MFC r306605:
init was there in UNIX from V1
http://minnie.tuhs.org/cgi-bin/utree.pl?file=V1/init.s

PR: 212503
Approved by: bcr (mentor)
Differential Revision: https://reviews.freebsd.org/D8105

MFC r285847:

Add missing SIGUSR1 description.

Sponsored by: The FreeBSD Foundation

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

mdoc: terminate quoted strings.

Reviewed by: brueffer

Make init(8) slightly more robust when /dev/console is missing.

If the environment doesn't offer a working /dev/console, the existing
version of init(8) will simply refuse running rc(8) scripts. This means
you'll only have a system running init(8) and nothing else.

Change the code to do the following:

- Open /dev/console like we used to do, but make it more robust to use
O_NONBLOCK to prevent blocking on a carrier.
- If this fails, use /dev/null as stdin and /var/log/init.log as stdout
and stderr.
- If even this fails, use /dev/null as stdin, stdout and stderr.

So why us this useful? Well, if you remove the `getpid() == 1' check in
main(), you can now use init(8) inside jails to properly execute rc(8).
It still requires some polishing, as existing tools assume init(8) has
PID 1.

Also it is now possible to use use init(8) on `headless' devices that
don't even have a serial boot console.

Move utmpx handling out of init(8).

This has the following advantages:

- During boot, the BOOT_TIME record is now written right after the file
systems become writable, but before users are allowed to log in. This
means that they can't cause `hidden logins' by logging in right before
init(8) kicks in.

- The pututxline(3) function may potentially block on file locking,
though this is very rare to occur. By placing it in an rc script, the
user can still kill it with ^C if needed.

- Most importantly: jails don't use init(8). This means that a force
reboot of a system running jails will leave stale entries in the
accounting database of the jails individually.

- change "is is" to "is" or "it is"
- change "the the" to "the"

Approved by: lstewart
Approved by: sahil (mentor)
MFC after: 3 days

init(8): Document that login(1) is now responsible for recording logouts.

init(8) only uses utmpx for recording reboots and shutdowns.

Remove stale references to utmp(5) and its corresponding filenames.

I removed utmp and its manpage, but not other manpages referring to it.

Fix typo: effected -> affected

Submitted by: Gordon Stratton <tsr2600 (at) gmail (dot) com>

-mdoc sweep.

Fix system shutdown timeout handling by again supporting longer running
shutdown procedures (which have a duration of more than 120 seconds).

We have two user-space affecting shutdown timeouts: a "soft" one in
/etc/rc.shutdown and a "hard" one in init(8). The first one can be
configured via /etc/rc.conf variable "rcshutdown_timeout" and defaults
to 30 seconds. The second one was originally (in 1998) intended to be
configured via sysctl(8) variable "kern.shutdown_timeout" and defaults
to 120 seconds.

Unfortunately, the "kern.shutdown_timeout" was declared "unused" in 1999
(as it obviously is actually not used within the kernel itself) and
hence was intentionally but misleadingly removed in revision 1.107 from
init_main.c. Kernel sysctl(8) variables are certainly a wrong way to
control user-space processes in general, but in this particular case the
sysctl(8) variable should have remained as it supports init(8), which
isn't passed command line flags (which in turn could have been set via
/etc/rc.conf), etc.

As there is already a similar "kern.init_path" sysctl(8) variable which
directly affects init(8), resurrect the init(8) shutdown timeout under
sysctl(8) variable "kern.init_shutdown_timeout". But this time document
it as being intentionally unused within the kernel and used by init(8).
Also document it in the manpages init(8) and rc.conf(5).

Reviewed by: phk
MFC after: 2 weeks

Moved descriptions of securelevels from init(7) to security(7).

Files used both "securelevel" and either "secure level" or
"security level"; all are now "security level".

PR: docs/84266
Submitted by: garys
Approved by: keramida
MFC after: 3 days

Sort sections.

Add references to pf(4) and pfctl(8) at the description of
securelevel = 3.

PR: docs/69417
Submitted by: Janos Mohacsi (mohacsi(at)niif(dot)hu)

Mechanically kill hard sentence breaks.

Assorted markup, grammar, and spelling fixes.

Remove advertising clause from University of California Regent's license,
per letter dated July 22, 1999.

Approved by: core, imp

Mention that securelevel 1 also blocks access to /dev/io if it
exists (not all platforms have it).

- Add some information about how init, securelevel, and jails
interact with each other.
- Minor markup fix (.Dq -> .Va for a variable)

Reviewed by: rwatson
Approved by: blackend (mentor)

Add section number to .Xr

There are 5 securelevels, not 4.

PR: docs/50049
Submitted by: Colin Percival <cperciva@sfu.ca>

mdoc(7) police: markup laundry.

s/filesystem/file system/g as discussed on -developers

can not -> cannot.

The .Nm utility

mdoc(7) police: protect trailing full stops of abbreviations
with a trailing zero-width space: `e.g.\&'.

mdoc(7) police:

Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.

Remove whitespace at EOL.

mdoc(7) police: removed HISTORY info from the .Os call.

Back out most of revision 1.28: lists of diagnostics must use -diag,
not -tag. Instead, put a period after the error messages to aide
those using dumb terminals not capable of properly displaying markup.

Requested by: ru

Make the list in the DIAGNOSTICS section "-tag" instead of "-diag":
the former makes it more obvious as to there the error message starts
and the explanation begins.

PR: 26431

Prepare for mdoc(7)NG.

Explicitly document the fact that securelevel > 0 means that kernel modules
may not be (un)loaded.

PR: 23350
Submitted by: Gordon Tetlow <gordont@bluemtn.net>

mdoc(7) police: use the new features of the Nm macro.

Improve the clarification of the handling of the securelevel.

Submitted by: bde

Clarify the handling of the securelevel.

PR: 20974

Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.

Document that securelevel >= 2 clamps time changes to at most one second.

PR: docs/14449
Submitted by: James FitzGibbon <james@targetnet.com>

Correct the ttys.5 and init.8 manpages with respect to the incorrect
assumption that only getty processes can be managed. Describe the
SysV-like ability to keep arbitrary long-running processes alive
using a non-device first field in /etc/ttys.

PR: 12767
Submitted by: Peter Jeremy <peter.jeremy@alcatel.com.au>

FreeBSD kernel doesn't allow any process to decrease securelevel. So,
init(8) cannot decrease securelevel. The manual page explains this
and single_user() doesn't try to downgrade kernel to insecure mode.

Reviewed by: bde (manual page)

$Id$ -> $FreeBSD$

"Cannot" is one word. "Can not" has a different meaning if taken
literally.

Turn System V command line syntax ``on'' by default.

Requested by: peter
Reviewed by: des, billf

Bring in System V run-level patches (turned off by default).
While I'm here, fix some typos in the manpage.

Requested by: des

Init(8) will halt the system if sent USR1 signal,
or halt and turn the power off if sent SIGUSR2.

PR: 5451
Submitted by: Leif Neland <leifn@image.dk>
Reworked by: ru
Reviewed by: -hackers

Mention securelevel 3 as affecting ipfw and dummynet. Generalize comment
about fdisk and securelevel 2.
PR: docs/7785

Correct .Nm use. Add rcsid. Use min for minutes instead of mn.

Fixes per PR 2850:
(a) Note that the default securelevel value is -1, in -current and -stable.
(b) Mention kernel sysctl variable that controls securelevel.
(c) Add warning the `fsck' will fail if securelevel >= 2.
(d) Suggest end of /etc/rc as the right place to raise securelevel.

and one spelling fix.

PR: 2850

Add /etc/rc.shutdown capability to init.
Add sample /etc/rc.shutdown (which is just a shell for now).
Submitted by: Ollivier Robert <roberto@keltia.freenix.fr>

Be more specific as to which flags may not be turned off when the
system is running in secure mode.

Obtained from: NetBSD PR# 3299

Revert $FreeBSD$ to $Id$

typo

Make the long-awaited change from $Id$ to $FreeBSD$

This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.

Sort cross references.

Rewrote the section about the "normal" setting of the security level to
match reality.

Say that secured devices `may not be opened for writing' instead of
`are read-only'.

Correct some man page xrefs, and some other minor changes to bring some
man pages up to mdoc guidelines and fix some minor formatting glitches.
Also fixed a number of man pages to not abuse the .Xr macro to
display functions and path names and a lot of other junk.

Bring in my changes from the 1.1 init.bsdi which causes a reboot (was a
halt before) if init is sent an interrupt signal. This is necessary
for <CTL><ALT><DEL> to do the right thing if enabled.

This commit was generated by cvs2svn to compensate for changes in r1558,
which included commits to RCS files with non-trunk default branches.

BSD 4.4 Lite sbin Sources

Note: XNSrouted and routed NOT imported here, they shall be imported with
usr.sbin.