229 229 <constraints>
230 230 <value name='service'>
231 231 <description>
232 232 <loctext xml:lang='C'>
233 233 Depend on services or instances.
234 234 </loctext>
235 235 </description>
236 236 </value>
237 237 <value name='path'>
238 238 <description>
239 239 <loctext xml:lang='C'>
240 240 Depend on the existance of a file path.
241 241 </loctext>
242 242 </description>
243 243 </value>
244 244 </constraints>
245 245 <choices>
246 246 <include_values type='constraints'/>
247 247 </choices>
248 248 </prop_pattern>
249 249 </pg_pattern>
250 250
251 251 <pg_pattern type='template_pg_pattern' target='all'
252 252 required='false'>
253 253 <description>
254 254 <loctext xml:lang='C'>
255 255 Template data about property groups. This information is provided in the manifest by the service author and should not be modified directly.
256 256 </loctext>
257 257 </description>
258 258
259 259 <prop_pattern name='name' type='astring'
260 260 required='false'>
261 261 <description>
262 262 <loctext xml:lang='C'>
263 263 Optional name of a property group which is described by this template. No name means the name is wildcarded.
264 264 </loctext>
265 265 </description>
266 266 <visibility value='hidden'/>
267 267 <cardinality min='1' max='1'/>
268 268 </prop_pattern>
269 269 <prop_pattern name='type' type='astring'
270 270 required='false'>
271 271 <description>
272 272 <loctext xml:lang='C'>
273 273 Optional type of property groups which are described by this template. No type means that the type is wildcarded.
274 274 </loctext>
275 275 </description>
276 276 <visibility value='hidden'/>
277 277 <cardinality min='1' max='1'/>
278 278 </prop_pattern>
279 279 <prop_pattern name='required' type='boolean'
280 280 required='false'>
281 281 <description>
282 282 <loctext xml:lang='C'>
283 283 If true, entities without a property group which matches this pattern are considered invalid.
284 284 </loctext>
285 285 </description>
286 286 <visibility value='hidden'/>
287 287 <cardinality min='1' max='1'/>
288 288 </prop_pattern>
289 289 <prop_pattern name='target' type='astring'
290 290 required='false'>
291 291 <description>
292 292 <loctext xml:lang='C'>
293 293 The services or service instances to which this template should be applied.
294 294 </loctext>
295 295 </description>
296 296 <visibility value='hidden'/>
297 297 <cardinality min='1' max='1'/>
298 298 <constraints>
299 299 <value name='this'>
300 300 <description>
301 301 <loctext xml:lang='C'>
302 302 The service or instance on which the property group resides.
303 303 </loctext>
304 304 </description>
305 305 </value>
306 306 <value name='instance'>
307 307 <description>
308 308 <loctext xml:lang='C'>
309 309 This instance, or any instance of this service.
310 310 </loctext>
311 311 </description>
312 312 </value>
313 313 <value name='delegate'>
314 314 <description>
315 315 <loctext xml:lang='C'>
316 316 All instances which currently define this service as their restarter.
317 317 </loctext>
318 318 </description>
319 319 </value>
320 320 <value name='all'>
321 321 <description>
322 322 <loctext xml:lang='C'>
323 323 All services and instances on the system. "all" may only be set on the global service.
324 324 </loctext>
325 325 </description>
326 326 </value>
327 327 </constraints>
328 328 </prop_pattern>
329 329 </pg_pattern>
330 330
331 331 <pg_pattern type='template_prop_pattern' target='all'
332 332 required='false'>
333 333 <description>
334 334 <loctext xml:lang='C'>
335 335 Template data about properties. This information is provided in the manifest by the service author and should not be modified directly.
336 336 </loctext>
337 337 </description>
338 338 <prop_pattern name='name' type='astring'
339 339 required='true'>
340 340 <description>
341 341 <loctext xml:lang='C'>
342 342 Name of property this template applies to.
343 343 </loctext>
344 344 </description>
345 345 <visibility value='hidden'/>
346 346 <cardinality min='1' max='1'/>
347 347 </prop_pattern>
348 348 <prop_pattern name='pg_pattern' type='astring'
349 349 required='true'>
350 350 <description>
351 351 <loctext xml:lang='C'>
352 352 Name of property group that describes the enclosing property group pattern.
353 353 </loctext>
354 354 </description>
355 355 <visibility value='hidden'/>
356 356 <cardinality min='1' max='1'/>
357 357 </prop_pattern>
358 358 <prop_pattern name='required' type='boolean'
359 359 required='false'>
360 360 <description>
361 361 <loctext xml:lang='C'>
362 362 Defines whether a property matched by this template is required.
363 363 </loctext>
364 364 </description>
365 365 <visibility value='hidden'/>
366 366 <cardinality min='1' max='1'/>
367 367 </prop_pattern>
368 368 <prop_pattern name='type' type='astring'
369 369 required='false'>
370 370 <description>
371 371 <loctext xml:lang='C'>
372 372 The type that a property which this template refers to should be.
373 373 </loctext>
374 374 </description>
375 375 <visibility value='hidden'/>
376 376 <cardinality min='1' max='1'/>
377 377 </prop_pattern>
378 378 <prop_pattern name='visibility' type='astring'
379 379 required='false'>
380 380 <description>
381 381 <loctext xml:lang='C'>
382 382 The visibility of this property, which is readwrite by default. Visibility is only a cue to the user interface, and will not be explicitly enforced by SMF.
383 383 </loctext>
384 384 </description>
385 385 <visibility value='hidden'/>
386 386 <cardinality min='1' max='1'/>
387 387 <constraints>
388 388 <value name='hidden'>
389 389 <description>
390 390 <loctext xml:lang='C'>
391 391 Hidden in default user interface views.
392 392 </loctext>
393 393 </description>
394 394 </value>
395 395 <value name='readonly'>
396 396 <description>
397 397 <loctext xml:lang='C'>
398 398 Expected to be read only in most user interfaces.
399 399 </loctext>
400 400 </description>
401 401 </value>
402 402 <value name='readwrite'>
403 403 <description>
404 404 <loctext xml:lang='C'>
405 405 Expected to be manipulated in many user interfaces.
406 406 </loctext>
407 407 </description>
408 408 </value>
409 409 </constraints>
410 410 </prop_pattern>
411 411 <prop_pattern name='cardinality_min' type='count'
412 412 required='false'>
413 413 <description>
414 414 <loctext xml:lang='C'>
415 415 Minimum number of required values.
416 416 </loctext>
417 417 </description>
418 418 <cardinality min='1' max='1'/>
419 419 </prop_pattern>
420 420 <prop_pattern name='cardinality_max' type='count'
421 421 required='false'>
422 422 <description>
423 423 <loctext xml:lang='C'>
424 424 Maximum number of required values.
425 425 </loctext>
426 426 </description>
427 427 <visibility value='hidden'/>
428 428 <cardinality min='1' max='1'/>
429 429 </prop_pattern>
430 430 <prop_pattern name='internal_separators' type='astring'
431 431 required='false'>
432 432 <description>
433 433 <loctext xml:lang='C'>
434 434 List of separator characters for values.
435 435 </loctext>
436 436 </description>
437 437 <visibility value='hidden'/>
438 438 <cardinality min='1'/>
439 439 </prop_pattern>
440 440 <prop_pattern name='constraint_name' type='astring'
441 441 required='false'>
442 442 <description>
443 443 <loctext xml:lang='C'>
444 444 Values the property is expected to be constrained to.
445 445 </loctext>
446 446 </description>
447 447 <visibility value='hidden'/>
448 448 <cardinality min='1'/>
449 449 </prop_pattern>
450 450 <prop_pattern name='constraint_range' type='astring'
451 451 required='false'>
452 452 <description>
453 453 <loctext xml:lang='C'>
454 454 Ranges the property is expected to be constrained to.
455 455 </loctext>
456 456 </description>
457 457 <visibility value='hidden'/>
458 458 <cardinality min='1'/>
459 459 <internal_separators>,</internal_separators>
460 460 </prop_pattern>
461 461 <prop_pattern name='choices_range' type='astring'
462 462 required='false'>
463 463 <description>
464 464 <loctext xml:lang='C'>
465 465 Ranges a user should be offered as a choice for this property.
466 466 </loctext>
467 467 </description>
468 468 <visibility value='hidden'/>
469 469 <cardinality min='1'/>
470 470 <internal_separators>,</internal_separators>
471 471 </prop_pattern>
472 472 <prop_pattern name='choices_name' type='astring'
473 473 required='false'>
474 474 <description>
475 475 <loctext xml:lang='C'>
476 476 Values a users should be offered as a choice for this property.
477 477 </loctext>
478 478 </description>
479 479 <visibility value='hidden'/>
480 480 <cardinality min='1'/>
481 481 </prop_pattern>
482 482 <prop_pattern name='choices_include_values'
483 483 type='astring' required='false'>
484 484 <description>
485 485 <loctext xml:lang='C'>
486 486 Whether the choices should include the defined constraints or values.
487 487 </loctext>
488 488 </description>
489 489 <visibility value='hidden'/>
490 490 <cardinality min='1' max='1'/>
491 491 <constraints>
492 492 <value name='constraints'>
493 493 <description>
494 494 <loctext xml:lang='C'>
495 495 Include all defined constraints as choices.
496 496 </loctext>
497 497 </description>
498 498 </value>
499 499 <value name='values'>
500 500 <description>
501 501 <loctext xml:lang='C'>
502 502 Include all defined values as choices.
503 503 </loctext>
504 504 </description>
505 505 </value>
506 506 </constraints>
507 507 </prop_pattern>
508 508 </pg_pattern>
509 509
510 510 <pg_pattern name='method_context' type='framework'
511 511 target='all' required='false'>
512 512 <description>
513 513 <loctext xml:lang='C'>
514 514 Specifies the default execution context for all service methods. It is defined by the service author, may be augmented by an administrator, and is consumed by the service's restarter.
515 515 </loctext>
516 516 </description>
517 517
518 518 <!-- method_context direct properties -->
519 519 <prop_pattern name='working_directory' type='astring'
520 520 required='false'>
521 521 <description>
522 522 <loctext xml:lang='C'>
523 523 The working directory to launch the method from. ":default" can be used as a token to indicate the home directory of the user specified by the credential or profile.
524 524 </loctext>
525 525 </description>
526 526 <cardinality min='1' max='1'/>
527 527 </prop_pattern>
528 528 <prop_pattern name='project' type='astring'
529 529 required='false'>
530 530 <description>
531 531 <loctext xml:lang='C'>
532 532 The project ID in numeric or text form. ":default" can be used as a token to indicate a project identified by getdefaultproj(3PROJECT) for the user whose uid is used to launch the method.
533 533 </loctext>
534 534 </description>
535 535 <cardinality min='1' max='1'/>
536 536 </prop_pattern>
537 537 <prop_pattern name='resource_pool' type='astring'
|
↓ open down ↓ |
537 lines elided |
↑ open up ↑ |
538 538 required='false'>
539 539 <description>
540 540 <loctext xml:lang='C'>
541 541 The resource pool name in which to launch the method. ":default" can be used
542 542 as a token to indicate the pool specified in the project(4) entry given in
543 543 the project attribute.
544 544 </loctext>
545 545 </description>
546 546 <cardinality min='1' max='1'/>
547 547 </prop_pattern>
548 + <prop_pattern name='security_flags' type='astring'
549 + required='false'>
550 + <description>
551 + <loctext xml:lang='C'>
552 +An optional string specifying the security flags as defined in security-flags(5).
553 + </loctext>
554 + </description>
555 + <cardinality min='1' max='1'/>
556 + </prop_pattern>
548 557
549 558 <!-- method_credential properties -->
550 559 <prop_pattern name='user' type='astring'
551 560 required='false'>
552 561 <description>
553 562 <loctext xml:lang='C'>
554 563 The user ID in numeric or text form.
555 564 </loctext>
556 565 </description>
557 566 <cardinality min='1' max='1'/>
558 567 </prop_pattern>
559 568 <prop_pattern name='group' type='astring'
560 569 required='false'>
561 570 <description>
562 571 <loctext xml:lang='C'>
563 572 The group ID in numeric or text form.
564 573 </loctext>
565 574 </description>
566 575 <cardinality min='1' max='1'/>
567 576 </prop_pattern>
568 577 <prop_pattern name='supp_groups' type='astring'
569 578 required='false'>
570 579 <description>
571 580 <loctext xml:lang='C'>
572 581 An optional string that specifies the supplemental group memberships by ID,
573 582 in numeric or text form.
574 583 </loctext>
575 584 </description>
576 585 <cardinality min='1' max='1'/>
577 586 </prop_pattern>
578 587 <prop_pattern name='privileges' type='astring'
579 588 required='false'>
580 589 <description>
581 590 <loctext xml:lang='C'>
582 591 An optional string specifying the privilege set as defined in privileges(5).
583 592 </loctext>
584 593 </description>
585 594 <cardinality min='1' max='1'/>
586 595 </prop_pattern>
587 596 <prop_pattern name='limit_privileges' type='astring'
588 597 required='false'>
589 598 <description>
590 599 <loctext xml:lang='C'>
591 600 An optional string specifying the limit privilege set as defined in
592 601 privileges(5).
593 602 </loctext>
594 603 </description>
595 604 <cardinality min='1' max='1'/>
596 605 </prop_pattern>
597 606
598 607 <!-- method_profile properties -->
599 608 <prop_pattern name='use_profile' type='boolean'
600 609 required='false'>
601 610 <description>
602 611 <loctext xml:lang='C'>
603 612 A boolean that specifies whether the profile should be used instead of the
604 613 user, group, privileges, and limit_privileges properties.
605 614 </loctext>
606 615 </description>
607 616 <cardinality min='1' max='1'/>
608 617 </prop_pattern>
609 618 <prop_pattern name='profile' type='astring'
610 619 required='false'>
611 620 <description>
612 621 <loctext xml:lang='C'>
613 622 The name of an RBAC (role-based access control) profile which, along with the
614 623 method executable, identifies an entry in exec_attr(4).
615 624 </loctext>
616 625 </description>
617 626 <cardinality min='1' max='1'/>
618 627 </prop_pattern>
619 628 </pg_pattern>
620 629
621 630 <pg_pattern name='firewall_context'
622 631 type='com.sun,fw_definition' target='all' required='false'>
623 632 <common_name>
624 633 <loctext xml:lang='C'>
625 634 Static definition
626 635 </loctext>
627 636 </common_name>
628 637 <description>
629 638 <loctext xml:lang='C'>
630 639 Service static network and firewall definition.
631 640 </loctext>
632 641 </description>
633 642 <prop_pattern name='name' type='astring'
634 643 required='false'>
635 644 <common_name>
636 645 <loctext xml:lang='C'>
637 646 Service name
638 647 </loctext>
639 648 </common_name>
640 649 <description>
641 650 <loctext xml:lang='C'>
642 651 IANA name or RPC name for non-inetd service, equivalent to inetd/name property. For RPC services, the value of this property is not an IANA name but is either an RPC program number or name, see rpc(4).
643 652 </loctext>
644 653 </description>
645 654 </prop_pattern>
646 655 <prop_pattern name='isrpc' type='boolean'
647 656 required='false'>
648 657 <common_name>
649 658 <loctext xml:lang='C'>
650 659 RPC service
651 660 </loctext>
652 661 </common_name>
|
↓ open down ↓ |
95 lines elided |
↑ open up ↑ |
653 662 <description>
654 663 <loctext xml:lang='C'>
655 664 A boolean property where a "true" value indicates an RPC service, equivalent to inetd/isrpc property.
656 665 </loctext>
657 666 </description>
658 667 </prop_pattern>
659 668 <prop_pattern name='ipf_method' type='astring'
660 669 required='false'>
661 670 <common_name>
662 671 <loctext xml:lang='C'>
663 -Custom firewall script
672 +Custom firewall script
664 673 </loctext>
665 674 </common_name>
666 675 <description>
667 676 <loctext xml:lang='C'>
668 677 A script that generates ipf rules for a service. Services that require custom IPfilter configuration can use this mechanism to generate and supply their own ipf rules. The firewall framework does not generate rules for services that has this property definition but expect these services to provide their own rules.
669 678 </loctext>
670 679 </description>
671 680 </prop_pattern> </pg_pattern>
672 681
673 682 <pg_pattern name='firewall_config'
674 683 type='com.sun,fw_configuration' target='all'
675 684 required='false'>
676 685 <common_name>
677 686 <loctext xml:lang='C'>
678 687 Firewall configuration
679 688 </loctext>
680 689 </common_name>
681 690 <description>
682 691 <loctext xml:lang='C'>
683 692 Service firewall configuration.
684 693 </loctext>
685 694 </description>
686 695 <prop_pattern name='policy' type='astring'
687 696 required='true'>
688 697 <common_name>
689 698 <loctext xml:lang='C'>
690 699 Firewall policy
691 700 </loctext>
692 701 </common_name>
693 702 <description>
694 703 <loctext xml:lang='C'>
695 704 Service firewall policy.
696 705 </loctext>
697 706 </description>
698 707 <visibility value='readwrite'/>
699 708 <cardinality min='1' max='1'/>
700 709 <values>
701 710 <value name='use_global'>
702 711 <description>
703 712 <loctext xml:lang='C'>
704 713 Apply Global Default policy, specified in network/ipfilter for the service. This is the default value.
705 714 </loctext>
706 715 </description>
707 716 </value>
708 717 <value name='none'>
709 718 <description>
710 719 <loctext xml:lang='C'>
711 720 No firewall (allow all).
712 721 </loctext>
713 722 </description>
714 723 </value>
715 724 <value name='deny'>
716 725 <description>
717 726 <loctext xml:lang='C'>
718 727 Deny access to entities specified in 'apply_to' property.
719 728 </loctext>
720 729 </description>
721 730 </value>
722 731 <value name='allow'>
723 732 <description>
724 733 <loctext xml:lang='C'>
725 734 Allow access to entities specified in 'apply_to' property.
726 735 </loctext>
727 736 </description>
728 737 </value>
729 738 </values>
730 739 <choices>
731 740 <include_values type='values'/>
732 741 </choices>
733 742 </prop_pattern>
734 743 <prop_pattern name='block_policy' type='astring'
735 744 required='false'>
736 745 <common_name>
737 746 <loctext xml:lang='C'>
738 747 Firewall block policy
739 748 </loctext>
740 749 </common_name>
741 750 <description>
742 751 <loctext xml:lang='C'>
743 752 Service firewall block policy.
744 753 </loctext>
745 754 </description>
746 755 <visibility value='readwrite'/>
747 756 <cardinality min='1' max='1'/>
748 757 <values>
749 758 <value name='use_global'>
750 759 <description>
751 760 <loctext xml:lang='C'>
752 761 Apply Global Default block policy, specified in network/ipfilter for the service. This is the default value.
753 762 </loctext>
754 763 </description>
755 764 </value>
756 765 <value name='none'>
757 766 <description>
758 767 <loctext xml:lang='C'>
759 768 Block by dropping packets.
760 769 </loctext>
761 770 </description>
762 771 </value>
763 772 <value name='return'>
764 773 <description>
765 774 <loctext xml:lang='C'>
766 775 Block by returning RST or ICMP messages.
767 776 </loctext>
768 777 </description>
769 778 </value>
770 779 </values>
771 780 <choices>
772 781 <include_values type='values'/>
773 782 </choices>
774 783 </prop_pattern>
775 784 <prop_pattern name="apply_to" type="astring"
776 785 required="false">
777 786 <common_name>
778 787 <loctext xml:lang='C'>
779 788 Apply policy to
780 789 </loctext>
781 790 </common_name>
782 791 <description>
783 792 <loctext xml:lang="C">
784 793 The source host and network IPv4 addresses, incoming network interfaces, and ippools to deny if the policy is set to deny, or accept if the policy is set to accept.
785 794 </loctext>
786 795 </description>
787 796 </prop_pattern>
788 797 <prop_pattern name="apply_to_6" type="astring"
789 798 required="false">
790 799 <common_name>
791 800 <loctext xml:lang='C'>
792 801 Apply policy to
793 802 </loctext>
794 803 </common_name>
795 804 <description>
796 805 <loctext xml:lang="C">
797 806 The source host and network IPv6 addresses, incoming network interfaces, and ippools to deny if the policy is set to deny, or accept if the policy is set to accept.
798 807 </loctext>
799 808 </description>
800 809 </prop_pattern>
801 810 <prop_pattern name="exceptions" type="astring"
802 811 required="false">
803 812 <common_name>
804 813 <loctext xml:lang='C'>
805 814 Make exceptions to
806 815 </loctext>
807 816 </common_name>
808 817 <description>
809 818 <loctext xml:lang="C">
810 819 The source host and network IPv4 addresses, incoming network interfaces, and ippools to exempt from the set policy. That is, those to accept if the policy is set to deny, or to deny if the policy is set to accept.
811 820 </loctext>
812 821 </description>
813 822 </prop_pattern>
814 823 <prop_pattern name="exceptions_6" type="astring"
815 824 required="false">
816 825 <common_name>
817 826 <loctext xml:lang='C'>
818 827 Make exceptions to
819 828 </loctext>
820 829 </common_name>
821 830 <description>
822 831 <loctext xml:lang="C">
823 832 The source host and network IPv6 addressess, incoming network interfaces, and ippools to exempt from the set policy. That is, those to accept if the policy is set to deny, or to deny if the policy is set to accept.
824 833 </loctext>
825 834 </description>
826 835 </prop_pattern>
827 836 <prop_pattern name="target" type="astring"
828 837 required="false">
829 838 <common_name>
830 839 <loctext xml:lang='C'>
831 840 Apply policy to
832 841 </loctext>
833 842 </common_name>
834 843 <description>
835 844 <loctext xml:lang="C">
836 845 The destination host and network IPv4 addresses, and ippools to deny if the policy is set to deny, or accept if the policy is set to accept.
837 846 </loctext>
838 847 </description>
839 848 </prop_pattern>
840 849 <prop_pattern name="target6" type="astring"
841 850 required="false">
842 851 <common_name>
843 852 <loctext xml:lang='C'>
844 853 Apply policy to
845 854 </loctext>
846 855 </common_name>
847 856 <description>
848 857 <loctext xml:lang="C">
849 858 The destination host and network IPv6 addresses, and ippools to deny if the policy is set to deny, or accept if the policy is set to accept.
850 859 </loctext>
851 860 </description>
852 861 </prop_pattern>
853 862 </pg_pattern>
854 863 <pg_pattern type='notify_params' target='all' required='false'>
855 864 <common_name>
856 865 <loctext xml:lang='C'>
857 866 FMA and SMF notification parameters
858 867 </loctext>
859 868 </common_name>
860 869 <description>
861 870 <loctext xml:lang='C'>
862 871 Parameters for notification of FMA events and SMF state transitions.
863 872 </loctext>
864 873 </description>
865 874 <prop_pattern name='smtp,active' type='boolean'
866 875 required='false'>
867 876 <common_name>
868 877 <loctext xml:lang='C'>
869 878 smtp notification active
870 879 </loctext>
871 880 </common_name>
872 881 <description>
873 882 <loctext xml:lang='C'>
874 883 Notifcation mechanism smtp active status.
875 884 </loctext>
876 885 </description>
877 886 </prop_pattern>
878 887 <prop_pattern name='smtp,to' type='astring'
879 888 required='false'>
880 889 <common_name>
881 890 <loctext xml:lang='C'>
882 891 smtp notification recipient
883 892 </loctext>
884 893 </common_name>
885 894 <description>
886 895 <loctext xml:lang='C'>
887 896 Recipient for smtp notification mechanism.
888 897 </loctext>
889 898 </description>
890 899 </prop_pattern>
891 900 <prop_pattern name='smtp,reply-to' type='astring'
892 901 required='false'>
893 902 <common_name>
894 903 <loctext xml:lang='C'>
895 904 smtp notification reply-to
896 905 </loctext>
897 906 </common_name>
898 907 <description>
899 908 <loctext xml:lang='C'>
900 909 Header reply-to for smtp notification mechanism.
901 910 </loctext>
902 911 </description>
903 912 </prop_pattern>
904 913 <prop_pattern name='snmp,active' type='boolean'
905 914 required='false'>
906 915 <common_name>
907 916 <loctext xml:lang='C'>
908 917 snmp notification active
909 918 </loctext>
910 919 </common_name>
911 920 <description>
912 921 <loctext xml:lang='C'>
913 922 Notifcation mechanism snmp active status.
914 923 </loctext>
915 924 </description>
916 925 </prop_pattern>
917 926 <prop_pattern name='syslog,active' type='boolean'
918 927 required='false'>
919 928 <common_name>
920 929 <loctext xml:lang='C'>
921 930 syslog notification active
922 931 </loctext>
923 932 </common_name>
924 933 <description>
925 934 <loctext xml:lang='C'>
926 935 Notifcation mechanism syslog active status.
927 936 </loctext>
928 937 </description>
929 938 </prop_pattern>
930 939 </pg_pattern>
931 940 </template>
932 941 </service>
933 942
934 943 </service_bundle>
|
↓ open down ↓ |
261 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX