NOTES revision 1.1 
11.1SpkPOSIX and init:
21.1Spk--------------
31.1Spk
41.1SpkPOSIX.1 does not define 'init' but it mentions it in a few places.
51.1Spk
61.1SpkB.2.2.2, p205 line 873:
71.1Spk
81.1Spk	This is part of the extensive 'job control' glossary entry.
91.1Spk	This specific reference says that 'init' must by default provide
101.1Spk	protection from job control signals to jobs it starts --
111.1Spk	it sets SIGTSTP, SIGTTIN and SIGTTOU to SIG_IGN.
121.1Spk
131.1SpkB.2.2.2, p206 line 889:
141.1Spk
151.1Spk	Here is a reference to 'vhangup'.  It says, 'POSIX.1 does
161.1Spk	not specify how controlling terminal access is affected by
171.1Spk	a user logging out (that is, by a controlling process
181.1Spk	terminating).'  vhangup() is recognized as one way to handle
191.1Spk	the problem.  I'm not clear what happens in Reno; I have
201.1Spk	the impression that when the controlling process terminates,
211.1Spk	references to the controlling terminal are converted to
221.1Spk	references to a 'dead' vnode.  I don't know whether vhangup()
231.1Spk	is required.
241.1Spk
251.1SpkB.2.2.2, p206 line 921:
261.1Spk
271.1Spk	Orphaned process groups bear indirectly on this issue.  A
281.1Spk	session leader's process group is considered to be orphaned;
291.1Spk	that is, it's immune to job control signals from the terminal.
301.1Spk
311.1SpkB.2.2.2, p233 line 2055:
321.1Spk
331.1Spk	'Historically, the implementation-dependent process that
341.1Spk	inherits children whose parents have terminated without
351.1Spk	waiting on them is called "init" and has a process ID of 1.'
361.1Spk
371.1Spk	It goes on to note that it used to be the case that 'init'
381.1Spk	was responsible for sending SIGHUP to the foreground process
391.1Spk	group of a tty whose controlling process has exited, using
401.1Spk	vhangup().  It is now the responsibility of the kernel to
411.1Spk	do this when the controlling process calls _exit().  The
421.1Spk	kernel is also responsible for sending SIGCONT to stopped
431.1Spk	process groups that become orphaned.  This is like old BSD
441.1Spk	but entire process groups are signaled instead of individual
451.1Spk	processes.
461.1Spk
471.1Spk	In general it appears that the kernel now automatically
481.1Spk	takes care of orphans, relieving 'init' of any responsibility.
491.1Spk	Specifics are listed on the _exit() page (p50).
501.1Spk
511.1SpkOn setsid():
521.1Spk-----------
531.1Spk
541.1SpkIt appears that neither getty nor login call setsid(), so init must
551.1Spkdo this -- seems reasonable.  B.4.3.2 p 248 implies that this is the
561.1Spkway that 'init' should work; it says that setsid() should be called
571.1Spkafter forking.
581.1Spk
591.1SpkProcess group leaders cannot call setsid() -- another reason to
601.1Spkfork!  Of course setsid() causes the current process to become a
611.1Spkprocess group leader, so we can only call setsid() once.  Note that
621.1Spkthe controlling terminal acquires the session leader's process
631.1Spkgroup when opened.
641.1Spk
651.1SpkControlling terminals:
661.1Spk---------------------
671.1Spk
681.1SpkB.7.1.1.3 p276: 'POSIX.1 does not specify a mechanism by which to
691.1Spkallocate a controlling terminal.  This is normally done by a system
701.1Spkutility (such as 'getty') and is considered ... outside the scope
711.1Spkof POSIX.1.'  It goes on to say that historically the first open()
721.1Spkof a tty in a session sets the controlling terminal.  P130 has the
731.1Spkfull details; nothing particularly surprising.
741.1Spk
751.1SpkThe glossary p12 describes a 'controlling process' as the first
761.1Spkprocess in a session that acquires a controlling terminal.  Access
771.1Spkto the terminal from the session is revoked if the controlling
781.1Spkprocess exits (see p50, in the discussion of process termination).
791.1Spk
801.1SpkDesign notes:
811.1Spk------------
821.1Spk
831.1Spkyour generic finite state machine
841.1Spkwe are fascist about which signals we elect to receive,
851.1Spk	even signals purportedly generated by hardware
861.1Spkhandle fatal errors gracefully if possible (we reboot if we goof!!)
871.1Spk	if we get a segmentation fault etc., print a message on the console
881.1Spk	and spin for a while before rebooting
891.1Spk	(this at least decreases the amount of paper consumed :-)
901.1Spkapply hysteresis to rapidly exiting gettys
911.1Spkcheck wait status of children we reap
921.1Spk	don't wait for stopped children
931.1Spkdon't use SIGCHILD, it's too expensive
941.1Spk	but it may close windows and avoid races, sigh
951.1Spklook for EINTR in case we need to change state
961.1Spkinit is responsible for utmp and wtmp maintenance (ick)
971.1Spk	maybe now we can consider replacements?  maintain them in parallel
981.1Spk	init only removes utmp and closes out wtmp entries...
991.1Spk
1001.1Spknecessary states and state transitions (gleaned from the man page):
1011.1Spk	1: single user shell (with password checking?); on exit, go to 2
1021.1Spk	2: rc script: on exit 0, go to 3; on exit N (error), go to 1
1031.1Spk	3: read ttys file: on completion, go to 4
1041.1Spk	4: multi-user operation: on SIGTERM, go to 7; on SIGHUP, go to 5;
1051.1Spk		on SIGTSTP, go to 6
1061.1Spk	5: clean up mode (re-read ttys file, killing off controlling processes
1071.1Spk		on lines that are now 'off', starting them on lines newly 'on')
1081.1Spk		on completion, go to 4
1091.1Spk	6: boring mode (no new sessions); signals as in 4
1101.1Spk	7: death: send SIGHUP to all controlling processes, reap for 30 seconds,
1111.1Spk		then go to 1 (warn if not all processes died, i.e. wait blocks)
1121.1SpkGiven the -s flag, we start at state 1; otherwise state 2
113