The current behavior when we disable an instance is to stop the instance first then notify the dependents (that have restart_on set to restart or refresh) so they can be stopped and transition to the 'offline' state. This is the correct behavior with respect to the specs of SMF states graph.
The fix for 6422793 "when running "svcadm disable" shutdown dependents before shutting down requested service" proposes to change the current behavior. That is when we disable an instance, we stop all the dependents (that have restart_on set to restart or refresh) in reverse order from which they were started and then stop the instance. The problem with the new behavior is if dependents are shutdown first, it may take arbitrarily long for the actual disabled service to be shutdown (possibly never if one dependent fails to stop and has an infinite timeout). This could break current scripts that believe that a synchronous disable should not take more than stop/timeout_seconds to complete. My proposal is *not* to change the current behavior and add a new option to "svcadm disable" to use the new behavior. The alternative is to replace the current behavior by the new one and forget about the new option. In the long term, we can also implement an "immediate disable" that uses the new behavior and kills off all methods and processes associated if disable fails after a short amount of time. I'd like to hear your comments or concerns before it's implemented. Thanks -- Renaud
