Friday, November 3, 2017

SMF service - contexts

An important SMF service metadata is the process context under which a service restarter method should be invoked. The importance spans throughout major subsystems, including security (the least-privilege principle), accounting (projects) and resource control.

For this purpose, the SMF framework provides the method_context tag together with a few sub-tags: method_credential, method_profile and method_environment.

NOTE
Note that method_credential and method_profile are mutually exclusive and that method_context must precede any method same scope.
Example:

...
 
<instance enabled="..." name="..." >

  <method_context  
   working_directory="..." 
   resource_pool="..." project="..." > 

    <!-- All attributes are optional, but see DTD. -->  
    <method_credential
     user="..." group="..." supp_groups="..."
     privileges="..." limit_privileges="..." />

    <!--
      Mutually exclusive with the above <method_credential >.
      See exec_attr(4) for some more detail on this.
    -->
    <!-- 

      <method_profile name="..." />
    -->

    <method_environment >
      <envvar name="..." value="..." />
      ...
    </method_environment >

  </method_context >
 
  <!-- Instance specific start method. --> 
  <exec_method type="method" name="start"
   exec="..." 
   timeout_seconds="..." />

  ...

</instance >

...