Merge from head@274682

5 files changed, 177 insertions, 39 deletions

diff --git a/share/man/man7/Makefile b/share/man/man7/Makefile
index 9dcaad9..65f30d7 100644
--- a/share/man/man7/Makefile
+++ b/share/man/man7/Makefile
@@ -1,7 +1,7 @@
 #	@(#)Makefile	8.1 (Berkeley) 6/5/93
 # $FreeBSD$
 
-.include <bsd.own.mk>
+.include <src.opts.mk>
 
 #MISSING: eqnchar.7 ms.7 term.7
 MAN=	adding_user.7 \
@@ -14,6 +14,7 @@ MAN=	adding_user.7 \
 	environ.7 \
 	ffs.7 \
 	firewall.7 \
+	growfs.7 \
 	hier.7 \
 	hostname.7 \
 	intro.7 \
@@ -37,4 +38,15 @@ MLINKS+= c99.7 c78.7
 MLINKS+= c99.7 c89.7
 MLINKS+= c99.7 c90.7
 
+.if ${MK_TESTS} != "no"
+ATF=	${.CURDIR}/../../../contrib/atf
+.PATH:	${ATF}/doc
+MAN+=	atf.7
+
+CLEANFILES+= atf.7
+atf.7: atf.7.in
+	sed -e 's,__DOCDIR__,/usr/share/doc/atf,g' \
+	    <"${ATF}/doc/atf.7.in" >atf.7
+.endif
+
 .include <bsd.prog.mk>
diff --git a/share/man/man7/growfs.7 b/share/man/man7/growfs.7
new file mode 100644
index 0000000..697305e
--- /dev/null
+++ b/share/man/man7/growfs.7
@@ -0,0 +1,64 @@
+.\" Copyright 2014 John-Mark Gurney
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd November 1, 2014
+.Dt GROWFS 7
+.Os
+.Sh NAME
+.Nm growfs
+.Nd start up script to grow the root file-system.
+.Sh DESCRIPTION
+The following options in
+.Pa /etc/rc.conf
+control the behavior of
+.Nm :
+.Bl -tag -width ".Va growfs_enable" -offset indent
+.It Va growfs_enable
+.Pq Dq Li NO
+If set to
+.Dq Li YES ,
+the first time the machine boots, the root file-system will be automatically
+expanded, if possible, to fill up all available space after it.
+.El
+.Pp
+To expand the root file-system with-out rebooting, run the following command:
+.Dl % /etc/rc.d/growfs onestart
+.Sh IMPLEMENTATION NOTES
+The script requires that
+.Pa awk
+be present and on the path.
+This usually means that
+.Pa /usr
+should be mounted prior to running the script.
+.Sh FILES
+.Pa /etc/rc.conf
+.Sh EXIT STATUS
+.Ex -std
+.Sh SEE ALSO
+.Xr rc.conf 5
+.Sh AUTHORS
+The man page and script were written by
+.An John-Mark Gurney Aq Mt jmg@FreeBSD.org .
diff --git a/share/man/man7/hier.7 b/share/man/man7/hier.7
index 782517c..76d4f62 100644
--- a/share/man/man7/hier.7
+++ b/share/man/man7/hier.7
@@ -28,7 +28,7 @@
 .\"	@(#)hier.7	8.1 (Berkeley) 6/5/93
 .\" $FreeBSD$
 .\"
-.Dd July 25, 2014
+.Dd November 10, 2014
 .Dt HIER 7
 .Os
 .Sh NAME
@@ -48,13 +48,25 @@ programs and configuration files used during operating system bootstrap
 .It Pa defaults/
 default bootstrapping configuration files; see
 .Xr loader.conf 5
+.It Pa dtb/
+Compiled flattened device tree (FDT) files; see
+.Xr fdt 4 
+and
+.Xr dtc 1
+.It Pa firmware/
+Loadable modules containing binary firmware for hardware that needs
+firmware downloaded to it to function
 .It Pa kernel/
 pure kernel executable (the operating system loaded into memory
-at boot time).
+at boot time)
 .It Pa modules/
 third-party loadable kernel modules;
 see
 .Xr kldstat 8
+.It Pa zfs/
+Contains 
+.Xr zfs 8 
+zpool cache files.
 .El
 .It Pa /cdrom/
 default mount point for CD-ROM drives
@@ -368,6 +380,8 @@ shared libraries for compatibility
 .It Pa aout/
 a.out backward compatibility libraries
 .El
+.It Pa debug/
+standalone debug data for the base system libraries and binaries
 .It Pa dtrace/
 DTrace library scripts
 .It Pa engines/
@@ -633,6 +647,26 @@ timezone configuration information;
 see
 .Xr tzfile 5
 .El
+.It Pa vt/
+files used by vt;
+see
+.Xr vt 4
+.Bl -tag -width ".Pa scrnmaps/" -compact
+.It Pa fonts/
+console fonts;
+see
+.Xr vidcontrol 1
+and
+.Xr vidfont 1
+.It Pa keymaps/
+console keyboard maps;
+see
+.Xr kbdcontrol 1
+and
+.Xr kbdmap 1
+.\" .It Pa scrnmaps/
+.\" console screen maps
+.El
 .It Pa src/
 .Bx ,
 third-party, and/or local source files
diff --git a/share/man/man7/release.7 b/share/man/man7/release.7
index 8fc75f3..93aec89 100644
--- a/share/man/man7/release.7
+++ b/share/man/man7/release.7
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd April 11, 2014
+.Dd October 2, 2014
 .Dt RELEASE 7
 .Os
 .Sh NAME
@@ -351,6 +351,61 @@ Set to the target directory within
 to check out
 .Va ${UBOOTSRC}/${UBOOTBRANCH} .
 .El
+.Sh VIRTUAL MACHINE DISK IMAGES
+The following
+.Fa release.conf
+variables are relevant only to virtual machine disk image builds:
+.Bl -tag -width Ev
+.It Va WITH_VMIMAGES
+Set to a non-null value to build virtual machine disk images as part
+of the release build.
+.Va WITH_VMIMAGES
+may also be specified as an envirionment variable passed to
+.Xr make 1 .
+.Pp
+The option requires
+.Xr mkimg 1
+version 20140927 or later.
+.It Va WITH_COMPRESSED_VMIMAGES
+Set to a non-null value to compress the virtual machine disk images with
+.Xr xz 1
+as part of the
+.Cm install
+.Xr make 1
+target.
+Note that compressing virtual machine disk images may take a very long
+time on some systems.
+.It Va VMBASE
+Set to change the name of the resulting virtual machine disk image file.
+The default value is
+.Va vm .
+.It Va VMSIZE
+Set to change the size of the virtual machine disk capacity.
+The default value is
+.Va 20G .
+See
+.Xr truncate 1
+for valid values.
+.Pp
+Virtual machine disk images are, by default, created as sparse images.
+When
+.Va WITH_COMPRESSED_VMIMAGES
+is used, the resulting files compressed with
+.Xr xz 1
+compress to roughly the same size, regardless of the specified disk image
+size.
+.It Va VMFORMATS
+Set to the target virtual disk image format(s) to create.
+By default, the
+.Va vhdf , Va vmdk , Va qcow2 ,
+and
+.Va raw
+formats are created.
+See
+.Xr mkimg 1
+for valid format values
+.Pq requires version 20140927 or later .
+.El
 .Sh MAKEFILE TARGETS
 The release makefile
 .Pq Pa src/release/Makefile
@@ -407,6 +462,14 @@ Creates a directory named
 .Pa ftp
 containing the distribution files used in network installations
 and suitable for upload to an FTP mirror.
+.It Cm vm-image
+Creates virtual machine disk images in various formats.
+The
+.Cm vm-image
+target requires the
+.Va WITH_VMIMAGES
+.Xr make 1
+envirionment variable to be set to a non-null value.
 .El
 .Pp
 Major subtargets called by targets above:
diff --git a/share/man/man7/security.7 b/share/man/man7/security.7
index d51eea2..d84e4a2 100644
--- a/share/man/man7/security.7
+++ b/share/man/man7/security.7
@@ -894,41 +894,6 @@ A competent sysadmin will turn off all
 of these
 .Xr inetd 8 Ns -internal
 test services.
-.Pp
-Spoofed packet attacks may also be used to overload the kernel route cache.
-Refer to the
-.Va net.inet.ip.rtexpire , net.inet.ip.rtminexpire ,
-and
-.Va net.inet.ip.rtmaxcache
-.Xr sysctl 8
-variables.
-A spoofed packet attack that uses a random source IP will cause
-the kernel to generate a temporary cached route in the route table, viewable
-with
-.Dq Li "netstat -rna | fgrep W3" .
-These routes typically timeout in 1600
-seconds or so.
-If the kernel detects that the cached route table has gotten
-too big it will dynamically reduce the
-.Va rtexpire
-but will never decrease it to
-less than
-.Va rtminexpire .
-There are two problems: (1) The kernel does not react
-quickly enough when a lightly loaded server is suddenly attacked, and (2) The
-.Va rtminexpire
-is not low enough for the kernel to survive a sustained attack.
-If your servers are connected to the internet via a T3 or better it may be
-prudent to manually override both
-.Va rtexpire
-and
-.Va rtminexpire
-via
-.Xr sysctl 8 .
-Never set either parameter to zero
-(unless you want to crash the machine :-)).
-Setting both parameters to 2 seconds should be sufficient to protect the route
-table from attack.
 .Sh ACCESS ISSUES WITH KERBEROS AND SSH
 There are a few issues with both Kerberos and SSH that need to be addressed
 if you intend to use them.