145 files changed, 20590 insertions, 1383 deletions
diff --git a/usr/src/Makefile b/usr/src/Makefile
index 47afb31733..566050738b 100644
--- a/usr/src/Makefile
+++ b/usr/src/Makefile
@@ -25,7 +25,7 @@
 # Copyright 2014 Garrett D'Amore <garrett@damore.org>
 # Copyright 2015 OmniTI Computer Consulting, Inc. All rights reserved.
 # Copyright 2016 Toomas Soome <tsoome@me.com>
-# Copyright 2018 Joyent, Inc.
+# Copyright 2019 Joyent, Inc.
 # Copyright 2019 OmniOS Community Edition (OmniOSce) Association.
 #
 
@@ -143,7 +143,10 @@ clobber_local:
 
 # If the tarballs are included inside ON_CLOSED_BINS, use those to extract and
 # preserve the permissions (in case a distro ships them).
-
+#
+# intel_nhmex hard codes the use of older smbios structures. Therefore,
+# we disable its use of smbios. See OS-4435 for more information.
+#
 closedbins: bldtools $(ROOTDIRS) FRC
 	@CLOSED_ROOT="$$ON_CLOSED_BINS/root_$(MACH)$${RELEASE_BUILD+-nd}"; \
 	if [ -f "$$ON_CLOSED_BINS/on-closed-bins$${RELEASE_BUILD+-nd}.$(MACH).tar.bz2" ]; then \
@@ -163,9 +166,14 @@ closedbins: bldtools $(ROOTDIRS) FRC
 	(cd $$CLOSED_ROOT; \
 	    $(TAR) cfX - $(CODEMGR_WS)/exception_lists/closed-bins .) | \
 	    (cd $(ROOT); $(TAR) xBpf -); \
+	$(ECHO) "Stripping CTF from closed-bins in $$ROOT"; \
 	( cd $(ROOT); $(CTFSTRIP) $$(cd $$CLOSED_ROOT; $(FIND) \
 	    ./kernel ./usr/kernel ./platform/*/kernel -type f -a -perm -u+x | \
-	    $(EGREP) -vf $(CODEMGR_WS)/exception_lists/closed-bins) )
+	    $(EGREP) -vf $(CODEMGR_WS)/exception_lists/closed-bins) ); \
+	$(ECHO) "Fixing intel_nhmex.conf in $$ROOT"; \
+	(cd $(ROOT); \
+	   echo "no-smbios=1;" >> kernel/drv/intel_nhmex.conf)
+
 
 #
 # Declare what parts can be built in parallel
diff --git a/usr/src/Targetdirs b/usr/src/Targetdirs
index 7e0a37543f..7844777e24 100644
--- a/usr/src/Targetdirs
+++ b/usr/src/Targetdirs
@@ -28,7 +28,7 @@
 # Copyright 2016 Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
 # Copyright 2017 Nexenta Systems, Inc.
 # Copyright 2017 RackTop Systems.
-# Copyright (c) 2018, Joyent, Inc.
+# Copyright 2019 Joyent, Inc.
 # Copyright 2019 OmniOS Community Edition (OmniOSce) Association.
 #
 
@@ -57,6 +57,7 @@ i386_DIRS= \
 	/lib/libmvec \
 	/platform/i86pc \
 	/usr/lib/brand/bhyve \
+	/usr/lib/brand/kvm \
 	/usr/lib/brand/lx \
 	/usr/lib/brand/lx/amd64 \
 	/usr/lib/brand/lx/distros \
@@ -116,9 +117,12 @@ DIRS= \
 	/devices \
 	/devices/pseudo \
 	/etc \
+	/etc/bash \
+	/etc/bash/bash_completion.d \
 	/etc/brand  \
 	/etc/brand/solaris10  \
 	/etc/cron.d \
+	/etc/cron.d/crontabs \
 	/etc/crypto \
 	/etc/crypto/certs \
 	/etc/crypto/crls \
@@ -148,6 +152,7 @@ DIRS= \
 	/etc/hal/fdi/preprobe/20thirdparty \
 	/etc/hal/fdi/preprobe/30user \
 	/etc/ipadm \
+	/etc/ipf \
 	/etc/iscsi \
 	/etc/rpcsec	\
 	/etc/security	\
@@ -279,6 +284,9 @@ DIRS= \
 	/usr/lib/abi \
 	/usr/lib/brand \
 	/usr/lib/brand/ipkg \
+	/usr/lib/brand/jcommon \
+	/usr/lib/brand/joyent \
+	/usr/lib/brand/joyent-minimal \
 	/usr/lib/brand/labeled \
 	/usr/lib/brand/shared \
 	/usr/lib/brand/sn1 \
@@ -305,6 +313,7 @@ DIRS= \
 	/usr/lib/inet/ilb \
 	/usr/lib/krb5 \
 	/usr/lib/link_audit \
+	/usr/lib/localedef/extensions \
 	/usr/lib/lwp \
 	/usr/lib/mdb \
 	/usr/lib/mdb/kvm \
diff --git a/usr/src/boot/sys/boot/forth/joyent.menu.rc b/usr/src/boot/sys/boot/forth/joyent.menu.rc
new file mode 100644
index 0000000000..38f3b9b53f
--- /dev/null
+++ b/usr/src/boot/sys/boot/forth/joyent.menu.rc
@@ -0,0 +1,116 @@
+\ Menu.rc
+\
+\ Load required Forth modules
+include /boot/forth/version.4th
+include /boot/forth/brand.4th
+include /boot/forth/menu.4th
+include /boot/forth/menu-commands.4th
+include /boot/forth/shortcuts.4th
+
+\ Screen prep
+clear         \ clear the screen (see `screen.4th')
+print_version \ print version string (bottom-right; see `version.4th')
+draw-beastie  \ draw freebsd mascot (on right; see `beastie.4th')
+draw-brand    \ draw the FreeBSD title (top-left; see `brand.4th')
+menu-init     \ initialize the menu area (see `menu.4th')
+
+\ Initialize main menu constructs (see `menu.4th')
+\ NOTE: To use `non-ansi' variants, add `loader_color=0' to loader.conf(5)
+\ NOTE: ANSI variants can use `^' in place of literal `Esc' (ASCII 27)
+
+\
+\ MAIN MENU
+\
+
+set menuset_name1="main"
+
+set mainmenu_init[1]="init_boot"
+
+set mainmenu_caption[1]="Boot SmartOS [Enter]"
+set mainansi_caption[1]="^[1mB^[moot SmartOS ^[1m[Enter]^[m"
+set mainmenu_command[1]="boot"
+\ keycode set by init_boot
+
+set mainmenu_caption[2]="[Esc]ape to loader prompt"
+set mainmenu_command[2]="goto_prompt"
+set mainmenu_keycode[2]=27
+set mainansi_caption[2]="^[1mEsc^[mape to loader prompt"
+
+\ Enable built-in "Reboot" trailing menuitem
+\ NOTE: appears before menu_options if configured
+\
+set mainmenu_reboot
+
+\ Enable "Options:" separator. When set to a numerical value (1-8), a visual
+\ separator is inserted before that menuitem number.
+\
+set mainmenu_options=4
+
+set mainmenu_caption[4]="Configure Boot [O]ptions..."
+set mainmenu_command[4]="2 goto_menu"
+set mainmenu_keycode[4]=111
+set mainansi_caption[4]="Configure Boot ^[1mO^[mptions..."
+
+\
+\ BOOT OPTIONS MENU
+\
+
+set menuset_name2="options"
+
+set optionsmenu_caption[1]="Back to Main Menu [Backspace]"
+set optionsmenu_command[1]="1 goto_menu"
+set optionsmenu_keycode[1]=8
+set optionsansi_caption[1]="Back to Main Menu ^[1m[Backspace]^[m"
+
+set optionsmenu_options=2
+set optionsmenu_optionstext="Boot Options:"
+
+set optionsmenu_osconsole=2
+set optionsmenu_command[2]="cycle_osconsole"
+set optionsmenu_keycode[2]=99
+
+set optionsmenu_init[3]="init_verbose"
+set optionsmenu_caption[3]="[V]erbose............. Off"
+set optionstoggled_text[3]="[V]erbose............. On"
+set optionsmenu_command[3]="toggle_verbose"
+set optionsmenu_keycode[3]=118
+set optionsansi_caption[3]="^[1mV^[merbose............... ^[34;1mOff^[m"
+set optionstoggled_ansi[3]="^[1mV^[merbose............... ^[32;7mOn^[m"
+
+set optionsmenu_init[4]="init_kmdb"
+set optionsmenu_caption[4]="k[m]db................ Off"
+set optionstoggled_text[4]="k[m]db................ On"
+set optionsmenu_command[4]="toggle_kmdb"
+set optionsmenu_keycode[4]=109
+set optionsansi_caption[4]="k^[1mm^[mdb.................. ^[34;1mOff^[m"
+set optionstoggled_ansi[4]="k^[1mm^[mdb.................. ^[32;7mOn^[m"
+
+set optionsmenu_init[5]="init_debug"
+set optionsmenu_caption[5]="[D]ebug............... Off"
+set optionstoggled_text[5]="[D]ebug............... On"
+set optionsmenu_command[5]="toggle_debug"
+set optionsmenu_keycode[5]=100
+set optionsansi_caption[5]="^[1mD^[mebug................. ^[34;1mOff^[m"
+set optionstoggled_ansi[5]="^[1mD^[mebug................. ^[32;7mOn^[m"
+
+set optionsmenu_init[6]="init_rescue"
+set optionsmenu_caption[6]="[R]escue Mode......... Off"
+set optionstoggled_text[6]="[R]escue Mode......... On"
+set optionsmenu_command[6]="toggle_rescue"
+set optionsmenu_keycode[6]=114
+set optionsansi_caption[6]="^[1mR^[mescue Mode........... ^[34;1mOff^[m"
+set optionstoggled_ansi[6]="^[1mR^[mescue Mode........... ^[32;7mOn^[m"
+
+\ Enable automatic booting (add ``autoboot_delay=N'' to loader.conf(5) to
+\ customize the timeout; default is 10-seconds)
+\
+set menu_timeout_command="boot"
+
+\ Include optional elements defined in a local file
+\
+try-include /boot/menu.rc.local
+
+\ Display the main menu (see `menu.4th')
+set menuset_initial=1
+menuset-loadinitial
+menu-display
diff --git a/usr/src/boot/sys/boot/i386/loader/Makefile b/usr/src/boot/sys/boot/i386/loader/Makefile
index 2ef0849bb1..0b1b0c6198 100644
--- a/usr/src/boot/sys/boot/i386/loader/Makefile
+++ b/usr/src/boot/sys/boot/i386/loader/Makefile
@@ -12,6 +12,7 @@
 #
 # Copyright 2015 Toomas Soome <tsoome@me.com>
 # Copyright 2016 RackTop Systems.
+# Copyright 2019 Joyent, Inc.
 #
 
 include $(SRC)/Makefile.master
@@ -178,6 +179,11 @@ $(ROOT_BOOT)/%: ../../forth/% $(ROOT_BOOT)
 $(ROOT_BOOT_DEFAULTS)/%: ../../forth/% $(ROOT_BOOT_DEFAULTS)
 	$(INS.file)
 
+$(ROOT_BOOT_FORTH)/menu.rc: ../../forth/joyent.menu.rc $(ROOT_BOOT_FORTH)
+	$(RM) $@; \
+	$(INS) -s -m $(FILEMODE) -f $(@D) ../../forth/joyent.menu.rc; \
+	$(MV) $(@D)/joyent.menu.rc $@
+
 $(ROOT_BOOT_FORTH)/%: ../../forth/% $(ROOT_BOOT_FORTH)
 	$(INS.file)
 
diff --git a/usr/src/cmd/Adm/sun/Makefile b/usr/src/cmd/Adm/sun/Makefile
index db3cd6c931..e249952dcc 100644
--- a/usr/src/cmd/Adm/sun/Makefile
+++ b/usr/src/cmd/Adm/sun/Makefile
@@ -21,9 +21,11 @@
 #
 # Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
 # Copyright 2010 Nexenta Systems, Inc.  All rights reserved.
+# Copyright 2019 Joyent, Inc.
 #
 
-ETCFILES= ioctl.syscon passwd shadow motd
+ETCGENFILES=motd issue
+ETCFILES= ioctl.syscon passwd shadow $(ETCGENFILES)
 FTPDFILES= ftpusers
 KVMFILES= README
 SMBFILES= smbpasswd
@@ -39,41 +41,32 @@ FILEMODE= 0644
 
 ROOTETCFTPUSERSLINK= $(ROOTETC)/ftpusers
 
-$(ROOTETC)/shadow 	:=	FILEMODE =	400
+$(ROOTETC)/shadow	:=	FILEMODE =	400
 $(ROOTVARSMB)/smbpasswd :=	FILEMODE =	0400
 
 
 .KEEP_STATE:
 
-$(ROOTETCFTPUSERSLINK):	$(ROOTETCFTPDFILES)
-	$(RM) $@; $(SYMLINK) ftpd/ftpusers $@
-
 all: $(ETCFILES) $(KVMFILES) $(SMBFILES) $(FTPDFILES)
 
 install: all $(ROOTETCFILES) $(ROOTETCFTPDFILES) $(ROOTUSRKVMFILES) $(ROOTVARSMBFILES) $(ROOTETCFTPUSERSLINK)
 
 clean:
-	$(RM) $(ROOTETCFTPUSERSLINK)
+	$(RM) $(ROOTETCFTPUSERSLINK) $(ETCGENFILES) $(SMBFILES)
 
-lint:
+clobber: clean
 
-clobber:
+$(ROOTETCFTPUSERSLINK):	$(ROOTETCFTPDFILES)
+	$(RM) $@; $(SYMLINK) ftpd/ftpusers $@
 
-motd:	FRC
+motd:	$(ROOT)/buildstamp
 	@-$(ECHO) "rebuilding motd"
-	@$(RELEASE_BUILD)-$(ECHO) "The Illumos Project\tSunOS $(RELEASE)\t$(VERSION)\t$(RELEASE_DATE)" > motd
-	@$(NOT_RELEASE_BUILD)-$(ECHO) "The Illumos Project\tSunOS $(RELEASE)\t$(VERSION)\t`date +'%h. %d, %Y'`" > motd
-	@$(NOT_RELEASE_BUILD)-$(ECHO) $(DEV_CM) | sed -e "s/@(#)//" >> motd
-	@-$(CAT) release_info >> motd
+	@$(ECHO) "SmartOS (build: $$(cat $(ROOT)/buildstamp))" >$@
+
+issue: issue.in $(ROOT)/buildstamp
+	sed "s+build: 00000000T000000Z+$$(cat $(ROOT)/buildstamp)+" issue.in >$@
 
 smbpasswd:
 	$(TOUCH) smbpasswd
 
-clean:
-
-lint:
-
-clobber:
-	$(RM) motd smbpasswd
-
 FRC:
diff --git a/usr/src/cmd/Adm/sun/issue.in b/usr/src/cmd/Adm/sun/issue.in
new file mode 100644
index 0000000000..d9957b7a0d
--- /dev/null
+++ b/usr/src/cmd/Adm/sun/issue.in
@@ -0,0 +1,14 @@
+
+
+         [37m[1m*[31m--[0m[31m+--[37m[1m*[0m[33m--[37m[1m*[0m
+         [31m|[1m\[0m [31m|[0m[31m\ |[33m\ [1m|\[0m      J O Y E N T
+         [31m| [1m\[0m[31m|[0m [31m\| [33m\[1m| \[0m     [37;47m#####[0m  [37;47m####[0m   [37;47m#[0m  [37;47m#####[0m  [37;47m###[0m   [37;47m#[0m   [37;47m#[0m TM
+         [31m+--[1m[37m*[31m--+[0m[33m--[1m[37m*[33m--[37m*[0m      [37;47m#[0m    [37;47m#[0m   [37;47m#[0m  [37;47m#[0m    [37;47m#[0m   [37;47m#[0m   [37;47m#[0m  [37;47m##[0m  [37;47m#[0m
+         [37m|[31m\ |\ |\ [33m|[1m\ |[0m      [37;47m#[0m    [37;47m####[0m   [37;47m#[0m    [37;47m#[0m   [37;47m#[0m   [37;47m#[0m  [37;47m#[0m [37;47m#[0m [37;47m#[0m
+         [37m| [31m\| \| \[33m| [1m\|[0m      [37;47m#[0m    [37;47m#[0m  [37;47m#[0m   [37;47m#[0m    [37;47m#[0m   [37;47m#[0m   [37;47m#[0m  [37;47m#[0m  [37;47m##[0m
+         [37m[1m*[0m[37m--+[31m--+[33m--+[1m--+[0m      [37;47m#[0m    [37;47m#[0m   [37;47m#[0m  [37;47m#[0m    [37;47m#[0m    [37;47m###[0m   [37;47m#[0m   [37;47m#[0m
+          [37m[1m\ |[0m[34m\ |\ |[1m\ |[0m
+           [37m[1m\| [0m[34m\| \| [1m\|[0m     [1;37mSmartOS[0m
+            [37m[1m*--+[0m[34m--[37m[1m*[34m--[37m*[0m      build: 00000000T000000Z
+
+
diff --git a/usr/src/cmd/auditd/auditd.xml b/usr/src/cmd/auditd/auditd.xml
index 88632647f5..ac0600c9e1 100644
--- a/usr/src/cmd/auditd/auditd.xml
+++ b/usr/src/cmd/auditd/auditd.xml
@@ -142,7 +142,7 @@
 	-->
 	<property_group name='preselection' type='application'>
 		<propval name='flags' type='astring'
-			value='lo' />
+			value='lo,ex' />
 		<propval name='naflags' type='astring'
 			value='lo' />
 		<propval name='read_authorization' type='astring'
@@ -188,7 +188,7 @@
 		<propval name='arge' type='boolean'
 			value='false' />
 		<propval name='argv' type='boolean'
-			value='false' />
+			value='true' />
 		<propval name='cnt' type='boolean'
 			value='true' />
 		<propval name='group' type='boolean'
@@ -196,7 +196,7 @@
 		<propval name='path' type='boolean'
 			value='false' />
 		<propval name='perzone' type='boolean'
-			value='false' />
+			value='true' />
 		<propval name='public' type='boolean'
 			value='false' />
 		<propval name='seq' type='boolean'
diff --git a/usr/src/cmd/cmd-crypto/etc/pkcs11.conf b/usr/src/cmd/cmd-crypto/etc/pkcs11.conf
index 2b8971a85e..835e61f777 100644
--- a/usr/src/cmd/cmd-crypto/etc/pkcs11.conf
+++ b/usr/src/cmd/cmd-crypto/etc/pkcs11.conf
@@ -20,6 +20,7 @@
 #
 # Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
+# Copyright 2011 Joyent, Inc.  All rights reserved.
 #
 # /etc/crypto/pkcs11.conf
 #
@@ -39,5 +40,4 @@
 metaslot:metaslot_status=enabled;metaslot_auto_key_migrate=enabled;metaslot_token=Sun Software PKCS#11 softtoken;metaslot_slot=Sun Crypto Softtoken
 /usr/lib/security/$ISA/pkcs11_kernel.so
 /usr/lib/security/$ISA/pkcs11_softtoken.so
-/usr/lib/security/$ISA/pkcs11_tpm.so
 # End SUNWcsr
diff --git a/usr/src/cmd/cmd-inet/etc/services b/usr/src/cmd/cmd-inet/etc/services
index 25ccc7cc43..1029745480 100644
--- a/usr/src/cmd/cmd-inet/etc/services
+++ b/usr/src/cmd/cmd-inet/etc/services
@@ -1,7 +1,6 @@
-#
 # Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
-# Copyright 2015 Joyent, Inc.
+# Copyright 2019 Joyent, Inc.
 #
 # CDDL HEADER START
 #
@@ -23,9 +22,18 @@
 # CDDL HEADER END
 #
 # Network services, Internet style
-# Look at http://www.iana.org/assignments/port-numbers for more
 #
-tcpmux		1/tcp
+# Note that it is presently the policy of IANA to assign a single well-known
+# port number for both TCP and UDP; hence, officially ports have two entries
+# even if the protocol doesn't support UDP operations.
+#
+# Updated from http://www.iana.org/assignments/port-numbers and other
+# sources like http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/services .
+# New ports will be added on request if they have been officially assigned
+# by IANA and used in the real-world or are needed by a debian package.
+# If you need a huge list of used numbers please install the nmap package.
+
+tcpmux		1/tcp				# TCP port service multiplexer
 echo		7/tcp
 echo		7/udp
 discard		9/tcp		sink null
@@ -34,209 +42,614 @@ systat		11/tcp		users
 daytime		13/tcp
 daytime		13/udp
 netstat		15/tcp
-qotd		17/tcp 				# Quote of the Day
+qotd		17/tcp		quote
+msp		18/tcp				# message send protocol
+msp		18/udp
 chargen		19/tcp		ttytst source
 chargen		19/udp		ttytst source
 ftp-data	20/tcp
 ftp		21/tcp
 ftp		21/sctp
-ssh		22/tcp				# Secure Shell
+fsp		21/udp		fspd
+ssh		22/tcp				# SSH Remote Login Protocol
 ssh		22/sctp
+ssh		22/udp
 telnet		23/tcp
 smtp		25/tcp		mail
 time		37/tcp		timserver
 time		37/udp		timserver
 rlp		39/tcp				# Resource Location Protocol
-rlp		39/udp				# Resource Location Protocol
-name		42/udp		nameserver
-whois		43/tcp		nicname		# usually to sri-nic
-tacacs		49/tcp
+rlp		39/udp		resource	# resource location
+nameserver	42/tcp		name		# IEN 116
+nameserver	42/udp		name
+whois		43/tcp		nicname
+tacacs		49/tcp				# Login Host Protocol (TACACS)
 tacacs		49/udp
+re-mail-ck	50/tcp				# Remote Mail Checking Protocol
+re-mail-ck	50/udp
+domain		53/tcp				# name-domain server
 domain		53/udp
-domain		53/tcp
-tacacs-ds	65/tcp
+mtp		57/tcp				# deprecated
+tacacs-ds	65/tcp				# TACACS-Database Service
 tacacs-ds	65/udp
-bootps		67/udp				# BOOTP/DHCP server
-bootpc		68/udp				# BOOTP/DHCP client
-http		80/tcp		www www-http
-http		80/udp		www www-http
-http		80/sctp
-kerberos	88/udp		kdc		# Kerberos V5 KDC
-kerberos	88/tcp		kdc		# Kerberos V5 KDC
-hostnames	101/tcp		hostname	# usually to sri-nic
-pop2		109/tcp		pop-2		# Post Office Protocol - V2
-pop3		110/tcp				# Post Office Protocol - Version 3
-sunrpc		111/udp		rpcbind
-sunrpc		111/tcp		rpcbind
+bootps		67/tcp				# BOOTP server
+bootps		67/udp
+bootpc		68/tcp				# BOOTP client
+bootpc		68/udp
+tftp		69/udp
+gopher		70/tcp				# Internet Gopher
+gopher		70/udp
+rje		77/tcp		netrjs
+finger		79/tcp
+www		80/tcp		http		# WorldWideWeb HTTP
+www		80/sctp		http
+www		80/udp				# HyperText Transfer Protocol
+link		87/tcp		ttylink
+kerberos	88/tcp		kerberos5 krb5 kerberos-sec	# Kerberos v5
+kerberos	88/udp		kerberos5 krb5 kerberos-sec	# Kerberos v5
+supdup		95/tcp
+hostnames	101/tcp		hostname	# usually from sri-nic
+iso-tsap	102/tcp		tsap		# part of ISODE
+x400		103/tcp				# ISO Mail
+acr-nema	104/tcp		dicom		# Digital Imag. & Comm. 300
+acr-nema	104/udp		dicom		# Digital Imag. & Comm. 300
+csnet-ns	105/tcp		cso-ns		# also used by CSO name server
+csnet-ns	105/udp		cso-ns
+rtelnet		107/tcp				# Remote Telnet
+rtelnet		107/udp
+pop2		109/tcp		postoffice pop-2 # POP version 2
+pop2		109/udp		pop-2
+pop3		110/tcp		pop-3		# POP version 3
+pop3		110/udp		pop-3
+sunrpc		111/tcp		portmapper	# RPC 4.0 portmapper
+sunrpc		111/udp		portmapper
+auth		113/tcp		authentication tap ident
 sftp		115/tcp
-imap		143/tcp		imap2		# Internet Mail Access Protocol v2
+uucp-path	117/tcp
+nntp		119/tcp		readnews untp	# USENET News Transfer Protocol
+ntp		123/tcp
+ntp		123/udp				# Network Time Protocol
+pwdgen		129/tcp				# PWDGEN service
+pwdgen		129/udp				# PWDGEN service
+loc-srv		135/tcp		epmap		# Location Service
+loc-srv		135/udp		epmap
+netbios-ns	137/tcp				# NETBIOS Name Service
+netbios-ns	137/udp
+netbios-dgm	138/tcp				# NETBIOS Datagram Service
+netbios-dgm	138/udp
+netbios-ssn	139/tcp				# NETBIOS session service
+netbios-ssn	139/udp
+imap2		143/tcp		imap		# Interim Mail Access P 2 and 4
+imap2		143/udp		imap
+snmp		161/tcp				# Simple Net Mgmt Protocol
+snmp		161/udp				# Simple Net Mgmt Protocol
+snmp-trap	162/tcp		snmptrap	# Traps for SNMP
+snmp-trap	162/udp		snmptrap	# Traps for SNMP
+cmip-man	163/tcp				# ISO mgmt over IP (CMOT)
+cmip-man	163/udp
+cmip-agent	164/tcp
+cmip-agent	164/udp
+mailq		174/tcp			# Mailer transport queue for Zmailer
+mailq		174/udp			# Mailer transport queue for Zmailer
+xdmcp		177/tcp				# X Display Mgr. Control Proto
+xdmcp		177/udp
+nextstep	178/tcp		NeXTStep NextStep	# NeXTStep window
+nextstep	178/udp		NeXTStep NextStep	#  server
 bgp		179/tcp				# Border Gateway Protocol
-bgp		179/udp
 bgp		179/sctp
-irc		194/tcp
+bgp		179/udp
+prospero	191/tcp				# Cliff Neuman's Prospero
+prospero	191/udp
+irc		194/tcp				# Internet Relay Chat
 irc		194/udp
-smux		199/tcp
+smux		199/tcp				# SNMP Unix Multiplexer
 smux		199/udp
-imap3		220/tcp
-imap3		220/udp
-clearcase	371/tcp
-clearcase	371/udp
-ldap		389/tcp				# Lightweight Directory Access Protocol	
-ldap		389/udp				# Lightweight Directory Access Protocol
-https		443/tcp
+at-rtmp		201/tcp				# AppleTalk routing
+at-rtmp		201/udp
+at-nbp		202/tcp				# AppleTalk name binding
+at-nbp		202/udp
+at-echo		204/tcp				# AppleTalk echo
+at-echo		204/udp
+at-zis		206/tcp				# AppleTalk zone information
+at-zis		206/udp
+qmtp		209/tcp				# Quick Mail Transfer Protocol
+qmtp		209/udp				# Quick Mail Transfer Protocol
+z3950		210/tcp		wais		# NISO Z39.50 database
+z3950		210/udp		wais
+ipx		213/tcp				# IPX
+ipx		213/udp
+imap3		220/tcp				# Interactive Mail Access
+imap3		220/udp				# Protocol v3
+pawserv		345/tcp				# Perf Analysis Workbench
+pawserv		345/udp
+zserv		346/tcp				# Zebra server
+zserv		346/udp
+fatserv		347/tcp				# Fatmen Server
+fatserv		347/udp
+rpc2portmap	369/tcp
+rpc2portmap	369/udp				# Coda portmapper
+codaauth2	370/tcp
+codaauth2	370/udp				# Coda authentication server
+clearcase	371/tcp		Clearcase
+clearcase	371/udp		Clearcase
+ulistserv	372/tcp				# UNIX Listserv
+ulistserv	372/udp
+ldap		389/tcp			# Lightweight Directory Access Protocol
+ldap		389/udp
+imsp		406/tcp			# Interactive Mail Support Protocol
+imsp		406/udp
+slp		427/tcp		slp		# Service Location Protocol, V2
+slp		427/udp		slp		# Service Location Protocol, V2
+mobile-ip	434/udp		mobile-ip	# Mobile-IP
+cvc_hostd	442/tcp				# Network Console
+https		443/tcp				# http protocol over TLS/SSL
 https		443/udp
 https		443/sctp
+snpp		444/tcp				# Simple Network Paging Protocol
+snpp		444/udp
+microsoft-ds	445/tcp				# Microsoft Naked CIFS
+microsoft-ds	445/udp
 kpasswd		464/tcp
 kpasswd		464/udp
+saft		487/tcp			# Simple Asynchronous File Transfer
+saft		487/udp
+isakmp		500/tcp			# IPsec - Internet Security Association
+isakmp		500/udp			#  and Key Management Protocol
 dhcpv6-client	546/udp		dhcpv6c		# DHCPv6 Client (RFC 3315)
 dhcpv6-client	546/tcp
 dhcpv6-server	547/udp		dhcpv6s		# DHCPv6 Server (RFC 3315)
 dhcpv6-server	547/tcp
-rtsp		554/tcp
-rtsp		554/udp
-nntps		563/tcp		snntp
-nntps		563/udp		snntp
-submission	587/tcp				# Mail Message Submission
-submission	587/udp				#    see RFC 2476
-ipp		631/tcp
+rtsp		554/tcp			# Real Time Stream Control Protocol
+rtsp		554/udp			# Real Time Stream Control Protocol
+nqs		607/tcp				# Network Queuing system
+nqs		607/udp
+npmp-local	610/tcp		dqs313_qmaster		# npmp-local / DQS
+npmp-local	610/udp		dqs313_qmaster
+npmp-gui	611/tcp		dqs313_execd		# npmp-gui / DQS
+npmp-gui	611/udp		dqs313_execd
+hmmp-ind	612/tcp		dqs313_intercell	# HMMP Indication / DQS
+hmmp-ind	612/udp		dqs313_intercell
+qmqp		628/tcp
+qmqp		628/udp
+ipp		631/tcp				# Internet Printing Protocol
 ipp		631/udp
-ldaps		636/tcp				# LDAP protocol over TLS/SSL (was sldap)
-ldaps		636/udp				# LDAP protocol over TLS/SSL (was sldap)
-silc		706/tcp
-silc		706/udp
-iscsi		860/tcp
-iscsi		860/udp
-rsync		873/tcp
-rsync		873/udp
-ftps-data	989/tcp
-ftps-data	989/udp
-ftps		990/tcp
-ftps		990/udp
-imaps		993/tcp
-imaps		993/udp
-pop3s		995/tcp
-pop3s		995/udp
-socks		1080/tcp
-socks		1080/udp
-openvpn		1194/tcp
-openvpn		1194/udp
-icap		1344/tcp			# Internet Content Adaptation Protocol
-wins		1512/tcp
-wins		1512/udp
-radius		1812/tcp
-radius		1812/udp
-radius-acct	1813/tcp
-radius-acct	1813/udp
-cvspserver	2401/tcp
-icpv2		3130/tcp
-icpv2		3130/udp
-iscsi-target	3260/tcp
-iscsi-target	3260/udp
-mysql		3306/tcp
-mysql		3306/udp
-nut		3493/tcp			# Network UPS Tools
-svn		3690/tcp
-svn		3690/udp
-epmd		4369/tcp			# Erlang Port Mapper Daemon
-epmd		4369/udp
-sip		5060/tcp
-sip		5060/udp
-sip-tls		5061/tcp
-sip-tls		5061/udp
-xmpp-client	5222/tcp
-xmpp-server	5269/tcp
-postgresql	5432/tcp	postgres
-postgresql	5432/udp	postgres
-http-alt	8080/tcp	webcache	# HTTP Alternate, webcache
-http-alt	8080/udp
-memcache	11211/tcp
-memcache	11211/udp
-#
-# Host specific functions
-#
-tftp		69/udp
-rje		77/tcp
-finger		79/tcp
-link		87/tcp		ttylink
-supdup		95/tcp
-iso-tsap	102/tcp
-x400		103/tcp				# ISO Mail
-x400-snd	104/tcp
-csnet-ns	105/tcp
-uucp-path	117/tcp
-nntp		119/tcp		usenet		# Network News Transfer
-ntp		123/tcp				# Network Time Protocol
-ntp		123/udp				# Network Time Protocol
-netbios-ns	137/tcp				# NETBIOS Name Service
-netbios-ns	137/udp				# NETBIOS Name Service
-netbios-dgm	138/tcp				# NETBIOS Datagram Service
-netbios-dgm	138/udp				# NETBIOS Datagram Service
-netbios-ssn	139/tcp				# NETBIOS Session Service
-netbios-ssn	139/udp				# NETBIOS Session Service
-NeWS		144/tcp		news		# Window System
-snmpd		161/udp		snmp		# Net-SNMP snmp daemon
-slp		427/tcp		slp		# Service Location Protocol, V2
-slp		427/udp		slp		# Service Location Protocol, V2
-mobile-ip	434/udp		mobile-ip	# Mobile-IP
-cvc_hostd	442/tcp				# Network Console
-microsoft-ds	445/tcp				# Microsoft Directory Services
-microsoft-ds	445/udp				# Microsoft Directory Services
-ike		500/udp		ike		# Internet Key Exchange
 uuidgen		697/tcp				# UUID Generator
 uuidgen		697/udp				# UUID Generator
 #
 # UNIX specific services
 #
-# these are NOT officially assigned
-#
 rdc		121/tcp				# SNDR server daemon
 exec		512/tcp
-login		513/tcp
-shell		514/tcp		cmd		# no passwords used
-printer		515/tcp		spooler		# line printer spooler
-courier		530/tcp		rpc		# experimental
-uucp		540/tcp		uucpd		# uucp daemon
 biff		512/udp		comsat
+login		513/tcp
 who		513/udp		whod
+shell		514/tcp		cmd		# no passwords used
 syslog		514/udp
+printer		515/tcp		spooler		# line printer spooler
 talk		517/udp
-route		520/udp		router routed
+ntalk		518/udp
+route		520/udp		router routed	# RIP
 ripng		521/udp
-klogin		543/tcp				# Kerberos authenticated rlogin
-kshell		544/tcp		cmd		# Kerberos authenticated remote shell
+timed		525/udp		timeserver
+tempo		526/tcp		newdate
+courier		530/tcp		rpc
+conference	531/tcp		chat
+netnews		532/tcp		readnews
+netwall		533/udp				# for emergency broadcasts
+gdomap		538/tcp				# GNUstep distributed objects
+gdomap		538/udp
+uucp		540/tcp		uucpd		# uucp daemon
+klogin		543/tcp				# Kerberized `rlogin' (v5)
+kshell		544/tcp		krcmd		# Kerberized `rsh' (v5)
+afpovertcp	548/tcp				# AFP over TCP
+afpovertcp	548/udp
 new-rwho	550/udp		new-who		# experimental
+remotefs	556/tcp		rfs_server rfs	# Brunhoff remote filesystem
 rmonitor	560/udp		rmonitord	# experimental
 monitor		561/udp				# experimental
+nntps		563/tcp		snntp		# NNTP over SSL
+nntps		563/udp		snntp
+submission	587/tcp				# Submission [RFC4409]
+submission	587/udp
 pcserver	600/tcp				# ECD Integrated PC board srvr
+ldaps		636/tcp				# LDAP over SSL
+ldaps		636/udp
+tinc		655/tcp				# tinc control port
+tinc		655/udp
 sun-dr		665/tcp				# Remote Dynamic Reconfiguration
-kerberos-adm	749/tcp				# Kerberos V5 Administration
+silc		706/tcp
+silc		706/udp
+kerberos-adm	749/tcp				# Kerberos `kadmin' (v5)
 kerberos-adm	749/udp				# Kerberos V5 Administration
 kerberos-iv	750/udp				# Kerberos V4 key server
 krb5_prop	754/tcp				# Kerberos V5 KDC propogation
-swat		901/tcp				# Samba Web Adm.Tool
+#
+webster		765/tcp				# Network dictionary
+webster		765/udp
+iscsi		860/tcp
+iscsi		860/udp
+rsync		873/tcp
+rsync		873/udp
+ftps-data	989/tcp				# FTP over SSL (data)
+ftps		990/tcp
+telnets		992/tcp				# Telnet over SSL
+telnets		992/udp
+imaps		993/tcp				# IMAP over SSL
+imaps		993/udp
+ircs		994/tcp				# IRC over SSL
+ircs		994/udp
+pop3s		995/tcp				# POP-3 over SSL
+pop3s		995/udp
 ufsd		1008/tcp	ufsd		# UFS-aware server
 ufsd		1008/udp	ufsd
 portolan	1296/tcp			# Portolan
 svp-underlay	1339/tcp			# SDC VXLAN underlay invalidation
 cvc		1495/tcp			# Network Console
+#
+# From ``Assigned Numbers'':
+#
+#> The Registered Ports are not controlled by the IANA and on most systems
+#> can be used by ordinary user processes or programs executed by ordinary
+#> users.
+#
+#> Ports are used in the TCP [45,106] to name the ends of logical
+#> connections which carry long term conversations.  For the purpose of
+#> providing services to unknown callers, a service contact port is
+#> defined.  This list specifies the port used by the server process as its
+#> contact port.  While the IANA can not control uses of these ports it
+#> does register or list uses of these ports as a convienence to the
+#> community.
+#
+socks		1080/tcp			# socks proxy server
+socks		1080/udp
+proofd		1093/tcp
+proofd		1093/udp
+rootd		1094/tcp
+rootd		1094/udp
+openvpn		1194/tcp
+openvpn		1194/udp
+rmiregistry	1099/tcp			# Java RMI Registry
+rmiregistry	1099/udp
+kazaa		1214/tcp
+kazaa		1214/udp
+nessus		1241/tcp			# Nessus vulnerability
+nessus		1241/udp			#  assessment scanner
+icap		1344/tcp			# Internet Content Adaptation Protocol
+lotusnote	1352/tcp	lotusnotes	# Lotus Note
+lotusnote	1352/udp	lotusnotes
+ms-sql-s	1433/tcp			# Microsoft SQL Server
+ms-sql-s	1433/udp
+ms-sql-m	1434/tcp			# Microsoft SQL Monitor
+ms-sql-m	1434/udp
+wins		1512/tcp
+wins		1512/udp
 ingreslock	1524/tcp
+ingreslock	1524/udp
+prospero-np	1525/tcp			# Prospero non-privileged
+prospero-np	1525/udp
+datametrics	1645/tcp	old-radius
+datametrics	1645/udp	old-radius
+sa-msg-port	1646/tcp	old-radacct
+sa-msg-port	1646/udp	old-radacct
+kermit		1649/tcp
+kermit		1649/udp
+l2f		1701/tcp	l2tp
+l2f		1701/udp	l2tp
 www-ldap-gw	1760/tcp			# HTTP to LDAP gateway
 www-ldap-gw	1760/udp			# HTTP to LDAP gateway
-listen		2766/tcp			# System V listener port
-nfsd		2049/udp	nfs		# NFS server daemon (clts)
-nfsd		2049/tcp	nfs		# NFS server daemon (cots)
+radius		1812/tcp
+radius		1812/udp
+radius-acct	1813/tcp	radacct		# Radius Accounting
+radius-acct	1813/udp	radacct
+msnp		1863/tcp			# MSN Messenger
+msnp		1863/udp
+unix-status	1957/tcp			# remstats unix-status server
+log-server	1958/tcp			# remstats log server
+remoteping	1959/tcp			# remstats remoteping server
+cisco-sccp	2000/tcp	sieve		# Cisco SCCP
+cisco-sccp	2000/udp
+search		2010/tcp	ndtp
+pipe_server	2010/tcp
+nfs		2049/tcp			# Network File System
+nfs		2049/udp			# Network File System
 nfsd		2049/sctp	nfs
-eklogin		2105/tcp			# Kerberos encrypted rlogin
+gnunet		2086/tcp
+gnunet		2086/udp
+rtcm-sc104	2101/tcp			# RTCM SC-104 IANA 1/29/99
+rtcm-sc104	2101/udp
+gsigatekeeper	2119/tcp
+gsigatekeeper	2119/udp
+gris		2135/tcp		# Grid Resource Information Server
+gris		2135/udp		# Grid Resource Information Server
+cvspserver	2401/tcp			# CVS client/server operations
+cvspserver	2401/udp
+venus		2430/tcp			# codacon port
+venus		2430/udp			# Venus callback/wbc interface
+venus-se	2431/tcp			# tcp side effects
+venus-se	2431/udp			# udp sftp side effect
+codasrv		2432/tcp			# not used
+codasrv		2432/udp			# server port
+codasrv-se	2433/tcp			# tcp side effects
+codasrv-se	2433/udp			# udp sftp side effect
+mon		2583/tcp			# MON traps
+mon		2583/udp
+dict		2628/tcp			# Dictionary server
+dict		2628/udp
+listen		2766/tcp			# System V listener port
+gsiftp		2811/tcp
+gsiftp		2811/udp
+gpsd		2947/tcp
+gpsd		2947/udp
+gds_db		3050/tcp			# InterBase server
+gds_db		3050/udp
+icpv2		3130/tcp	icp		# Internet Cache Protocol
+icpv2		3130/udp	icp
+iscsi-target	3260/tcp
+iscsi-target	3260/udp
+mysql		3306/tcp
+mysql		3306/udp
+nut		3493/tcp			# Network UPS Tools
+nut		3493/udp
+distcc		3632/tcp			# distributed compiler
+distcc		3632/udp
+daap		3689/tcp			# Digital Audio Access Protocol
+daap		3689/udp
+svn		3690/tcp	subversion	# Subversion protocol
+svn		3690/udp	subversion
+suucp		4031/tcp			# UUCP over SSL
+suucp		4031/udp			# UUCP over SSL
 lockd		4045/udp			# NFS lock daemon/manager
 lockd		4045/tcp
+sysrqd		4094/tcp			# sysrq daemon
+sysrqd		4094/udp			# sysrq daemon
+remctl		4373/tcp		# Remote Authenticated Command Service
+remctl		4373/udp		# Remote Authenticated Command Service
+epmd		4369/tcp			# Erlang Port Mapper Daemon
+epmd		4369/udp
 ipsec-nat-t	4500/udp			# IPsec NAT-Traversal
+iax		4569/tcp			# Inter-Asterisk eXchange
+iax		4569/udp
+radmin-port	4899/tcp			# RAdmin Port
+radmin-port	4899/udp
+rfe		5002/udp			# Radio Free Ethernet
+rfe		5002/tcp
+mmcc		5050/tcp	# multimedia conference control tool (Yahoo IM)
+mmcc		5050/udp
+sip		5060/tcp			# Session Initiation Protocol
+sip		5060/udp
+sip-tls		5061/tcp
+sip-tls		5061/udp
+aol		5190/tcp			# AIM
+aol		5190/udp
+xmpp-client	5222/tcp	jabber-client	# Jabber Client Connection
+xmpp-client	5222/udp	jabber-client
+xmpp-server	5269/tcp	jabber-server	# Jabber Server Connection
+xmpp-server	5269/udp	jabber-server
+cfengine	5308/tcp
+cfengine	5308/udp
+mdns		5353/tcp			# Multicast DNS
 mdns		5353/udp			# Multicast DNS
-mdns		5353/tcp
+postgresql	5432/tcp	postgres	# PostgreSQL Database
+postgresql	5432/udp	postgres
+freeciv		5556/tcp	rptp		# Freeciv gameplay
+freeciv		5556/udp
+amqp		5672/tcp
+amqp		5672/udp
+amqp		5672/sctp
+ggz		5688/tcp			# GGZ Gaming Zone
+ggz		5688/udp			# GGZ Gaming Zone
 vnc-server	5900/tcp			# VNC Server
+x11		6000/tcp	x11-0		# X Window System
+x11		6000/udp	x11-0
+x11-1		6001/tcp
+x11-1		6001/udp
+x11-2		6002/tcp
+x11-2		6002/udp
+x11-3		6003/tcp
+x11-3		6003/udp
+x11-4		6004/tcp
+x11-4		6004/udp
+x11-5		6005/tcp
+x11-5		6005/udp
+x11-6		6006/tcp
+x11-6		6006/udp
+x11-7		6007/tcp
+x11-7		6007/udp
 dtspc		6112/tcp			# CDE subprocess control
+gnutella-svc	6346/tcp			# gnutella
+gnutella-svc	6346/udp
+gnutella-rtr	6347/tcp			# gnutella
+gnutella-rtr	6347/udp
+sge_qmaster	6444/tcp			# Grid Engine Qmaster Service
+sge_qmaster	6444/udp			# Grid Engine Qmaster Service
+sge_execd	6445/tcp			# Grid Engine Execution Service
+sge_execd	6445/udp			# Grid Engine Execution Service
 servicetag	6481/udp
 servicetag	6481/tcp
-fs		7100/tcp			# Font server
+afs3-fileserver 7000/tcp	bbs		# file server itself
+afs3-fileserver 7000/udp	bbs
+afs3-callback	7001/tcp			# callbacks to cache managers
+afs3-callback	7001/udp
+afs3-prserver	7002/tcp			# users & groups database
+afs3-prserver	7002/udp
+afs3-vlserver	7003/tcp			# volume location database
+afs3-vlserver	7003/udp
+afs3-kaserver	7004/tcp			# AFS/Kerberos authentication
+afs3-kaserver	7004/udp
+afs3-volser	7005/tcp			# volume managment server
+afs3-volser	7005/udp
+afs3-errors	7006/tcp			# error interpretation service
+afs3-errors	7006/udp
+afs3-bos	7007/tcp			# basic overseer process
+afs3-bos	7007/udp
+afs3-update	7008/tcp			# server-to-server updater
+afs3-update	7008/udp
+afs3-rmtsys	7009/tcp			# remote cache manager service
+afs3-rmtsys	7009/udp
+font-service	7100/tcp	xfs		# X Font Service
+font-service	7100/udp	xfs
+http-alt	8080/tcp	webcache	# WWW caching service
+http-alt	8080/udp			# WWW caching service
+bacula-dir	9101/tcp			# Bacula Director
+bacula-dir	9101/udp
+bacula-fd	9102/tcp			# Bacula File Daemon
+bacula-fd	9102/udp
+bacula-sd	9103/tcp			# Bacula Storage Daemon
+bacula-sd	9103/udp
+xmms2		9667/tcp	# Cross-platform Music Multiplexing System
+xmms2		9667/udp	# Cross-platform Music Multiplexing System
+amanda		10080/tcp			# amanda backup services
+amanda		10080/udp
+memcache	11211/tcp
+memcache	11211/udp
+hkp		11371/tcp			# OpenPGP HTTP Keyserver
+hkp		11371/udp			# OpenPGP HTTP Keyserver
+bprd		13720/tcp			# VERITAS NetBackup
+bprd		13720/udp
+bpdbm		13721/tcp			# VERITAS NetBackup
+bpdbm		13721/udp
+bpjava-msvc	13722/tcp			# BP Java MSVC Protocol
+bpjava-msvc	13722/udp
+vnetd		13724/tcp			# Veritas Network Utility
+vnetd		13724/udp
+bpcd		13782/tcp			# VERITAS NetBackup
+bpcd		13782/udp
+vopied		13783/tcp			# VERITAS NetBackup
+vopied		13783/udp
 solaris-audit	16162/tcp			# Secure remote audit logging
-wnn6		22273/tcp			# Wnn6 jserver
-wnn6		22273/udp			# Wnn6 jserver
+wnn6		22273/tcp			# wnn6
+wnn6		22273/udp
+
+#
+# Datagram Delivery Protocol services
+#
+rtmp		1/ddp			# Routing Table Maintenance Protocol
+nbp		2/ddp			# Name Binding Protocol
+echo		4/ddp			# AppleTalk Echo Protocol
+zip		6/ddp			# Zone Information Protocol
+
+#=========================================================================
+# The remaining port numbers are not as allocated by IANA.
+#=========================================================================
+
+# Kerberos (Project Athena/MIT) services
+# Note that these are for Kerberos v4, and are unofficial.  Sites running
+# v4 should uncomment these and comment out the v5 entries above.
+#
+kerberos4	750/udp		kerberos-iv kdc	# Kerberos (server)
+kerberos4	750/tcp		kerberos-iv kdc
+kerberos_master	751/udp				# Kerberos authentication
+kerberos_master	751/tcp
+passwd_server	752/udp				# Kerberos passwd server
+krb_prop	754/tcp		krb5_prop hprop	# Kerberos slave propagation
+krbupdate	760/tcp		kreg		# Kerberos registration
+swat		901/tcp				# swat
+kpop		1109/tcp			# Pop with Kerberos
+knetd		2053/tcp			# Kerberos de-multiplexor
+zephyr-srv	2102/udp			# Zephyr server
+zephyr-clt	2103/udp			# Zephyr serv-hm connection
+zephyr-hm	2104/udp			# Zephyr hostmanager
+eklogin		2105/tcp			# Kerberos encrypted rlogin
+# Hmmm. Are we using Kv4 or Kv5 now? Worrying.
+# The following is probably Kerberos v5  --- ajt@debian.org (11/02/2000)
+kx		2111/tcp			# X over Kerberos
+iprop		2121/tcp			# incremental propagation
+#
+# Unofficial but necessary (for NetBSD) services
+#
+supfilesrv	871/tcp				# SUP server
+supfiledbg	1127/tcp			# SUP debugging
+
+#
+# Services added for the Debian GNU/Linux distribution
+#
+linuxconf	98/tcp				# LinuxConf
+poppassd	106/tcp				# Eudora
+poppassd	106/udp
+ssmtp		465/tcp		smtps		# SMTP over SSL
+moira_db	775/tcp				# Moira database
+moira_update	777/tcp				# Moira update protocol
+moira_ureg	779/udp				# Moira user registration
+spamd		783/tcp				# spamassassin daemon
+omirr		808/tcp		omirrd		# online mirror
+omirr		808/udp		omirrd
+customs		1001/tcp			# pmake customs server
+customs		1001/udp
+skkserv		1178/tcp			# skk jisho server port
+predict		1210/udp			# predict -- satellite tracking
+rmtcfg		1236/tcp			# Gracilis Packeten remote config server
+wipld		1300/tcp			# Wipl network monitor
+xtel		1313/tcp			# french minitel
+xtelw		1314/tcp			# french minitel
+support		1529/tcp			# GNATS
+cfinger		2003/tcp			# GNU Finger
+frox		2121/tcp			# frox: caching ftp proxy
+ninstall	2150/tcp			# ninstall service
+ninstall	2150/udp
+zebrasrv	2600/tcp			# zebra service
+zebra		2601/tcp			# zebra vty
+ripd		2602/tcp			# ripd vty (zebra)
+ripngd		2603/tcp			# ripngd vty (zebra)
+ospfd		2604/tcp			# ospfd vty (zebra)
+bgpd		2605/tcp			# bgpd vty (zebra)
+ospf6d		2606/tcp			# ospf6d vty (zebra)
+ospfapi		2607/tcp			# OSPF-API
+isisd		2608/tcp			# ISISd vty (zebra)
+afbackup	2988/tcp			# Afbackup system
+afbackup	2988/udp
+afmbackup	2989/tcp			# Afmbackup system
+afmbackup	2989/udp
+xtell		4224/tcp			# xtell server
+fax		4557/tcp			# FAX transmission service (old)
+hylafax		4559/tcp			# HylaFAX client-server protocol (new)
+distmp3		4600/tcp			# distmp3host daemon
+munin		4949/tcp	lrrd		# Munin
+enbd-cstatd	5051/tcp			# ENBD client statd
+enbd-sstatd	5052/tcp			# ENBD server statd
+pcrd		5151/tcp			# PCR-1000 Daemon
+noclog		5354/tcp			# noclogd with TCP (nocol)
+noclog		5354/udp			# noclogd with UDP (nocol)
+hostmon		5355/tcp			# hostmon uses TCP (nocol)
+hostmon		5355/udp			# hostmon uses UDP (nocol)
+rplay		5555/udp			# RPlay audio service
+nsca		5667/tcp			# Nagios Agent - NSCA
+mrtd		5674/tcp			# MRT Routing Daemon
+bgpsim		5675/tcp			# MRT Routing Simulator
+canna		5680/tcp			# cannaserver
+sane-port	6566/tcp	sane saned	# SANE network scanner daemon
+ircd		6667/tcp			# Internet Relay Chat
+zope-ftp	8021/tcp			# zope management by ftp
+tproxy		8081/tcp			# Transparent Proxy
+omniorb		8088/tcp			# OmniORB
+omniorb		8088/udp
+clc-build-daemon 8990/tcp			# Common lisp build daemon
+xinetd		9098/tcp
+mandelspawn	9359/udp	mandelbrot	# network mandelbrot
+git		9418/tcp			# Git Version Control System
+zope		9673/tcp			# zope server
+webmin		10000/tcp
+kamanda		10081/tcp			# amanda backup services (Kerberos)
+kamanda		10081/udp
+amandaidx	10082/tcp			# amanda backup services
+amidxtape	10083/tcp			# amanda backup services
+smsqp		11201/tcp			# Alamin SMS gateway
+smsqp		11201/udp
+xpilot		15345/tcp			# XPilot Contact Port
+xpilot		15345/udp
+sgi-cmsd	17001/udp		# Cluster membership services daemon
+sgi-crsd	17002/udp
+sgi-gcd		17003/udp			# SGI Group membership daemon
+sgi-cad		17004/tcp			# Cluster Admin daemon
+isdnlog		20011/tcp			# isdn logging system
+isdnlog		20011/udp
+vboxd		20012/tcp			# voice box system
+vboxd		20012/udp
+binkp		24554/tcp			# binkp fidonet protocol
+asp		27374/tcp			# Address Search Protocol
+asp		27374/udp
+csync2		30865/tcp			# cluster synchronization tool
+dircproxy	57000/tcp			# Detachable IRC Proxy
+tfido		60177/tcp			# fidonet EMSI over telnet
+fido		60179/tcp			# fidonet EMSI over TCP
+
+# Local services
diff --git a/usr/src/cmd/coreadm/coreadm.xml b/usr/src/cmd/coreadm/coreadm.xml
index 28f1e27240..c6198f885a 100644
--- a/usr/src/cmd/coreadm/coreadm.xml
+++ b/usr/src/cmd/coreadm/coreadm.xml
@@ -48,6 +48,14 @@
 		<service_fmri value='svc:/system/filesystem/minimal' />
 	</dependency>
 
+	<dependency
+		name='coreadm_manifest-import'
+		type='service'
+		grouping='require_all'
+		restart_on='none'>
+		<service_fmri value='svc:/system/manifest-import:default' />
+	</dependency>
+
 	<instance name='default' enabled='false'>
 		<exec_method
 			type='method'
@@ -84,17 +92,17 @@
 				value='solaris.smf.value.coreadm' />
 
 			<propval name='global_pattern'
-				type='astring' value='' />
+				type='astring' value='/%Z/cores/core.%f.%p' />
 			<propval name='global_content'
 				type='astring' value='default' />
 			<propval name='init_pattern'
-				type='astring' value='core' />
+				type='astring' value='/%Z/cores/core.%f.%p' />
 			<propval name='init_content'
 				type='astring' value='default' />
 			<propval name='global_enabled'
-				type='boolean' value='false' />
-			<propval name='process_enabled'
 				type='boolean' value='true' />
+			<propval name='process_enabled'
+				type='boolean' value='false' />
 			<propval name='global_setid_enabled'
 				type='boolean' value='false' />
 			<propval name='process_setid_enabled'
diff --git a/usr/src/cmd/cron/Makefile b/usr/src/cmd/cron/Makefile
index d8df76960f..c45159969e 100644
--- a/usr/src/cmd/cron/Makefile
+++ b/usr/src/cmd/cron/Makefile
@@ -22,7 +22,7 @@
 # Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
-# Copyright (c) 2018, Joyent, Inc.
+# Copyright 2019 Joyent, Inc.
 
 DEFAULTFILES =	cron.dfl
 
@@ -48,6 +48,7 @@ ROOTVAR =	$(ROOT)/var
 
 ROOTSPCRON =	$(ROOTVAR)/spool/cron
 ROOTCROND =	$(ROOTETC)/cron.d
+ROOTCRONDCRONTABS = $(ROOTCROND)/crontabs
 ROOTCRONTABS =	$(ROOTSPCRON)/crontabs
 ROOTATJOBS =	$(ROOTSPCRON)/atjobs
 ROOTLIBCRON =	$(ROOTLIB)/cron
@@ -66,9 +67,6 @@ POFILES1=	at.po crontab.po funcs.po batch.po
 POFILES=	$(POFILES1) atrm.po
 $(POFILES1) :=	XGETFLAGS= -a -x $(PROG1).xcl
 
-ROOTDIRS =	$(ROOTSPCRON) $(ROOTCROND) \
-		$(ROOTCRONTABS) $(ROOTATJOBS)
-
 ROOTPROG =	$(PROG1:%=$(ROOTUSRSBIN)/%) $(PROG2:%=$(ROOTBIN)/%)	\
 		$(SCRIPT:%=$(ROOTBIN)/%) \
 		$(XPG6PROG:%=$(ROOTXPG6BIN)/%) \
@@ -144,13 +142,9 @@ crontab :=	LDLIBS += -lsecdb -lpam -lzoneinfo
 crontab.xpg6 :=	LDLIBS += -lsecdb -lpam -lzoneinfo
 crontab.xpg4 :=	LDLIBS += -lsecdb -lpam -lzoneinfo
 
-lint :=		LDLIBS += -lproject -lsecdb -lcontract -lpam
-
 $(XPG4) := CFLAGS += -DXPG4
 $(XPG6) := CFLAGS += -DXPG6
 
-LINTFLAGS += -u
-
 $(ROOTSVCSYSTEM)/cron.xml := FILEMODE = 0444
 $(ROOTLIBSVCMETHOD)/svc-cron := FILEMODE = 0555
 
@@ -160,7 +154,7 @@ $(ROOTLIBSVCMETHOD)/svc-cron := FILEMODE = 0555
 all :		$(PROG) $(XPG4) $(XPG6) $(SCRIPT) $(XPG4SCRIPT) $(FILES)
 
 install :	all $(ROOTPROG) $(ROOTETCDEFAULTFILES) $(ROOTSYMLINK) \
-		$(ROOTMANIFEST) $(ROOTMETHOD)
+		$(ROOTMANIFEST) $(ROOTMETHOD) $(ROOTCRONDCRONTABS)/root
 
 $(PROG) :	$$(OBJS)
 		$(LINK.c) $(OBJS) -o $@ $(LDLIBS)
@@ -214,13 +208,14 @@ att2.c :	att2.l att2.ed att1.c
 		ed - lex.yy.c < att2.ed
 		$(MV) lex.yy.c att2.c
 
-# Don't re-install directories installed by Targetdirs
-#$(ROOTDIRS):
-#		$(INS.dir)
-
 $(ROOTSYMLINK) :
 		$(RM) $@; $(SYMLINK) $(SYMLNKDEST) $@
 
+$(ROOTCRONDCRONTABS)/root: crontab.root
+	$(RM) $@; \
+	$(INS) -s -m $(FILEMODE) -f $(@D) crontab.root; \
+	$(MV) $(@D)/crontab.root $@
+
 check:		$(CHKMANIFEST)
 
 $(POFILE):	$(POFILES)
@@ -229,8 +224,6 @@ $(POFILE):	$(POFILES)
 clean :
 		$(RM) $(COBJS) att1.h att1.c att2.c
 
-lint :		lint_SRCS
-
 strip :
 		$(STRIP) $(PROG) $(XPG4) $(XPG6)
 
diff --git a/usr/src/cmd/cron/crontab.root b/usr/src/cmd/cron/crontab.root
new file mode 100644
index 0000000000..4153ad2d6a
--- /dev/null
+++ b/usr/src/cmd/cron/crontab.root
@@ -0,0 +1,18 @@
+## Rotate and trim the audit logs nightly.
+0 0 * * * /smartdc/bin/sdc-lastcomm -R 30
+## Run logadm hourly so that the minimum rotate interval is 1h
+0 * * * * /usr/sbin/logadm
+## Rotate vm.log files for any KVM VMs
+0 * * * * SDC_LOG_ROLL_BACKWARD=1 /usr/vm/sbin/rotate-kvm-logs.sh >> /var/log/rotate-kvm-logs.log 2>&1
+## Headnode should phone home nightly.
+0 1 * * * [ -x /opt/smartdc/bin/sdc-phonehome ] && /opt/smartdc/bin/sdc-phonehome
+## Delete saved core dumps over 7 days old
+15 0 * * * find /zones/*/cores -type f -mtime +7 -exec rm -f "{}" \;
+## Delete archived zone data over 7 days old
+30 0 * * * find /zones/archive/ -mount -maxdepth 1 -mindepth 1 -type d -mtime +7 -exec rm -rf "{}" \;
+## Delete logs to be uploaded over 7 days old if they aren't being consumed
+45 0 * * * [ -d /var/log/sdc/upload/ ] && find /var/log/sdc/upload/ -mount -maxdepth 1 -mindepth 1 -type f -mtime +7 -exec rm -f "{}" \;
+
+# NOTE: all entries above are in root's system-defined crontab; see the
+# crontab(1) man page.
+
diff --git a/usr/src/cmd/cron/svc-cron b/usr/src/cmd/cron/svc-cron
index 4def6071b8..55033608ee 100644
--- a/usr/src/cmd/cron/svc-cron
+++ b/usr/src/cmd/cron/svc-cron
@@ -22,8 +22,7 @@
 #
 # Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
-#
-# ident	"%Z%%M%	%I%	%E% SMI"
+# Copyright 2012 Joyent, Inc.  All rights reserved.
 #
 # Start method script for the cron service.
 #
@@ -37,6 +36,45 @@ if [ -p /etc/cron.d/FIFO ]; then
 	fi
 fi
 
+if smf_is_globalzone && [ -n "$(bootparams | grep '^headnode=true')" ]; then
+	#
+	# Randomize root's crontab so all HN's are not in sync.
+	#
+	utc_offset=`nawk -F= '{if ($1 == "utc_offset") print $2}' \
+	    /usbkey/config.inc/generic`
+	[ -z "$utc_offset" ] && utc_offset=0
+
+	n=$(date +%S)
+	hr=$(($n % 5))
+	hr=$(($hr + $utc_offset))
+
+	n=$(date +%M)
+	mn=$(($n % 15))
+
+	nawk -v hr=$hr -v mn=$mn '{
+		if (substr($1, 1, 1) == "#") {
+			print $0
+			next
+		}
+		if (substr($2, 1, 1) == "*") {
+			print $0
+			next
+		}
+		if (length($0) == 0) {
+			print $0
+			next
+		}
+
+		printf("%d %d %s %s %s %s", mn, hr, $3, $4, $5, $6)
+		for (i = 7; i <= NF; i++)
+			printf(" %s", $i)
+		printf("\n")
+		mn += 10
+	}' /etc/cron.d/crontabs/root >/etc/cron.d/crontabs/root.$$
+	cp /etc/cron.d/crontabs/root.$$ /etc/cron.d/crontabs/root
+	rm -f /etc/cron.d/crontabs/root.$$
+fi
+
 if [ -x /usr/sbin/cron ]; then
 	/usr/bin/rm -f /etc/cron.d/FIFO
 	/usr/sbin/cron &
diff --git a/usr/src/cmd/dispadmin/Makefile b/usr/src/cmd/dispadmin/Makefile
index 65f7e7301c..6df5bbca3f 100644
--- a/usr/src/cmd/dispadmin/Makefile
+++ b/usr/src/cmd/dispadmin/Makefile
@@ -22,12 +22,14 @@
 # Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
-# cmd/dispadmin/Makefile
+# Copyright 2019 Joyent, Inc.
 #
 
 PROG= dispadmin
 MANIFEST= scheduler.xml
 SVCMETHOD= svc-scheduler
+ETCFILES= dispadmin.conf
+
 SDC=  SDC$(PROG)
 RT=   RT$(PROG)
 TS=   TS$(PROG)
@@ -36,6 +38,8 @@ FSS=  FSS$(PROG)
 FX=   FX$(PROG)
 PROGS= $(PROG) $(RT) $(TS) $(IA) $(FSS) $(FX) $(SDC)
 
+ROOTETCFILES= $(ETCFILES:%=$(ROOTETC)/%)
+
 include ../Makefile.cmd
 
 CFLAGS +=	$(CCVERBOSE)
@@ -59,6 +63,8 @@ ROOTSDC=	$(SDC:%=$(ROOTDIR)/SDC/%)
 ROOTTS=		$(TS:%=$(ROOTDIR)/TS/%)
 ROOTMANIFESTDIR=	$(ROOTSVCSYSTEM)
 
+$(ROOTETCFILES) := FILEMODE = 644
+
 # this would be simpler if we renamed rtdispadmin.c and tsdispadmin.c
 OBJECTS= $(PROG).o rt$(PROG).o ts$(PROG).o ia$(PROG).o \
 		fss$(PROG).o fx$(PROG).o sdc$(PROG).o subr.o
@@ -83,20 +89,15 @@ $(ROOTDIR)/TS/% : %
 	$(INS.file)
 
 .KEEP_STATE:
- 
-all: $(PROGS) 
+
+all: $(PROGS)
 
 $(PROGS): $$(OBJ) subr.o
 	$(LINK.c) -o $@ $(OBJ) subr.o $(LDLIBS)
 	$(POST_PROCESS)
 
-llib-lsubr.ln:	subr.c
-	$(LINT.c) -y -o subr subr.c
-
-lint :=	LDLIBS += -L. -lsubr
-
 install: all $(ROOTPROG) $(ROOTRT) $(ROOTTS) $(ROOTIA) $(ROOTFSS) $(ROOTFX) \
-		$(ROOTSDC) $(ROOTMANIFEST) $(ROOTSVCMETHOD)
+		$(ROOTSDC) $(ROOTMANIFEST) $(ROOTSVCMETHOD) $(ROOTETCFILES)
 
 # Don't re-install directories already installed by Targetdirs
 #$(ROOTDIRS):
@@ -105,15 +106,6 @@ install: all $(ROOTPROG) $(ROOTRT) $(ROOTTS) $(ROOTIA) $(ROOTFSS) $(ROOTFX) \
 check: $(CHKMANIFEST)
 
 clean:
-	$(RM) $(OBJECTS) $(PROGS) llib-lsubr.ln
- 
-lint:	llib-lsubr.ln
-	$(LINT.c) dispadmin.c $(LDLIBS)
-	$(LINT.c) fssdispadmin.c $(LDLIBS)
-	$(LINT.c) fxdispadmin.c $(LDLIBS)
-	$(LINT.c) iadispadmin.c $(LDLIBS)
-	$(LINT.c) rtdispadmin.c $(LDLIBS)
-	$(LINT.c) sdcdispadmin.c $(LDLIBS)
-	$(LINT.c) tsdispadmin.c $(LDLIBS)
- 
+	$(RM) $(OBJECTS) $(PROGS)
+
 include ../Makefile.targ
diff --git a/usr/src/cmd/dispadmin/dispadmin.conf b/usr/src/cmd/dispadmin/dispadmin.conf
new file mode 100644
index 0000000000..7970647c62
--- /dev/null
+++ b/usr/src/cmd/dispadmin/dispadmin.conf
@@ -0,0 +1 @@
+DEFAULT_SCHEDULER=FSS
diff --git a/usr/src/cmd/dumpadm/Makefile b/usr/src/cmd/dumpadm/Makefile
index 7818439eb4..0734535b29 100644
--- a/usr/src/cmd/dumpadm/Makefile
+++ b/usr/src/cmd/dumpadm/Makefile
@@ -20,17 +20,18 @@
 #
 #
 # Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright 2019 Joyent, Inc.
 #
 
 PROG = dumpadm
 MANIFEST = dumpadm.xml
 SVCMETHOD= svc-dumpadm
+ETCFILES= dumpadm.conf
 
 OBJS = main.o dconf.o minfree.o utils.o swap.o
 SRCS = $(OBJS:.o=.c)
 
-
-lint := LINTFLAGS = -mx
+ROOTETCFILES= $(ETCFILES:%=$(ROOTETC)/%)
 
 include ../Makefile.cmd
 
@@ -50,13 +51,11 @@ $(PROG): $(OBJS)
 	$(LINK.c) -o $@ $(OBJS) $(LDLIBS)
 	$(POST_PROCESS)
 
-install: all $(ROOTUSRSBINPROG) $(ROOTMANIFEST) $(ROOTSVCMETHOD)
+install: all $(ROOTUSRSBINPROG) $(ROOTMANIFEST) $(ROOTSVCMETHOD) $(ROOTETCFILES)
 
 check: $(CHKMANIFEST)
 
 clean:
 	$(RM) $(OBJS)
 
-lint: lint_SRCS
-
 include ../Makefile.targ
diff --git a/usr/src/cmd/dumpadm/dumpadm.conf b/usr/src/cmd/dumpadm/dumpadm.conf
new file mode 100644
index 0000000000..804e1da11a
--- /dev/null
+++ b/usr/src/cmd/dumpadm/dumpadm.conf
@@ -0,0 +1,11 @@
+#
+# dumpadm.conf
+#
+# Configuration parameters for system crash dump.
+# Do NOT edit this file by hand -- use dumpadm(1m) instead.
+#
+DUMPADM_DEVICE=/dev/zvol/dsk/zones/dump
+DUMPADM_SAVDIR=/var/crash/volatile
+DUMPADM_CONTENT=kernel
+DUMPADM_ENABLE=no
+DUMPADM_CSAVE=on
diff --git a/usr/src/cmd/init/init.dfl b/usr/src/cmd/init/init.dfl
index 371b48becc..150f720b1c 100644
--- a/usr/src/cmd/init/init.dfl
+++ b/usr/src/cmd/init/init.dfl
@@ -29,5 +29,6 @@
 # TZ, LANG, CMASK, or any of the LC_* environment variables.  value may
 # be enclosed in double quotes (") or single quotes (').
 #
-TZ=PST8PDT
+TZ=UTC
 CMASK=022
+LANG=en_US.UTF-8
diff --git a/usr/src/cmd/ipf/etc/Makefile b/usr/src/cmd/ipf/etc/Makefile
index 3e06187ae9..a5eb399f56 100644
--- a/usr/src/cmd/ipf/etc/Makefile
+++ b/usr/src/cmd/ipf/etc/Makefile
@@ -22,42 +22,31 @@
 # Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
-#cmd/ipf/etc/Makefile
+# Copyright 2019 Joyent, Inc.
 #
 
-IPFCONF=	ipf.conf
-IPFPROG=	$(IPFCONF)
+IPFFILES = ipf.conf smartos_version
 
 include ../../Makefile.cmd
 
-
 ETCIPF= $(ROOTETC)/ipf
 
-DIRS=  $(ETCIPF)
-
-ETCIPFPROG=	$(IPFPROG:%=$(ETCIPF)/%)
+ROOTETCIPFFILES = $(IPFFILES:%=$(ETCIPF)/%)
 
-$(ETCIPFPROG):=	FILEMODE= 0644
+$(ETCIPF)/ipf.conf := FILEMODE= 0644
+$(ETCIPF)/smartos_version := FILEMODE= 0444
 
 .KEEP_STATE:
 
-all: $(IPFPROG) $(DIRS) $(ETCIPFPROG)
-
-install: all $(DIRS)
+all:
 
-$(PFILAP):
-	$(SH) $@.sh
+install: all $(ROOTETCIPFFILES)
 
-$(ETCIPF)/% : % $(ETCIPF)
+$(ETCIPF)/% : %
 	$(INS.file)
 
-$(DIRS):
-	$(INS.dir)
-
 clean:
 
 clobber:
 
-lint:
-
 .PARALLEL:
diff --git a/usr/src/cmd/ipf/etc/smartos_version b/usr/src/cmd/ipf/etc/smartos_version
new file mode 100644
index 0000000000..0cfbf08886
--- /dev/null
+++ b/usr/src/cmd/ipf/etc/smartos_version
@@ -0,0 +1 @@
+2
diff --git a/usr/src/cmd/ipf/svc/ipfilter b/usr/src/cmd/ipf/svc/ipfilter
index 48e3e2e915..bb25316b44 100644
--- a/usr/src/cmd/ipf/svc/ipfilter
+++ b/usr/src/cmd/ipf/svc/ipfilter
@@ -23,9 +23,12 @@
 # Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
+# Copyright (c) 2013, Joyent, Inc. All rights reserved.
 # Copyright 2016 Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
 #
 
+set -o xtrace
+
 . /lib/svc/share/smf_include.sh
 . /lib/svc/share/ipf_include.sh
 
@@ -152,8 +155,25 @@ upgrade_config()
 	svcadm refresh $SMF_FMRI >/dev/null 2>&1
 }
 
+symlink_persistent_file()
+{
+	persist_file=/var/fw/$1
+	etc_file=$ETC_IPF_DIR/$1
+
+	[ ! -e $persist_file ] && return 0
+	[ -L $etc_file ] && return 0
+
+	[ -e $etc_file ] && mv $etc_file{,.orig}
+
+	ln -s $persist_file $etc_file
+}
+
+
 configure_firewall()
 {
+	symlink_persistent_file ipnat.conf
+	symlink_persistent_file ipf.conf
+	symlink_persistent_file ipf6.conf
 	create_global_rules || exit $SMF_EXIT_ERR_CONFIG
 	create_global_ovr_rules || exit $SMF_EXIT_ERR_CONFIG
 	create_services_rules || exit $SMF_EXIT_ERR_CONFIG
diff --git a/usr/src/cmd/ipf/svc/ipfilter.xml b/usr/src/cmd/ipf/svc/ipfilter.xml
index 5f088f5344..8b6506795f 100644
--- a/usr/src/cmd/ipf/svc/ipfilter.xml
+++ b/usr/src/cmd/ipf/svc/ipfilter.xml
@@ -4,6 +4,7 @@
  Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
  Copyright 2016 Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
 
+
  CDDL HEADER START
 
  The contents of this file are subject to the terms of the
@@ -97,13 +98,13 @@
 		type='method'
 		name='refresh'
 		exec='/lib/svc/method/ipfilter reload'
-		timeout_seconds='120' >
+		timeout_seconds='1200' >
 	</exec_method>
 
-	<instance name='default' enabled='false'>
+	<instance name='default' enabled='true'>
 		<property_group name='firewall_config_default'
 			type='com.sun,fw_configuration'>
-			<propval name='policy' type='astring' value='none' />
+			<propval name='policy' type='astring' value='custom' />
 			<propval name='block_policy' type='astring'
 				value='none' />
 			<propval name='custom_policy_file' type='astring'
diff --git a/usr/src/cmd/localedef/Makefile b/usr/src/cmd/localedef/Makefile
index 358f63de01..8a8e5dc2e0 100644
--- a/usr/src/cmd/localedef/Makefile
+++ b/usr/src/cmd/localedef/Makefile
@@ -13,7 +13,7 @@
 # Copyright 2017 Nexenta Systems, Inc.
 # Copyright 2011 EveryCity Ltd. All rights reserved.
 # Copyright 2013 DEY Storage Systems, Inc.
-# Copyright 2016 Joyent, Inc.
+# Copyright 2019 Joyent, Inc.
 # Copyright 2017 RackTop Systems.
 #
 
@@ -23,6 +23,10 @@ include		$(SRC)/cmd/localedef/Makefile.common
 
 LDLIBS +=	-lavl -lgen
 
+I18NEXTFILE = $(ROOTI18NEXT)/UTF-8.x
+
+$(I18NEXTFILE) := FILEMODE = 0444
+
 .KEEP_STATE:
 
 all:		$(PROG)
@@ -43,9 +47,7 @@ $(POFILE):	$(PIFILES)
 		$(SED) -e '/domain/d' messages.po > $@
 		$(RM) $(PIFILES) messages.po
 
-install:	all $(ROOTPROG)
-
-lint:		lint_SRCS
+install:	all $(ROOTPROG) $(I18NEXTFILE)
 
 clean:
 		$(RM) $(CLEANFILES)
diff --git a/usr/src/cmd/localedef/UTF-8.x b/usr/src/cmd/localedef/UTF-8.x
new file mode 100644
index 0000000000..b7ab359bd4
--- /dev/null
+++ b/usr/src/cmd/localedef/UTF-8.x
@@ -0,0 +1,114 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").  
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+#
+# Copyright 1996-1997, 2000-2003 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# Method file for Solaris Unicode locales.
+#
+#
+#ident	"@(#)UTF-8.x	1.4 03/08/19 SMI"
+#
+
+METHODS
+
+#
+# Encoding definitions to use UTF-8 (MB) and UTF-32 (WC):
+file_code	utf8
+process_code	ucs4
+
+#
+# We use the following methods from the libc:
+iswctype@native	"__iswctype_std"        "libc" "/usr/lib/" "libc.so.1"
+towctrans@native "__towctrans_std"
+towlower@native	"__towlower_std"
+towupper@native "__towupper_std"
+trwctype        "__trwctype_std"
+wctrans         "__wctrans_std"
+wctype          "__wctype_std"
+
+mbsinit		"__mbsinit_gen"
+mbrlen		"__mbrlen_gen"
+ 
+strcoll         "__strcoll_std"
+strxfrm         "__strxfrm_std"
+wcscoll         "__wcscoll_bc"
+wcscoll@native  "__wcscoll_std"
+wcsxfrm         "__wcsxfrm_bc"
+wcsxfrm@native  "__wcsxfrm_std"
+
+fnmatch         "__fnmatch_std"
+regcomp         "__regcomp_std"
+regexec         "__regexec_std"
+regerror        "__regerror_std"
+regfree         "__regfree_std"
+
+strfmon         "__strfmon_std"
+
+strftime        "__strftime_std"
+strptime        "__strptime_std"
+wcsftime        "__wcsftime_std"
+
+getdate         "__getdate_std"
+
+#
+# The methods designated at below are all Unicode locale-specific methods
+# coming from the methods_unicode.so.3 shared object:
+eucpctowc	"__u32_to_dense_u32_utf8"	"localelib" "/usr/lib/locale/common" "methods_unicode.so.3"
+wctoeucpc	"__dense_u32_to_u32_utf8"
+
+iswctype        "__iswctype_bc_utf8"
+towctrans       "__towctrans_bc_utf8"
+towlower        "__towlower_bc_utf8"
+towupper        "__towupper_bc_utf8"
+
+mbftowc		"__mbftowc_dense_utf8"
+mbftowc@native	"__mbftowc_dense_native_utf8"
+fgetwc		"__fgetwc_dense_utf8"
+fgetwc@native	"__fgetwc_dense_native_utf8"
+mblen		"__mblen_dense_utf8"
+mbstowcs	"__mbstowcs_dense_utf8"
+mbstowcs@native	"__mbstowcs_dense_native_utf8"
+mbtowc		"__mbtowc_dense_utf8"
+mbtowc@native	"__mbtowc_dense_native_utf8"
+wcstombs	"__wcstombs_dense_utf8"
+wcstombs@native	"__wcstombs_dense_native_utf8"
+wcswidth	"__wcswidth_dense_utf8"
+wcswidth@native	"__wcswidth_dense_utf8"
+wctomb		"__wctomb_dense_utf8"
+wctomb@native	"__wctomb_dense_native_utf8"
+wcwidth		"__wcwidth_dense_utf8"
+wcwidth@native	"__wcwidth_dense_utf8"
+
+btowc		"__btowc_dense_utf8"
+btowc@native	"__btowc_dense_utf8"
+wctob		"__wctob_dense_utf8"
+wctob@native	"__wctob_dense_utf8"
+mbrtowc		"__mbrtowc_dense_utf8"
+mbrtowc@native	"__mbrtowc_dense_native_utf8"
+wcrtomb		"__wcrtomb_dense_utf8"
+wcrtomb@native	"__wcrtomb_dense_native_utf8"
+mbsrtowcs	"__mbsrtowcs_dense_utf8"
+mbsrtowcs@native "__mbsrtowcs_dense_native_utf8"
+wcsrtombs	"__wcsrtombs_dense_utf8"
+wcsrtombs@native "__wcsrtombs_dense_native_utf8"
+
+END METHODS
diff --git a/usr/src/cmd/logadm/logadm.conf b/usr/src/cmd/logadm/logadm.conf
index 7b19473a19..39eea57578 100644
--- a/usr/src/cmd/logadm/logadm.conf
+++ b/usr/src/cmd/logadm/logadm.conf
@@ -19,6 +19,7 @@
 # CDDL HEADER END
 #
 # Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2018, Joyent, Inc.
 #
 # logadm.conf
 #
@@ -35,12 +36,18 @@
 # logadm typically runs early every morning via an entry in
 # root's crontab (see crontab(1)).
 #
-/var/log/syslog -C 8 -a 'kill -HUP `cat /var/run/syslog.pid`'
-/var/adm/messages -C 4 -a 'kill -HUP `cat /var/run/syslog.pid`'
+/var/log/syslog -C 8 -a 'kill -HUP `cat /var/run/*syslog*.pid`'
+/var/adm/messages -C 4 -a 'kill -HUP `cat /var/run/*syslog*.pid`'
 /var/cron/log -c -s 512k -t /var/cron/olog
 /var/lp/logs/lpsched -C 2 -N -t '$file.$N'
 /var/fm/fmd/errlog -N -s 2m -M '/usr/sbin/fmadm -q rotate errlog && mv /var/fm/fmd/errlog.0- $nfile'
 /var/fm/fmd/fltlog -N -A 6m -s 10m -M '/usr/sbin/fmadm -q rotate fltlog && mv /var/fm/fmd/fltlog.0- $nfile'
+vm_logs /var/log/vm/vmadm.log -b '/usr/vm/sbin/rotate-logs.sh -m /var/log/vm/logs/ /var/log/vm/vmadm.log' -t '/var/log/vm/vmadm_$nodename_%FT%H:%M:%S.log' -C 168 -S 1g -p 1h
+fw_logs /var/log/fw/fwadm.log -b '/usr/vm/sbin/rotate-logs.sh -i /var/log/fw/logs/ /var/log/fw/fwadm.log' -t '/var/log/fw/fwadm_$nodename_%FT%H:%M:%S.log' -C 168 -S 1g -p 1h
+vmadmd_logs /var/svc/log/*vmadmd*.log -C 168 -S 1g -c -p 1h -t '/var/log/vm/vmadmd_$nodename_%FT%H:%M:%S.log'
+vminfod_logs /var/svc/log/*vminfod*.log -C 168 -S 1g -c -p 1h -t '/var/log/vm/vminfod_$nodename_%FT%H:%M:%S.log'
+/var/log/*.log -C 2 -s 5m -c
+/var/log/*.debug -C 2 -s 5m -c
 smf_logs /var/svc/log/*.log -C 8 -s 1m -c
 #
 # The entry below is used by turnacct(1M)
diff --git a/usr/src/cmd/login/login.dfl b/usr/src/cmd/login/login.dfl
index 13ecd51113..4515dfcc6a 100644
--- a/usr/src/cmd/login/login.dfl
+++ b/usr/src/cmd/login/login.dfl
@@ -36,7 +36,7 @@
 # any of the currently enabled /dev/vt/# virtual terminal devices.
 # Comment this line out to allow remote login by root.
 #
-CONSOLE=/dev/console
+#CONSOLE=/dev/console
 
 # PASSREQ determines if login requires a password.
 #
@@ -47,19 +47,16 @@ PASSREQ=YES
 ALTSHELL=YES
 
 # PATH sets the initial shell PATH variable
-# sample with GNU tools in front of the path
-# PATH=/usr/gnu/bin:/usr/bin:/usr/sbin:/sbin
-# sample with XPG4 tools in front of the path
-# PATH=/usr/xpg4/bin:/usr/bin:/usr/sbin:/sbin
-PATH=/usr/bin:/usr/sbin:/sbin:/usr/gnu/bin
+#
+#PATH=/usr/bin:
 
 # SUPATH sets the initial shell PATH variable for root
 #
-SUPATH=/usr/sbin:/sbin:/usr/bin
+#SUPATH=/usr/sbin:/usr/bin
 
 # TIMEOUT sets the number of seconds (between 0 and 900) to wait before
 # abandoning a login session.
-# 
+#
 #TIMEOUT=300
 
 # UMASK sets the initial shell file creation mode mask.  See umask(1).
@@ -80,9 +77,9 @@ SYSLOG=YES
 #SLEEPTIME=4
 
 # DISABLETIME  If present, and greater than zero, the number of seconds
-# login will wait after RETRIES failed attempts or the PAM framework returns 
+# login will wait after RETRIES failed attempts or the PAM framework returns
 # PAM_ABORT. Default is 20. Minimum is 0. No maximum is imposed.
-# 
+#
 #DISABLETIME=20
 
 # RETRIES determines the number of failed logins that will be
diff --git a/usr/src/cmd/netfiles/Makefile b/usr/src/cmd/netfiles/Makefile
index 0ae84c2276..aa6886311d 100644
--- a/usr/src/cmd/netfiles/Makefile
+++ b/usr/src/cmd/netfiles/Makefile
@@ -21,6 +21,8 @@
 # Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
+# Copyright 2019 Joyent, Inc.
+#
 
 TXTS= nsswitch.conf netconfig hosts services
 DEFAULTFILES= nss.dfl
@@ -29,7 +31,7 @@ include ../Makefile.cmd
 
 FILES= hosts services
 ETCFILES= netconfig nsswitch.conf nsswitch.files nsswitch.nis \
-		nsswitch.dns nsswitch.ldap nsswitch.ad
+		nsswitch.dns nsswitch.ldap nsswitch.ad resolv.conf
 
 ROOTNET=    $(ROOTETC)/net
 TICLTS=     $(ROOTNET)/ticlts
diff --git a/usr/src/cmd/netfiles/nsswitch.conf b/usr/src/cmd/netfiles/nsswitch.conf
index 58ec600c9a..166e5e0ca3 100644
--- a/usr/src/cmd/netfiles/nsswitch.conf
+++ b/usr/src/cmd/netfiles/nsswitch.conf
@@ -29,8 +29,8 @@
 
 passwd:     files
 group:      files
-hosts:      files
-ipnodes:    files
+hosts:      files dns mdns
+ipnodes:    files dns mdns
 networks:   files
 protocols:  files
 rpc:        files
diff --git a/usr/src/cmd/netfiles/resolv.conf b/usr/src/cmd/netfiles/resolv.conf
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/usr/src/cmd/netfiles/resolv.conf
diff --git a/usr/src/cmd/nsadmin/Makefile b/usr/src/cmd/nsadmin/Makefile
index c87810e767..819a69340c 100644
--- a/usr/src/cmd/nsadmin/Makefile
+++ b/usr/src/cmd/nsadmin/Makefile
@@ -22,54 +22,72 @@
 # Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
+# Copyright 2019 Joyent, Inc.
+#
 
-PROG= profile .login ksh.kshrc system
-PROGSKEL= .profile .kshrc
-PROGROOT= .profile .bashrc
+ETCFILES = profile .login ksh.kshrc system zshrc
+ETCSKELFILES = .profile .kshrc .bashrc
+ETCBASHFILES = bash_completion
+ETCBASHCOMPLETIONDFILES = dladm zones
+ROOTFILES = .profile .bashrc .bash_profile
 
 include ../Makefile.cmd
 
-ROOTROOT= $(ROOT)/root
+ROOTETCFILES = $(ETCFILES:%=$(ROOTETC)/%)
 ROOTETCSKEL= $(ROOTETC)/skel
-ROOTETCSKELPROG= $(PROGSKEL:%=$(ROOTETCSKEL)/%)
-ROOTROOTPROG= $(PROGROOT:%=$(ROOTROOT)/%)
+ROOTETCSKELFILES = $(ETCSKELFILES:%=$(ROOTETCSKEL)/%)
+ETCBASHDIR = $(ROOTETC)/bash
+ROOTETCBASHFILES = $(ETCBASHFILES:%=$(ETCBASHDIR)/%)
+ETCBASHCOMPLETIONDDIR = $(ETCBASHDIR)/bash_completion.d
+ROOTETCBASHCOMPLETIONDFILES = \
+    $(ETCBASHCOMPLETIONDFILES:%=$(ETCBASHCOMPLETIONDDIR)/%)
+ROOTROOT= $(ROOT)/root
+ROOTROOTFILES = $(ROOTFILES:%=$(ROOTROOT)/%)
+
+FILES = $(ROOTETCFILES) $(ROOTETCSKELFILES) \
+    $(ROOTETCBASHFILES) $(ROOTETCBASHCOMPLETIONDFILES) \
+    $(ROOTROOTFILES)
+
 FILEMODE= 0644
 
-CLOBBERFILES = profile .bashrc .profile .login .kshrc
+.KEEP_STATE:
 
-.login: login.csh
-	$(RM) .login
-	$(CP) login.csh .login
+all:
 
-profile: etc-profile.sh
-	$(RM) profile
-	$(CP) etc-profile.sh $@
+# Use $^ instead of $< - it's broken without %
+INS.file = $(RM) $@; $(INS) -s -m $(FILEMODE) -f $(@D) $^
+INS.rename = $(INS.file); $(MV) $(@D)/$(^F) $@
 
-.profile: dot-profile.sh
-	$(RM) .profile
-	$(CP) dot-profile.sh $@
+$(ROOTETC)/profile: etc-profile.sh
+	$(INS.rename)
 
-.kshrc: dot-kshrc.sh
-	$(RM) .kshrc
-	$(CP) dot-kshrc.sh $@
+$(ROOTETC)/.login: login.csh
+	$(INS.rename)
 
-.bashrc: bashrc.sh
-	$(RM) .bashrc
-	$(CP) bashrc.sh $@
+# skel file and root's default
+$(ROOTROOT)/.kshrc $(ROOTETCSKEL)/.kshrc: dot-kshrc.sh
+	$(INS.rename)
 
-.KEEP_STATE:
+# skel file and root's default
+$(ROOTROOT)/.profile $(ROOTETCSKEL)/.profile: dot-profile.sh
+	$(INS.rename)
+
+$(ROOTETCSKEL)/.bashrc: etc-skel-bashrc.sh
+	$(INS.rename)
 
-all: $(PROG) $(PROGSKEL)
+$(ROOTROOT)/.bash_profile: dot-bash_profile.sh
+	$(INS.rename)
 
-$(ROOTROOT)/% \
-$(ROOTETCSKEL)/%: %
+$(ROOTROOT)/.bashrc: dot-bashrc.sh
+	$(INS.rename)
+
+$(ROOTETCBASHDIR)/%: %
 	$(INS.file)
 
-$(ROOTROOT) \
-$(ROOTETCSKEL):
-	$(INS.dir)
+$(ROOTETCBASHCOMPLETIONDDIR)/%: %
+	$(INS.file)
 
-install: all $(ROOTETCSKEL) $(ROOTETCPROG) $(ROOTETCSKELPROG) $(ROOTROOTPROG)
+install: all $(FILES)
 
 clean:
 
diff --git a/usr/src/cmd/nsadmin/bash/bash_completion b/usr/src/cmd/nsadmin/bash/bash_completion
new file mode 100755
index 0000000000..71f3e9e63f
--- /dev/null
+++ b/usr/src/cmd/nsadmin/bash/bash_completion
@@ -0,0 +1,9417 @@
+#
+# This file contains an example set of shell completions that can be used with
+# bash(1).  These completions allow a user to complete filenames, commands
+# name, command line options, and command line arguments using the [tab] key.
+# The completions defined here are specific to the GNU command set, as a result
+# they will provide the choice of GNU command line options in response to the
+# [tab] key.  For the completed options to match the command implementation,
+# you may have to have /usr/gnu/bin at the head of your PATH.
+#
+# These completions are not included in the default bash(1) environment.  To
+# include them in the default environment, it is recommended that this file be
+# copied to /etc/bash/bash_completion and be sourced from either a system wide
+# bashrc in /etc/bash/bashrc or individual bashrcs in ~/.bashrc via
+#	[ -f /etc/bash/bash_completion ] && . /etc/bash/bash_completion
+#
+
+#   bash_completion - programmable completion functions for bash 3.x
+#		      (backwards compatible with bash 2.05b)
+#
+#   $Id: bash_completion,v 1.872 2006/03/01 16:20:18 ianmacd Exp $
+#
+#   Copyright (C) Ian Macdonald <ian@caliban.org>
+#
+#   This program is free software; you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation; either version 2, or (at your option)
+#   any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program; if not, write to the Free Software Foundation,
+#   Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+#   The latest version of this software can be obtained here:
+#
+#   http://www.caliban.org/bash/index.shtml#completion
+#
+#   RELEASE: 20060301
+
+if [[ $- == *v* ]]; then
+	BASH_COMPLETION_ORIGINAL_V_VALUE="-v"
+else
+	BASH_COMPLETION_ORIGINAL_V_VALUE="+v"
+fi
+
+if [[ -n $BASH_COMPLETION_DEBUG ]]; then
+	set -v
+else
+	set +v
+fi
+
+# Alter the following to reflect the location of this file.
+#
+[ -n "$BASH_COMPLETION" ] || BASH_COMPLETION=/etc/bash/bash_completion
+[ -n "$BASH_COMPLETION_DIR" ] || BASH_COMPLETION_DIR=/etc/bash/bash_completion.d
+readonly BASH_COMPLETION BASH_COMPLETION_DIR
+
+# Set a couple of useful vars
+#
+UNAME=$( uname -s )
+# strip OS type and version under Cygwin (e.g. CYGWIN_NT-5.1 => Cygwin)
+UNAME=${UNAME/CYGWIN_*/Cygwin}
+RELEASE=$( uname -r )
+
+# features supported by bash 2.05 and higher
+if [ ${BASH_VERSINFO[0]} -eq 2 ] && [[ ${BASH_VERSINFO[1]} > 04 ]] ||
+   [ ${BASH_VERSINFO[0]} -gt 2 ]; then
+	declare -r bash205=$BASH_VERSION 2>/dev/null || :
+	default="-o default"
+	dirnames="-o dirnames"
+	filenames="-o filenames"
+fi
+# features supported by bash 2.05b and higher
+if [ ${BASH_VERSINFO[0]} -eq 2 ] && [[ ${BASH_VERSINFO[1]} = "05b" ]] ||
+   [ ${BASH_VERSINFO[0]} -gt 2 ]; then
+	declare -r bash205b=$BASH_VERSION 2>/dev/null || :
+	nospace="-o nospace"
+fi
+# features supported by bash 3.0 and higher
+if [ ${BASH_VERSINFO[0]} -gt 2 ]; then
+	declare -r bash3=$BASH_VERSION 2>/dev/null || :
+	bashdefault="-o bashdefault"
+	plusdirs="-o plusdirs"
+fi
+
+# Turn on extended globbing and programmable completion
+shopt -s extglob progcomp
+
+# A lot of the following one-liners were taken directly from the
+# completion examples provided with the bash 2.04 source distribution
+
+# Make directory commands see only directories
+complete -d pushd
+
+# The following section lists completions that are redefined later
+# Do NOT break these over multiple lines.
+#
+# START exclude -- do NOT remove this line
+complete -f -X '!*.?(t)bz?(2)' bunzip2 bzcat bzcmp bzdiff bzegrep bzfgrep bzgrep
+complete -f -X '!*.@(zip|ZIP|jar|JAR|exe|EXE|pk3|war|wsz|ear|zargo|xpi|sxw|ott)' unzip zipinfo
+complete -f -X '*.Z' compress znew
+complete -f -X '!*.@(Z|gz|tgz|Gz|dz)' gunzip zcmp zdiff zcat zegrep zfgrep zgrep zless zmore
+complete -f -X '!*.Z' uncompress
+complete -f -X '!*.@(gif|jp?(e)g|miff|tif?(f)|pn[gm]|p[bgp]m|bmp|xpm|ico|xwd|tga|pcx|GIF|JP?(E)G|MIFF|TIF?(F)|PN[GM]|P[BGP]M|BMP|XPM|ICO|XWD|TGA|PCX)' ee display
+complete -f -X '!*.@(gif|jp?(e)g|tif?(f)|png|p[bgp]m|bmp|x[bp]m|rle|rgb|pcx|fits|pm|GIF|JPG|JP?(E)G|TIF?(F)|PNG|P[BGP]M|BMP|X[BP]M|RLE|RGB|PCX|FITS|PM)' xv qiv
+complete -f -X '!*.@(@(?(e)ps|?(E)PS|pdf|PDF)?(.gz|.GZ|.bz2|.BZ2|.Z))' gv ggv kghostview
+complete -f -X '!*.@(dvi|DVI)?(.@(gz|Z|bz2))' xdvi
+complete -f -X '!*.@(dvi|DVI)?(.@(gz|bz2))' kdvi
+complete -f -X '!*.@(dvi|DVI)' dvips dviselect dvitype dvipdf advi dvipdfm dvipdfmx
+complete -f -X '!*.@(pdf|PDF)' acroread gpdf xpdf
+complete -f -X '!*.@(?(e)ps|?(E)PS|pdf|PDF)' kpdf
+complete -f -X '!*.@(@(?(e)ps|?(E)PS|pdf|PDF)?(.gz|.GZ)|cb(r|z)|CB(R|Z)|djv?(u)|DJV?(U)||dvi|DVI|gif|jp?(e)g|miff|tif?(f)|pn[gm]|p[bgp]m|bmp|xpm|ico|xwd|tga|pcx|GIF|JP?(E)G|MIFF|TIF?(F)|PN[GM]|P[BGP]M|BMP|XPM|ICO|XWD|TGA|PCX)' evince
+complete -f -X '!*.@(?(e)ps|?(E)PS)' ps2pdf
+complete -f -X '!*.texi*' makeinfo texi2html
+complete -f -X '!*.@(?(la)tex|?(LA)TEX|texi|TEXI|dtx|DTX|ins|INS)' tex latex slitex jadetex pdfjadetex pdftex pdflatex texi2dvi
+complete -f -X '!*.@(mp3|MP3)' mpg123 mpg321 madplay
+complete -f -X '!*.@(mp?(e)g|MP?(E)G|wma|avi|AVI|asf|vob|VOB|bin|dat|divx|DIVX|vcd|ps|pes|fli|flv|FLV|viv|rm|ram|yuv|mov|MOV|qt|QT|wmv|mp3|MP3|m4v|M4V|ogg|OGG|ogm|OGM|mp4|MP4|wav|WAV|asx|ASX|mng|MNG|srt)' xine aaxine fbxine kaffeine
+complete -f -X '!*.@(avi|asf|wmv)' aviplay
+complete -f -X '!*.@(rm?(j)|ra?(m)|smi?(l))' realplay
+complete -f -X '!*.@(mpg|mpeg|avi|mov|qt)' xanim
+complete -f -X '!*.@(ogg|OGG|m3u|flac|spx)' ogg123
+complete -f -X '!*.@(mp3|MP3|ogg|OGG|pls|m3u)' gqmpeg freeamp
+complete -f -X '!*.fig' xfig
+complete -f -X '!*.@(mid?(i)|MID?(I))' playmidi
+complete -f -X '!*.@(mid?(i)|MID?(I)|rmi|RMI|rcp|RCP|[gr]36|[GR]36|g18|G18|mod|MOD|xm|XM|it|IT|x3m|X3M)' timidity
+complete -f -X '*.@(o|so|so.!(conf)|a|rpm|gif|GIF|jp?(e)g|JP?(E)G|mp3|MP3|mp?(e)g|MPG|avi|AVI|asf|ASF|ogg|OGG|class|CLASS)' vi vim gvim rvim view rview rgvim rgview gview
+complete -f -X '*.@(o|so|so.!(conf)|a|rpm|gif|GIF|jp?(e)g|JP?(E)G|mp3|MP3|mp?(e)g|MPG|avi|AVI|asf|ASF|ogg|OGG|class|CLASS)' emacs
+complete -f -X '!*.@(exe|EXE|com|COM|scr|SCR|exe.so)' wine
+complete -f -X '!*.@(zip|ZIP|z|Z|gz|GZ|tgz|TGZ)' bzme
+complete -f -X '!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))' netscape mozilla lynx opera galeon curl dillo elinks amaya
+complete -f -X '!*.@(sxw|stw|sxg|sgl|doc|dot|rtf|txt|htm|html|odt|ott|odm)' oowriter
+complete -f -X '!*.@(sxi|sti|pps|ppt|pot|odp|otp)' ooimpress
+complete -f -X '!*.@(sxc|stc|xls|xlw|xlt|csv|ods|ots)' oocalc
+complete -f -X '!*.@(sxd|std|sda|sdd|odg|otg)' oodraw
+complete -f -X '!*.@(sxm|smf|mml|odf)' oomath
+complete -f -X '!*.odb' oobase
+complete -f -X '!*.rpm' rpm2cpio
+# FINISH exclude -- do not remove this line
+
+# start of section containing compspecs that can be handled within bash
+
+# user commands see only users
+complete -u su usermod userdel passwd chage write chfn groups slay w sux
+
+# group commands see only groups
+[ -n "$bash205" ] && complete -g groupmod groupdel newgrp 2>/dev/null
+
+# bg completes with stopped jobs
+complete -A stopped -P '%' bg
+
+# other job commands
+complete -j -P '%' fg jobs disown
+
+# readonly and unset complete with shell variables
+complete -v readonly unset
+
+# set completes with set options
+complete -A setopt set
+
+# shopt completes with shopt options
+complete -A shopt shopt
+
+# helptopics
+complete -A helptopic help
+
+# unalias completes with aliases
+complete -a unalias
+
+# bind completes with readline bindings (make this more intelligent)
+complete -A binding bind
+
+# type and which complete on commands
+complete -c command type which
+
+# builtin completes on builtins
+complete -b builtin
+
+# start of section containing completion functions called by other functions
+
+# This function checks whether we have a given program on the system.
+# No need for bulky functions in memory if we don't.
+#
+have()
+{
+    unset -v have
+    PATH=/usr/gnu/bin:$PATH:/sbin:/usr/sbin type $1 &>/dev/null &&
+    have="yes"
+}
+
+# use GNU sed if we have it, since its extensions are still used in our code
+#
+[ $UNAME != Linux ] && have gsed && alias sed=gsed
+
+# This function checks whether a given readline variable
+# is `on'.
+#
+_rl_enabled() 
+{
+    [[ "$( bind -v )" = *$1+([[:space:]])on* ]]
+}
+
+# This function shell-quotes the argument
+quote()
+{
+	echo \'${1//\'/\'\\\'\'}\' #'# Help vim syntax highlighting
+}
+
+# This function quotes the argument in a way so that readline dequoting
+# results in the original argument
+quote_readline()
+{
+	local t="${1//\\/\\\\}"
+	echo \'${t//\'/\'\\\'\'}\' #'# Help vim syntax highlighting
+}
+
+# This function shell-dequotes the argument
+dequote()
+{
+	eval echo "$1"
+}
+
+
+# Get the word to complete
+# This is nicer than ${COMP_WORDS[$COMP_CWORD]}, since it handles cases
+# where the user is completing in the middle of a word.
+# (For example, if the line is "ls foobar",
+# and the cursor is here -------->   ^
+# it will complete just "foo", not "foobar", which is what the user wants.)
+_get_cword()
+{
+	if [[ "${#COMP_WORDS[COMP_CWORD]}" -eq 0 ]] || [[ "$COMP_POINT" == "${#COMP_LINE}" ]]; then
+		echo "${COMP_WORDS[COMP_CWORD]}"
+	else
+		local i
+		local cur="$COMP_LINE"
+		local index="$COMP_POINT"
+		for (( i = 0; i <= COMP_CWORD; ++i )); do
+			while [[ "${#cur}" -ge ${#COMP_WORDS[i]} ]] && [[ "${cur:0:${#COMP_WORDS[i]}}" != "${COMP_WORDS[i]}" ]]; do
+				cur="${cur:1}"
+				index="$(( index - 1 ))"
+			done
+			if [[ "$i" -lt "$COMP_CWORD" ]]; then
+				local old_size="${#cur}"
+				cur="${cur#${COMP_WORDS[i]}}"
+				local new_size="${#cur}"
+				index="$(( index - old_size + new_size ))"
+			fi
+		done
+
+		if [[ "${COMP_WORDS[COMP_CWORD]:0:${#cur}}" != "$cur" ]]; then
+			# We messed up! At least return the whole word so things keep working
+			echo "${COMP_WORDS[COMP_CWORD]}"
+		else
+			echo "${cur:0:$index}"
+		fi
+	fi
+}
+
+
+# This function performs file and directory completion. It's better than
+# simply using 'compgen -f', because it honours spaces in filenames.
+# If passed -d, it completes only on directories. If passed anything else,
+# it's assumed to be a file glob to complete on.
+#
+_filedir()
+{
+	local IFS=$'\t\n' xspec
+
+	_expand || return 0
+
+	local toks=( ) tmp
+	while read -r tmp; do
+		[[ -n $tmp ]] && toks[${#toks[@]}]=$tmp
+	done < <( compgen -d -- "$(quote_readline "$cur")" )
+
+	if [[ "$1" != -d ]]; then
+		xspec=${1:+"!*.$1"}
+		while read -r tmp; do
+			[[ -n $tmp ]] && toks[${#toks[@]}]=$tmp
+		done < <( compgen -f -X "$xspec" -- "$(quote_readline "$cur")" )
+	fi
+
+	COMPREPLY=( "${COMPREPLY[@]}" "${toks[@]}" )
+}
+
+# This function completes on signal names
+#
+_signals()
+{
+	local i
+
+	# standard signal completion is rather braindead, so we need
+	# to hack around to get what we want here, which is to
+	# complete on a dash, followed by the signal name minus
+	# the SIG prefix
+	COMPREPLY=( $( compgen -A signal SIG${cur#-} ))
+	for (( i=0; i < ${#COMPREPLY[@]}; i++ )); do
+		COMPREPLY[i]=-${COMPREPLY[i]#SIG}
+	done
+}
+
+# This function completes on configured network interfaces
+#
+_configured_interfaces()
+{
+	if [ -f /etc/debian_version ]; then
+		# Debian system
+		COMPREPLY=( $( sed -ne 's|^iface \([^ ]\+\).*$|\1|p' \
+			       /etc/network/interfaces ) )
+	elif [ -f /etc/SuSE-release ]; then
+		# SuSE system
+		COMPREPLY=( $( command ls \
+			/etc/sysconfig/network/ifcfg-* | \
+			sed -ne 's|.*ifcfg-\('$cur'.*\)|\1|p' ) )
+	elif [ -f /etc/pld-release ]; then
+		# PLD Linux
+		COMPREPLY=( $( command ls -B \
+			/etc/sysconfig/interfaces | \
+			sed -ne 's|.*ifcfg-\('$cur'.*\)|\1|p' ) )
+	else
+		# Assume Red Hat
+		COMPREPLY=( $( command ls \
+			/etc/sysconfig/network-scripts/ifcfg-* | \
+			sed -ne 's|.*ifcfg-\('$cur'.*\)|\1|p' ) )
+	fi
+}
+
+# This function completes on all available network interfaces
+# -a: restrict to active interfaces only
+# -w: restrict to wireless interfaces only
+#
+_available_interfaces()
+{
+	local cmd
+
+	if [ "${1:-}" = -w ]; then
+		cmd="iwconfig"
+	elif [ "${1:-}" = -a ]; then
+		cmd="ifconfig"
+	else
+		cmd="ifconfig -a"
+	fi
+
+	COMPREPLY=( $( eval $cmd 2>/dev/null | \
+		sed -ne 's|^\('$cur'[^[:space:][:punct:]]\{1,\}\).*$|\1|p') )
+}
+
+# This function expands tildes in pathnames
+#
+_expand()
+{
+	# FIXME: Why was this here?
+	# [ "$cur" != "${cur%\\}" ] && cur="$cur\\"
+
+	# expand ~username type directory specifications
+	if [[ "$cur" == \~*/* ]]; then
+		eval cur=$cur
+	elif [[ "$cur" == \~* ]]; then
+		cur=${cur#\~}
+		COMPREPLY=( $( compgen -P '~' -u $cur ) )
+		return ${#COMPREPLY[@]}
+	fi
+}
+
+# This function completes on process IDs.
+# AIX and Solaris ps prefers X/Open syntax.
+[ $UNAME = SunOS -o $UNAME = AIX ] &&
+_pids()
+{
+	COMPREPLY=( $( compgen -W '$( command ps -efo pid | sed 1d )' -- $cur ))
+} ||
+_pids()
+{
+	COMPREPLY=( $( compgen -W '$( command ps axo pid | sed 1d )' -- $cur ) )
+}
+
+# This function completes on process group IDs.
+# AIX and SunOS prefer X/Open, all else should be BSD.
+[ $UNAME = SunOS -o $UNAME = AIX ] &&
+_pgids()
+{
+	COMPREPLY=( $( compgen -W '$( command ps -efo pgid | sed 1d )' -- $cur ))
+} ||
+_pgids()
+{
+	COMPREPLY=( $( compgen -W '$( command ps axo pgid | sed 1d )' -- $cur ))
+}
+
+# This function completes on user IDs
+#
+_uids()
+{
+	if type getent &>/dev/null; then
+	    COMPREPLY=( $( getent passwd | \
+			    awk -F: '{if ($3 ~ /^'$cur'/) print $3}' ) )
+	elif type perl &>/dev/null; then
+	    COMPREPLY=( $( compgen -W '$( perl -e '"'"'while (($uid) = (getpwent)[2]) { print $uid . "\n" }'"'"' )' -- $cur ) )
+	else
+	    # make do with /etc/passwd
+	    COMPREPLY=( $( awk 'BEGIN {FS=":"} {if ($3 ~ /^'$cur'/) print $3}'\
+			    /etc/passwd ) )
+	fi
+}
+
+# This function completes on group IDs
+#
+_gids()
+{
+	if type getent &>/dev/null; then
+	    COMPREPLY=( $( getent group | \
+			    awk -F: '{if ($3 ~ /^'$cur'/) print $3}' ) )
+	elif type perl &>/dev/null; then
+	    COMPREPLY=( $( compgen -W '$( perl -e '"'"'while (($gid) = (getgrent)[2]) { print $gid . "\n" }'"'"' )' -- $cur ) )
+	else
+	    # make do with /etc/group
+	    COMPREPLY=( $( awk 'BEGIN {FS=":"} {if ($3 ~ /^'$cur'/) print $3}'\
+			    /etc/group ) )
+	fi
+}
+
+# This function completes on services
+#
+_services()
+{
+	local sysvdir famdir
+	[ -d /etc/rc.d/init.d ] && sysvdir=/etc/rc.d/init.d || sysvdir=/etc/init.d
+	famdir=/etc/xinetd.d
+	COMPREPLY=( $( builtin echo $sysvdir/!(*.rpmsave|*.rpmorig|*~|functions)) )
+
+	if [ -d $famdir ]; then
+		COMPREPLY=( "${COMPREPLY[@]}" $( builtin echo $famdir/!(*.rpmsave|*.rpmorig|*~)) )
+	fi
+
+	COMPREPLY=( $( compgen -W '${COMPREPLY[@]#@($sysvdir|$famdir)/}' -- $cur ) )
+}
+
+# This function complete on modules
+#
+_modules()
+{
+	local modpath
+	modpath=/lib/modules/$1
+	COMPREPLY=( $( command ls -R $modpath | \
+			sed -ne 's/^\('$cur'.*\)\.k\?o\(\|.gz\)$/\1/p') )
+}
+
+# this function complete on user:group format
+#
+_usergroup()
+{
+	local IFS=$'\n'
+	cur=${cur//\\\\ / }
+	if [[ $cur = *@(\\:|.)* ]] && [ -n "$bash205" ]; then
+		user=${cur%%*([^:.])}
+		COMPREPLY=( $(compgen -P ${user/\\\\} -g -- ${cur##*[.:]}) )
+	elif [[ $cur = *:* ]] && [ -n "$bash205" ]; then
+		COMPREPLY=( $( compgen -g -- ${cur##*[.:]} ) )
+	else
+		COMPREPLY=( $( compgen -S : -u -- $cur ) )
+	fi
+}
+
+# this function count the number of mandatory args
+#
+_count_args()
+{
+	args=1
+	for (( i=1; i < COMP_CWORD; i++ )); do
+		if [[ "${COMP_WORDS[i]}" != -* ]]; then
+			args=$(($args+1))
+		fi
+	done
+}
+
+# start of section containing completion functions for bash built-ins
+
+# bash alias completion
+#
+_alias()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=${COMP_WORDS[$COMP_CWORD]}
+
+	case "$COMP_LINE" in
+	*[^=])
+		COMPREPLY=( $( compgen -A alias -S '=' -- $cur ) )
+		;;
+	*=)
+		COMPREPLY=( "$( alias ${cur%=} 2>/dev/null | \
+			     sed -e 's|^alias '$cur'\(.*\)$|\1|' )" )
+		;;
+	esac
+}
+complete -F _alias $nospace alias
+
+# bash export completion
+#
+_export()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=${COMP_WORDS[$COMP_CWORD]}
+
+	case "$COMP_LINE" in
+	*=\$*)
+		COMPREPLY=( $( compgen -v -P '$' -- ${cur#*=\$} ) )
+		;;
+	*[^=])
+		COMPREPLY=( $( compgen -v -S '=' -- $cur ) )
+		;;
+	*=)
+		COMPREPLY=( "$( eval echo -n \"$`echo ${cur%=}`\" |
+			( echo -n \'
+			  sed -e 's/'\''/'\''\\\'\'''\''/g'
+			  echo -n \' ) )" )
+		;;
+	esac
+}
+complete -F _export $default $nospace export
+
+# bash shell function completion
+#
+_function()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	if [[ $1 == @(declare|typeset) ]]; then
+		if [ "$prev" = -f ]; then
+			COMPREPLY=( $( compgen -A function -- $cur ) )
+		elif [[ "$cur" == -* ]]; then
+			COMPREPLY=( $( compgen -W '-a -f -F -i -r -x -p' -- \
+				       $cur ) )
+		fi
+	elif [ $COMP_CWORD -eq 1 ]; then
+		COMPREPLY=( $( compgen -A function -- $cur ) )
+	else
+		COMPREPLY=( "() $( type -- ${COMP_WORDS[1]} | sed -e 1,2d )" )
+	fi
+}
+complete -F _function function declare typeset
+
+# bash complete completion
+#
+_complete()
+{
+	local cur prev options
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case $prev in
+		-o)
+			options="default dirnames filenames"
+			[ -n "$bash205b" ] && options="$options nospace"
+			[ -n "$bash3" ] && options="$options bashdefault plusdirs"
+			COMPREPLY=( $( compgen -W "$options" -- $cur ) )
+			return 0
+			;;
+
+		-A)
+			COMPREPLY=( $( compgen -W 'alias arrayvar binding \
+				builtin command directory disabled enabled \
+				export file function group helptopic hostname \
+				job keyword running service setopt shopt \
+				signal stopped user variable' -- $cur ) )
+			return 0
+			;;
+
+		-C)
+			COMPREPLY=( $( compgen -A command -- $cur ) )
+			return 0
+			;;
+		-F)
+			COMPREPLY=( $( compgen -A function -- $cur ) )
+			return 0
+			;;
+		-@(p|r))
+			COMPREPLY=( $( complete -p | sed -e 's|.* ||' | \
+					grep "^$cur" ) )
+			return 0
+			;;
+
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		# relevant options completion
+		options="-a -b -c -d -e -f -g -j -k -s -v -u -A -G -W -P -S -X -F -C"
+		[ -n "$bash205" ] && options="$options -o"
+		COMPREPLY=( $( compgen -W "$options" -- $cur ) )
+	else
+		COMPREPLY=( $( compgen -A command -- $cur ) )
+	fi
+}
+complete -F _complete complete
+
+# start of section containing completion functions for external programs
+
+# a little help for FreeBSD ports users
+[ $UNAME = FreeBSD ] && complete -W 'index search fetch fetch-list \
+	extract patch configure build install reinstall \
+	deinstall clean clean-depends kernel buildworld' make
+
+# This completes on a list of all available service scripts for the
+# 'service' command and/or the SysV init.d directory, followed by
+# that script's available commands
+#
+{ have service || [ -d /etc/init.d/ ]; } &&
+_service()
+{
+	local cur sysvdir
+
+	COMPREPLY=()
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+	cur=`_get_cword`
+
+	# don't complete for things like killall, ssh and mysql if it's
+	# the standalone command, rather than the init script
+	[[ ${COMP_WORDS[0]} != @(*init.d/!(functions|~)|service) ]] && return 0
+
+	# don't complete past 2nd token
+	[ $COMP_CWORD -gt 2 ] && return 0
+
+	[ -d /etc/rc.d/init.d ] && sysvdir=/etc/rc.d/init.d \
+				|| sysvdir=/etc/init.d
+
+	if [[ $COMP_CWORD -eq 1 ]] && [[ $prev == "service" ]]; then
+		_services
+	else
+		COMPREPLY=( $( compgen -W '`sed -ne "y/|/ /; \
+				s/^.*Usage.*{\(.*\)}.*$/\1/p" \
+				$sysvdir/${prev##*/} 2>/dev/null`' -- $cur ) )
+	fi
+
+	return 0
+} &&
+complete -F _service service
+[ -d /etc/init.d/ ] && complete -F _service $default \
+	$(for i in /etc/init.d/*; do echo ${i##*/}; done)
+
+# chown(1) completion
+#
+_chown()
+{
+	local cur
+	cur=`_get_cword`
+
+	# options completion
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-c -h -f -R -v --changes \
+		--dereference --no-dereference --from= --silent --quiet \
+		--reference= --recursive --verbose --help --version' -- $cur ) )
+	else
+		_count_args
+
+		case $args in
+			1)
+				_usergroup
+				;;
+			*)
+				_filedir
+				;;
+		esac
+	fi
+}
+complete -F _chown $filenames chown
+
+# chgrp(1) completion
+#
+_chgrp()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	cur=${cur//\\\\/}
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	# options completion
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-c -h -f -R -v --changes \
+		--dereference --no-dereference --silent --quiet \
+		--reference= --recursive --verbose --help --version' -- $cur ) )
+		return 0
+	fi
+
+	# first parameter on line or first since an option?
+	if [ $COMP_CWORD -eq 1 ] && [[ "$cur" != -* ]] || \
+	   [[ "$prev" == -* ]] && [ -n "$bash205" ]; then
+		local IFS=$'\n'
+		COMPREPLY=( $( compgen -g $cur 2>/dev/null ) )
+	else
+		_filedir || return 0
+	fi
+
+	return 0
+}
+complete -F _chgrp $filenames chgrp
+
+# umount(8) completion. This relies on the mount point being the third
+# space-delimited field in the output of mount(8)
+#
+_umount()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	OLDIFS="$IFS"
+	IFS="\n"
+	COMPREPLY=( $( compgen -W '$( mount | cut -d" " -f 3 )' -- $cur ) )
+	IFS="$OLDIFS"
+
+	return 0
+}
+complete -F _umount $dirnames umount
+
+# mount(8) completion. This will pull a list of possible mounts out of
+# /etc/{,v}fstab, unless the word being completed contains a ':', which
+# would indicate the specification of an NFS server. In that case, we
+# query the server for a list of all available exports and complete on
+# that instead.
+#
+_mount()
+{       local cur i sm host
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	[[ "$cur" == \\ ]] && cur="/"
+
+	for i in {,/usr}/{,s}bin/showmount; do [ -x $i ] && sm=$i && break; done
+
+	if [ -n "$sm" ] && [[ "$cur" == *:* ]]; then
+		COMPREPLY=( $( $sm -e ${cur%%:*} | sed 1d | \
+			       grep ^${cur#*:} | awk '{print $1}' ) )
+	elif [[ "$cur" == //* ]]; then
+		host=${cur#//}
+		host=${host%%/*}
+		if [ -n "$host" ]; then
+			COMPREPLY=( $( compgen -W "$( echo $( smbclient -d 0 -NL $host 2>/dev/null|
+			sed -ne '/^['"$'\t '"']*Sharename/,/^$/p' |
+			sed -ne '3,$s|^[^A-Za-z]*\([^'"$'\t '"']*\).*$|//'$host'/\1|p' ) )" -- "$cur" ) )
+		fi
+	elif [ -r /etc/vfstab ]; then
+		# Solaris
+		COMPREPLY=( $( awk '! /^[ \t]*#/ {if ($3 ~ /\//) print $3}' \
+				/etc/vfstab | grep "^$cur" ) )
+	elif [ ! -e /etc/fstab ]; then
+		# probably Cygwin
+		COMPREPLY=( $( mount | awk '! /^[ \t]*#/ {if ($3 ~ /\//) print $3}' \
+				 | grep "^$cur" ) )
+	else
+		# probably Linux
+		COMPREPLY=( $( awk '! /^[ \t]*#/ {if ($2 ~ /\//) print $2}' \
+				/etc/fstab | grep "^$cur" ) )
+	fi
+
+	return 0
+}
+complete -F _mount $default $filenames mount
+
+# Linux rmmod(8) completion. This completes on a list of all currently
+# installed kernel modules.
+#
+have rmmod && {
+_rmmod()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	COMPREPLY=( $( /sbin/lsmod | \
+		  awk '{if (NR != 1 && $1 ~ /^'$cur'/) print $1}' 2>/dev/null ))
+	return 0
+}
+complete -F _rmmod rmmod
+
+# Linux insmod(8), modprobe(8) and modinfo(8) completion. This completes on a
+# list of all available modules for the version of the kernel currently
+# running.
+#
+_insmod()
+{
+	local cur prev modpath
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	# behave like lsmod for modprobe -r
+	if [ $1 = "modprobe" ] &&
+	   [ "${COMP_WORDS[1]}" = "-r" ]; then
+		COMPREPLY=( $( /sbin/lsmod | \
+				awk '{if (NR != 1 && $1 ~ /^'$cur'/) print $1}' ) )
+		return 0
+	fi
+
+	# do filename completion if we're giving a path to a module
+	if [[ "$cur" == */* ]]; then
+		_filedir '@(?(k)o?(.gz))'
+		return 0
+	fi
+
+	if [ $COMP_CWORD -gt 1 ] && 
+	   [[ "${COMP_WORDS[COMP_CWORD-1]}" != -* ]]; then
+		# do module parameter completion
+		COMPREPLY=( $( /sbin/modinfo -p ${COMP_WORDS[1]} 2>/dev/null | \
+		       awk '{if ($1 ~ /^parm:/ && $2 ~ /^'$cur'/) { print $2 } \
+			else if ($1 !~ /:/ && $1 ~ /^'$cur'/) { print $1 }}' ) )
+	else
+		_modules $(uname -r)
+	fi
+
+	return 0
+}
+complete -F _insmod $filenames insmod modprobe modinfo
+}
+
+# man(1) completion
+#
+[ $UNAME = GNU -o $UNAME = Linux -o $UNAME = Darwin \
+  -o $UNAME = FreeBSD -o $UNAME = SunOS -o $UNAME = Cygwin \
+  -o $UNAME = OpenBSD ] &&
+_man()
+{
+	local cur prev sect manpath UNAME
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	_expand || return 0
+
+	# default completion if parameter contains /
+	if [[ "$cur" == */* ]]; then
+		_filedir
+		return 0
+	fi
+
+	UNAME=$( uname -s )
+	# strip OS type and version under Cygwin
+	UNAME=${UNAME/CYGWIN_*/Cygwin}
+	if [ $UNAME = GNU -o $UNAME = Linux -o $UNAME = FreeBSD \
+	     -o $UNAME = Cygwin ]; then
+		manpath=$( manpath 2>/dev/null || command man --path )
+	else
+		manpath=$MANPATH
+	fi
+
+	if [ -z "$manpath" ]; then
+		COMPREPLY=( $( compgen -c -- $cur ) )
+		return 0
+	fi
+
+	# determine manual section to search
+	[[ "$prev" == [0-9ln] ]] && sect=$prev || sect='*'
+
+	manpath=$manpath:
+	if [ -n "$cur" ]; then
+		manpath="${manpath//://*man$sect/$cur* } ${manpath//://*cat$sect/$cur* }"
+	else
+		manpath="${manpath//://*man$sect/ } ${manpath//://*cat$sect/ }"
+	fi
+		
+	# redirect stderr for when path doesn't exist
+	COMPREPLY=( $( eval command ls "$manpath" 2>/dev/null ) )
+	# weed out directory path names and paths to man pages
+	COMPREPLY=( ${COMPREPLY[@]##*/?(:)} )
+	# strip suffix from man pages
+	COMPREPLY=( ${COMPREPLY[@]%.@(gz|bz2)} )
+	COMPREPLY=( $( compgen -W '${COMPREPLY[@]%.*}' -- "${cur//\\\\/}" ) )
+
+	[[ "$prev" != [0-9ln] ]] && _filedir '[0-9ln]'
+
+	return 0
+}
+[ $UNAME = GNU -o $UNAME = Linux -o $UNAME = Darwin \
+  -o $UNAME = FreeBSD -o $UNAME = SunOS -o $UNAME = Cygwin \
+  -o $UNAME = OpenBSD ] && \
+complete -F _man $filenames man apropos whatis
+
+# renice(8) completion
+#
+_renice()
+{
+	local command cur curopt i
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	command=$1
+
+	i=0
+	# walk back through command line and find last option
+	while [ $i -le $COMP_CWORD -a ${#COMPREPLY[@]} -eq 0 ]; do
+		curopt=${COMP_WORDS[COMP_CWORD-$i]}
+		case "$curopt" in
+		-u)
+			COMPREPLY=( $( compgen -u -- $cur ) )
+			;;
+		-g)
+			_pgids
+			;;
+		-p|$command)
+			_pids
+			;;
+		esac
+		i=$(( ++i ))
+	done
+}
+complete -F _renice renice
+
+# kill(1) completion
+#
+_kill()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	if [ $COMP_CWORD -eq 1 ] && [[ "$cur" == -* ]]; then
+		# return list of available signals
+		_signals
+	else
+		# return list of available PIDs
+		_pids
+	fi
+}
+complete -F _kill kill
+
+# Linux and FreeBSD killall(1) completion.
+#
+[ $UNAME = Linux -o $UNAME = FreeBSD ] &&
+_killall()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	if [ $COMP_CWORD -eq 1 ] && [[ "$cur" == -* ]]; then
+		_signals
+	else
+		COMPREPLY=( $( compgen -W '$( command ps axo command | \
+			      sed -ne "1d; s/^\[\?\([^-][^] ]*\).*$/\1/p" | \
+			      sed -e "s/.*\///" )' -- $cur ) )
+	fi
+
+	return 0
+}
+[ $UNAME = Linux -o $UNAME = FreeBSD ] && complete -F _killall killall pkill
+
+# Linux and FreeBSD pgrep(1) completion.
+#
+[ $UNAME = Linux -o $UNAME = FreeBSD ] &&
+_pgrep()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	COMPREPLY=( $( compgen -W '$( command ps axo command | \
+		      sed -ne "1d; s/^\[\?\([^-][^] ]*\).*$/\1/p" | \
+		      sed -e "s/.*\///" )' -- $cur ) )
+
+	return 0
+}
+[ $UNAME = Linux -o $UNAME = FreeBSD ] && complete -F _pgrep pgrep
+# Linux pidof(8) completion.
+[ $UNAME = Linux ] && complete -F _pgrep pidof
+
+# GNU find(1) completion. This makes heavy use of ksh style extended
+# globs and contains Linux specific code for completing the parameter
+# to the -fstype option.
+#
+_find()
+{
+	local cur prev i exprfound onlyonce
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+	-@(max|min)depth)
+		COMPREPLY=( $( compgen -W '0 1 2 3 4 5 6 7 8 9' -- $cur ) )
+		return 0
+		;;
+	-?(a|c)newer|-fls|-fprint?(0|f)|-?(i)?(l)name|-?(i)wholename)
+		_filedir
+		return 0
+		;;
+	-fstype)
+		# this is highly non-portable
+		[ -e /proc/filesystems ] &&
+		COMPREPLY=( $( cut -d$'\t' -f 2 /proc/filesystems | \
+				grep "^$cur" ) )
+		return 0
+		;;
+	-gid)
+		_gids
+		return 0
+		;;
+	-group)
+		if [ -n "$bash205" ]; then
+			COMPREPLY=( $( compgen -g -- $cur 2>/dev/null) )
+		fi
+		return 0
+		;;
+	-?(x)type)
+		COMPREPLY=( $( compgen -W 'b c d p f l s' -- $cur ) )
+		return 0
+		;;
+	-uid)
+		_uids
+		return 0
+		;;
+	-user)
+		COMPREPLY=( $( compgen -u -- $cur ) )
+		return 0
+		;;
+	-exec|-ok)
+		COMP_WORDS=(COMP_WORDS[0] $cur)
+		COMP_CWORD=1
+		_command
+		return 0
+		;;
+	-[acm]min|-[acm]time|-?(i)?(l)name|-inum|-?(i)path|-?(i)regex| \
+	-links|-perm|-size|-used|-printf)
+		# do nothing, just wait for a parameter to be given
+		return 0
+		;;
+	esac
+
+	_expand || return 0
+
+	# set exprfound to 1 if there is already an expression present
+	for i in ${COMP_WORDS[@]}; do
+		[[ "$i" = [-\(\),\!]* ]] && exprfound=1 && break
+	done
+
+	# handle case where first parameter is not a dash option
+	if [ "$exprfound" != 1 ] && [[ "$cur" != [-\(\),\!]* ]]; then
+		_filedir -d
+		return 0
+	fi
+
+	# complete using basic options
+	COMPREPLY=( $( compgen -W '-daystart -depth -follow -help -maxdepth \
+			-mindepth -mount -noleaf -version -xdev -amin -anewer \
+			-atime -cmin -cnewer -ctime -empty -false -fstype \
+			-gid -group -ilname -iname -inum -ipath -iregex \
+			-wholename \
+			-links -lname -mmin -mtime -name -newer -nouser \
+			-nogroup -perm -regex -size -true -type -uid -used \
+			-user -xtype -exec -fls -fprint -fprint0 -fprintf -ok \
+			-print -print0 -printf -prune -ls' -- $cur ) )
+
+	# this removes any options from the list of completions that have
+	# already been specified somewhere on the command line, as long as
+	# these options can only be used once (in a word, "options", in
+	# opposition to "tests" and "actions", as in the find(1) manpage).
+	onlyonce=' -daystart -depth -follow -help -maxdepth -mindepth -mount \
+		   -noleaf -version -xdev '
+	COMPREPLY=( $( echo "${COMP_WORDS[@]}" | \
+		       (while read -d ' ' i; do
+			    [ "$i" == "" ] ||
+			    [ "${onlyonce/ ${i%% *} / }" == "$onlyonce" ] &&
+			    continue
+			    # flatten array with spaces on either side,
+			    # otherwise we cannot grep on word boundaries of
+			    # first and last word
+			    COMPREPLY=" ${COMPREPLY[@]} "
+			    # remove word from list of completions
+			    COMPREPLY=( ${COMPREPLY/ ${i%% *} / } )
+			done
+			echo "${COMPREPLY[@]}")
+		  ) )
+	
+	_filedir
+	
+	return 0
+}
+complete -F _find $filenames find
+
+# Linux iwconfig(8) completion
+#
+[ $UNAME = Linux ] && have iwconfig &&
+_iwconfig()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+	
+	case $prev in
+		mode)
+			COMPREPLY=( $( compgen -W 'managed ad-hoc master \
+				repeater secondary monitor' -- $cur ) )
+			return 0
+			;;
+		essid)
+			COMPREPLY=( $( compgen -W 'on off any' -- $cur ) )
+			if [ -n "${COMP_IWLIST_SCAN:-}" ]; then
+				COMPREPLY=( "${COMPREPLY[@]}" \
+					$( iwlist ${COMP_WORDS[1]} scan | \
+					awk -F '"' '/ESSID/ {print $2}' | \
+					grep "^$cur" ))
+			fi
+			return 0
+			;;
+		nwid)
+			COMPREPLY=( $( compgen -W 'on off' -- $cur ) )
+			return 0
+			;;
+		channel)
+			COMPREPLY=( $( iwlist ${COMP_WORDS[1]} channel | \
+				awk '/^[[:space:]]*Channel/ {print $2}' | \
+				grep "^$cur" ) )
+			return 0
+			;;
+
+		freq)
+			COMPREPLY=( $( iwlist ${COMP_WORDS[1]} channel | \
+				awk '/^[[:space:]]*Channel/ {print $4"G"}' | \
+				grep "^$cur" ) )
+			return 0
+			;;
+		ap)
+			COMPREPLY=( $( compgen -W 'on off any' -- $cur ) )
+			if [ -n "${COMP_IWLIST_SCAN:-}" ]; then
+				COMPREPLY=( "${COMPREPLY[@]}" \
+					$( iwlist ${COMP_WORDS[1]} scan | \
+					awk -F ': ' '/Address/ {print $2}' | \
+					grep "^$cur" ) )
+			fi
+			return 0
+			;;
+		rate)
+			COMPREPLY=( $( compgen -W 'auto fixed' -- $cur ) )
+			COMPREPLY=( "${COMPREPLY[@]}" \
+				$( iwlist ${COMP_WORDS[1]} rate | \
+				awk '/^[[:space:]]*[0-9]/ {print $1"M"}' | \
+				grep "^$cur" ) )
+			return 0
+			;;
+		rts)
+			COMPREPLY=( $( compgen -W 'auto fixed off' -- $cur ) )
+			return 0
+			;;
+		frag)
+			COMPREPLY=( $( compgen -W 'auto fixed off' -- $cur ) )
+			return 0
+			;;
+		key)
+			COMPREPLY=( $( compgen -W 'off on open restricted' -- $cur ) )
+			return 0
+			;;
+		enc)
+			COMPREPLY=( $( compgen -W 'off on open restricted' -- $cur ) )
+			return 0
+			;;
+		power)
+			COMPREPLY=( $( compgen -W 'period timeout off on' -- $cur ) )
+			return 0
+			;;
+		txpower)
+			COMPREPLY=( $( compgen -W 'off on auto' -- $cur ) )
+			return 0
+			;;
+		retry)
+			COMPREPLY=( $( compgen -W 'limit lifetime' -- $cur ) )
+			return 0
+			;;
+	esac
+
+	if [ $COMP_CWORD -eq 1 ]; then
+		if [[ "$cur" == -* ]]; then
+			COMPREPLY=( $( compgen -W '--help --version' -- $cur ) ) 
+		else
+			_available_interfaces -w
+		fi
+	else
+		COMPREPLY=( $( compgen -W 'essid nwid mode freq channel sens mode \
+			ap nick rate rts frag enc key power txpower commit' -- $cur ) ) 
+	fi
+
+} &&
+complete -F _iwconfig iwconfig
+
+# Linux iwlist(8) completion
+#
+[ $UNAME = Linux ] && have iwlist &&
+_iwlist()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+	
+	if [ $COMP_CWORD -eq 1 ]; then
+		if [[ "$cur" == -* ]]; then
+			COMPREPLY=( $( compgen -W '--help --version' -- $cur ) ) 
+		else
+			_available_interfaces -w
+		fi
+	else
+		COMPREPLY=( $( compgen -W 'scan scanning freq frequency \
+			channel rate bit bitrate key enc encryption power \
+			txpower retry ap accesspoint peers event' -- $cur ) ) 
+	fi
+} &&
+complete -F _iwlist iwlist
+
+# Linux iwspy(8) completion
+#
+[ $UNAME = Linux ] && have iwspy &&
+_iwspy()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	if [ $COMP_CWORD -eq 1 ]; then
+		if [[ "$cur" == -* ]]; then
+			COMPREPLY=( $( compgen -W '--help --version' -- $cur ) ) 
+		else
+			_available_interfaces -w
+		fi
+	else
+		COMPREPLY=( $( compgen -W 'setthr getthr off' -- $cur ) ) 
+	fi
+} &&
+complete -F _iwspy iwspy
+
+# Linux iwpriv(8) completion
+#
+[ $UNAME = Linux ] && have iwpriv &&
+_iwpriv()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		roam)
+			COMPREPLY=( $( compgen -W 'on off' -- $cur ) )
+			return 0
+			;;
+		port)
+			COMPREPLY=( $( compgen -W 'ad-hoc managed' -- $cur ) )
+			return 0
+			;;
+	esac
+
+	if [ $COMP_CWORD -eq 1 ]; then
+		if [[ "$cur" == -* ]]; then
+			COMPREPLY=( $( compgen -W '--help --version' -- $cur ) ) 
+		else
+			_available_interfaces -w
+		fi
+	else
+		COMPREPLY=( $( compgen -W '--all roam port' -- $cur ) ) 
+	fi
+} &&
+complete -F _iwpriv iwpriv
+
+# RedHat & Debian GNU/Linux if{up,down} completion
+#
+[ $UNAME = Linux ] && { have ifup || have ifdown; } &&
+_ifupdown()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	if [ $COMP_CWORD -eq 1 ]; then
+		_configured_interfaces
+		COMPREPLY=( $(compgen -W '${COMPREPLY[@]}' -- "$cur") )
+       fi
+
+       return 0
+} &&
+complete -F _ifupdown ifup ifdown
+[ $UNAME = Linux ] && have ifstatus && complete -F _ifupdown ifstatus
+
+# Linux ipsec(8) completion (for FreeS/WAN)
+#
+[ $UNAME = Linux ] && have ipsec &&
+_ipsec()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	
+	if [ $COMP_CWORD -eq 1 ]; then
+		COMPREPLY=( $( compgen -W 'auto barf eroute klipsdebug look \
+					   manual pluto ranbits rsasigkey \
+					   setup showdefaults showhostkey spi \
+					   spigrp tncfg whack' -- $cur ) )
+		return 0
+	fi
+
+	case ${COMP_WORDS[1]} in
+	auto)
+		COMPREPLY=( $( compgen -W '--asynchronous --up --add --delete \
+					   --replace --down --route --unroute \
+					   --ready --status --rereadsecrets' \
+					-- $cur ) )
+		;;
+	manual)
+		COMPREPLY=( $( compgen -W '--up --down --route --unroute \
+					   --union' -- $cur ) )
+		;;
+	ranbits)
+		COMPREPLY=( $( compgen -W '--quick --continuous --bytes' \
+					  -- $cur ) )
+		;;
+	setup)
+		COMPREPLY=( $( compgen -W '--start --stop --restart' -- $cur ) )
+		;;
+
+	*)
+		;;
+	esac
+
+	return 0
+} &&
+complete -F _ipsec ipsec
+
+# Postfix completion.
+#
+have postfix && {
+# postfix(1)
+#
+_postfix()
+{
+	local cur prev
+
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	if [[ $cur == '-' ]]; then
+		COMPREPLY=(-c -D -v)
+		return 0
+	fi
+	if [[ $prev == '-c' ]]; then
+		_filedir -d
+		return 0
+	fi
+	if [[ $prev == '-D' ]]; then
+		COMPREPLY=( $( compgen -W 'start' -- "`get_cword`" ) )
+		return 0
+	fi
+	COMPREPLY=( $( compgen -W 'start stop reload abort flush check' -- \
+		"`get_cword`" ) )
+}
+complete -F _postfix postfix
+
+# postalias(1) and postmap(1)
+#
+_postmap()
+{
+	local cur prev len idx
+
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	if [[ $cur == '-' ]]; then
+		COMPREPLY=(-N -f -i -n -o -p -r -v -w -c -d -q)
+		return 0
+	fi
+	if [[ $prev == '-c' ]]; then
+		_filedir -d
+		return 0
+	fi
+	if [[ $prev == -[dq] ]]; then
+		return 0
+	fi
+
+	if [[ "$cur" == *:* ]]; then
+	       	COMPREPLY=( $( compgen -f -- ${cur#*:} ) )
+	else
+		len=${#cur}
+		idx=0
+		for pval in $( /usr/sbin/postconf -m ); do
+			if [[ "$cur" == "${pval:0:$len}" ]]; then
+				COMPREPLY[$idx]="$pval:"
+				idx=$(($idx+1))
+			fi
+		done
+		if [[ $idx -eq 0 ]]; then
+			COMPREPLY=( $( compgen -f -- "$cur" ) )
+		fi
+	fi
+	return 0
+}
+complete -F _postmap postmap postalias
+
+# postcat(1)
+#
+_postcat()
+{
+	local cur prev pval len idx qfile
+
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	if [[ $cur == '-' ]]; then
+		COMPREPLY=(-c -q -v)
+		return 0
+	fi
+	if [[ $prev == '-c' ]]; then
+		_filedir -d
+		return 0
+	fi
+
+	qfile=0
+	for idx in "${COMP_WORDS[@]}"; do
+		[[ "$idx" = -q ]] && qfile=1 && break
+	done
+	if [[ $qfile == 1 ]]; then
+		len=${#cur}
+		idx=0
+		for pval in $( mailq | \
+			sed -e '1d; $d; /^[^0-9A-Z]\|^$/d; s/[* !].*$//' ); do
+			if [[ "$cur" == "${pval:0:$len}" ]]; then
+				COMPREPLY[$idx]=$pval
+				idx=$(($idx+1))
+			fi
+		done
+		return 0
+	else
+		_filedir
+		return 0
+	fi
+}
+complete -F _postcat postcat
+
+# postconf(1)
+#
+_postconf()
+{
+	local cur prev pval len idx eqext
+
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+	if [[ $cur == '-' ]]; then
+		COMPREPLY=(-c -d -e -h -m -l -n -v)
+		return 0
+	fi
+	if [[ $prev == '-c' ]]; then
+		_filedir -d
+		return 0
+	fi
+	if [[ $prev == '-e' ]]; then
+		cur=${cur#[\"\']}
+		eqext='='
+	fi
+	len=${#cur}
+	idx=0
+	for pval in $( /usr/sbin/postconf | cut -d ' ' -f 1 ); do
+		if [[ "$cur" == "${pval:0:$len}" ]]; then
+			COMPREPLY[$idx]="$pval$eqext"
+			idx=$(($idx+1))
+		fi
+	done
+	return 0
+}
+complete -F _postconf postconf
+
+# postsuper(1)
+#
+_postsuper()
+{
+	local cur prev pval len idx
+
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	if [[ $cur == '-' ]]; then
+		COMPREPLY=(-c -d -h -H -p -r -s -v)
+		return 0
+	fi
+	case $prev in
+	-[dr])
+		len=${#cur}
+		idx=0
+		for pval in $( echo ALL; mailq | \
+			sed -e '1d; $d; /^[^0-9A-Z]\|^$/d; s/[* !].*$//' ); do
+			if [[ "$cur" == "${pval:0:$len}" ]]; then
+				COMPREPLY[$idx]=$pval
+				idx=$(($idx+1))
+			fi
+		done
+		return 0
+		;;
+	-h)
+		len=${#cur}
+		idx=0
+		for pval in $( echo ALL; mailq | \
+			sed -e '1d; $d; /^[^0-9A-Z]\|^$/d; s/[* ].*$//; /!$/d' ); do
+			if [[ "$cur" == "${pval:0:$len}" ]]; then
+				COMPREPLY[$idx]=$pval
+				idx=$(($idx+1))
+			fi
+		done
+		return 0
+		;;
+	-H)
+		len=${#cur}
+		idx=0
+		for pval in $( echo ALL; mailq | \
+			sed -e '1d; $d; /^[^0-9A-Z]\|^$/d; /^[0-9A-Z]*[* ]/d; s/!.*$//' ); do
+			if [[ "$cur" == "${pval:0:$len}" ]]; then
+				COMPREPLY[$idx]=$pval
+				idx=$(($idx+1))
+			fi
+		done
+		return 0
+		;;
+	esac
+	COMPREPLY=( $( compgen -W 'hold incoming active deferred' -- $cur ) )
+	return 0
+}
+complete -F _postsuper postsuper
+}
+
+# cvs(1) completion
+#
+have cvs && {
+set_prefix()
+{
+	[ -z ${prefix:-} ] || prefix=${cur%/*}/
+	[ -r ${prefix:-}CVS/Entries ] || prefix=""
+}
+
+get_entries()
+{
+	local IFS=$'\n'
+	[ -r ${prefix:-}CVS/Entries ] && \
+	entries=$(cut -d/ -f2 -s ${prefix:-}CVS/Entries)
+}
+
+get_modules()
+{
+	if [ -n "$prefix" ]; then 
+		COMPREPLY=( $( command ls -d ${cvsroot}/${prefix}/!(CVSROOT) ) )
+	else
+		COMPREPLY=( $( command ls -d ${cvsroot}/!(CVSROOT) ) )
+	fi
+}
+
+_cvs()
+{
+	local cur count mode i cvsroot cvsroots pwd
+	local -a flags miss files entries changed newremoved
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	count=0
+	for i in "${COMP_WORDS[@]}"; do
+		[ $count -eq $COMP_CWORD ] && break
+		# Last parameter was the CVSROOT, now go back to mode selection
+		if [ "${COMP_WORDS[((count))]}" == "$cvsroot" -a "$mode" == "cvsroot" ]; then
+			mode=""
+		fi
+		if [ -z "$mode" ]; then
+			case $i in
+			-d)
+				mode=cvsroot
+				cvsroot=${COMP_WORDS[((count+1))]}
+				;;
+			@(ad?(d)|new))
+				mode=add
+				;;
+			@(adm?(in)|rcs))
+				mode=admin
+				;;
+			ann?(notate))
+				mode=annotate
+				;;
+			@(checkout|co|get))
+				mode=checkout
+				;;
+			@(com?(mit)|ci))
+				mode=commit
+				;;
+			di?(f?(f)))
+				mode=diff
+				;;
+			ex?(p?(ort)))
+				mode=export
+				;;
+			?(un)edit)
+				mode=$i
+				;;
+			hi?(s?(tory)))
+				mode=history
+				;;
+			im?(p?(ort)))
+				mode=import
+				;;
+			re?(l?(ease)))
+				mode=release
+				;;
+			?(r)log)
+				mode=log
+				;;
+			@(rdiff|patch))
+				mode=rdiff
+				;;
+			@(remove|rm|delete))
+				mode=remove
+				;;
+			@(rtag|rfreeze))
+				mode=rtag
+				;;
+			st?(at?(us)))
+				mode=status
+				;;
+			@(tag|freeze))
+				mode=tag
+				;;
+			up?(d?(ate)))
+				mode=update
+				;;
+			*)
+				;;
+			esac
+		elif [[ "$i" = -* ]]; then
+			flags=( "${flags[@]}" $i )
+		fi
+		count=$((++count))
+	done
+
+	case "$mode" in
+	add)
+		if [[ "$cur" != -* ]]; then
+			set_prefix
+			if [ $COMP_CWORD -gt 1 -a -r ${prefix:-}CVS/Entries ]; then
+				get_entries
+				[ -z "$cur" ] && \
+				files=$( command ls -Ad !(CVS) ) || \
+				files=$( command ls -d ${cur}* 2>/dev/null )
+				for i in "${entries[@]}"; do
+					files=( ${files[@]/#$i//} )
+				done
+				COMPREPLY=( $( compgen -W '${files[@]}' -- \
+					       $cur ) )
+			fi
+		else
+			COMPREPLY=( $( compgen -W '-k -m' -- $cur ) )
+		fi
+		;;
+	admin)
+		if [[ "$cur" = -* ]]; then
+			COMPREPLY=( $( compgen -W '-i -a -A -e -b -c -k -l -u \
+						   -L -U -m -M -n -N -o -q -I \
+						   -s -t -t- -T -V -x -z' -- \
+					$cur ) )
+		fi
+		;;
+	annotate)
+		if [[ "$cur" = -* ]]; then
+			COMPREPLY=( $( compgen -W '-D -F -f -l -R -r' -- $cur ) )
+		else
+			get_entries
+			COMPREPLY=( $( compgen -W '${entries[@]}' -- $cur ) )
+		fi
+		;;
+	checkout)
+		if [[ "$cur" != -* ]]; then
+			[ -z "$cvsroot" ] && cvsroot=$CVSROOT
+			COMPREPLY=( $( cvs -d "$cvsroot" co -c 2> /dev/null | \
+					awk '{print $1}' ) )
+			COMPREPLY=( $( compgen -W '${COMPREPLY[@]}' -- $cur ) )
+		else
+			COMPREPLY=( $( compgen -W '-A -N -P -R -c -f -l -n -p \
+						  -s -r -D -d -k -j' -- $cur ) )
+		fi
+		;;
+	commit)
+		set_prefix
+
+		if [[ "$cur" != -* ]] && [ -r ${prefix:-}CVS/Entries ]; then
+			# if $COMP_CVS_REMOTE is not null, 'cvs commit' will
+			# complete on remotely checked-out files (requires
+			# passwordless access to the remote repository
+			if [ -n "${COMP_CVS_REMOTE:-}" ]; then
+				# this is the least computationally intensive
+				# way found so far, but other changes
+				# (something other than changed/removed/new)
+				# may be missing
+				changed=( $( cvs -q diff --brief 2>&1 | \
+				sed -ne 's/^Files [^ ]* and \([^ ]*\) differ$/\1/p' ) )
+				newremoved=( $( cvs -q diff --brief 2>&1 | \
+				sed -ne 's/^cvs diff: \([^ ]*\) .*, no comparison available$/\1/p' ) )
+				COMPREPLY=( $( compgen -W '${changed[@]:-} \
+						   ${newremoved[@]:-}' -- $cur ) )
+			else
+				_filedir
+			fi
+		else
+			COMPREPLY=( $( compgen -W '-n -R -l -f -F -m -r' -- \
+				       $cur ) )
+		fi
+		;;
+	cvsroot)
+		if [ -r ~/.cvspass ]; then
+			# Ugly escaping because of bash treating ':' specially
+			cvsroots=$( sed 's/^[^ ]* //; s/:/\\:/g' ~/.cvspass )
+			COMPREPLY=( $( compgen -W '$cvsroots' -- $cur ) )
+		fi
+		;;
+	export)
+		if [[ "$cur" != -* ]]; then
+			[ -z "$cvsroot" ] && cvsroot=$CVSROOT
+			COMPREPLY=( $( cvs -d "$cvsroot" co -c | awk '{print $1}' ) )
+			COMPREPLY=( $( compgen -W '${COMPREPLY[@]}' -- $cur ) )
+		else
+			COMPREPLY=( $( compgen -W '-N -f -l -R -n \
+						  -r -D -d -k' -- $cur ) )
+		fi
+		;;
+	diff)
+		if [[ "$cur" == -* ]]; then
+			_longopt diff
+		else
+			get_entries
+			COMPREPLY=( $( compgen -W '${entries[@]:-}' -- $cur ) )
+		fi
+		;;
+	remove)
+		if [[ "$cur" != -* ]]; then
+			set_prefix
+			if [ $COMP_CWORD -gt 1 -a -r ${prefix:-}CVS/Entries ]; then
+				get_entries
+				# find out what files are missing
+				for i in "${entries[@]}"; do
+					[ ! -r "$i" ] && miss=( "${miss[@]}" $i )
+				done
+				COMPREPLY=( $(compgen -W '${miss[@]:-}' -- $cur) )
+			fi
+		else
+			COMPREPLY=( $( compgen -W '-f -l -R' -- $cur ) )
+		fi
+		;;
+	import)
+		if [[ "$cur" != -* ]]; then
+			# starts with same algorithm as checkout
+			[ -z "$cvsroot" ] && cvsroot=$CVSROOT
+			prefix=${cur%/*}
+			if [ -r ${cvsroot}/${prefix} ]; then
+				get_modules
+				COMPREPLY=( ${COMPREPLY[@]#$cvsroot} )
+				COMPREPLY=( ${COMPREPLY[@]#\/} )
+			fi
+			pwd=$( pwd )
+			pwd=${pwd##*/}
+			COMPREPLY=( $( compgen -W '${COMPREPLY[@]} $pwd' -- \
+				       $cur ) )
+		else
+			COMPREPLY=( $( compgen -W '-d -k -I -b -m -W' -- $cur ))
+		fi
+		;;
+	update)
+		if [[ "$cur" = -* ]]; then
+			COMPREPLY=( $( compgen -W '-A -P -C -d -f -l -R -p \
+						   -k -r -D -j -I -W' -- \
+						   $cur ) )
+		fi
+		;;
+	"")
+		COMPREPLY=( $( compgen -W 'add admin annotate checkout ci co \
+					   commit diff delete edit export \
+					   freeze get history import log new \
+					   patch rcs rdiff release remove \
+					   rfreeze rlog rm rtag stat status \
+					   tag unedit up update -H -Q -q -b \
+					   -d -e -f -l -n -t -r -v -w -x -z \
+					   --help --version' -- $cur ) )
+		;;
+	*)
+		;;
+	esac
+	
+	return 0
+}
+complete -F _cvs $default cvs
+}
+
+have rpm && {
+# helper functions for rpm completion
+#
+_rpm_installed_packages()
+{
+	local ver nodig nosig
+
+	if [ -r /var/log/rpmpkgs -a \
+		/var/log/rpmpkgs -nt /var/lib/rpm/Packages ]; then
+		# using RHL 7.2 or later - this is quicker than querying the DB
+		COMPREPLY=( $( sed -ne \
+		's|^\('$cur'.*\)-[0-9a-zA-Z._]\+-[0-9a-z.@]\+.*\.rpm$|\1|p' \
+				/var/log/rpmpkgs ) )
+	else
+		nodig=""
+		nosig=""
+		ver=$(rpm --version)
+		ver=${ver##* }
+	  
+		if [[ "$ver" > "4.0.4" ]]; then
+			nodig="--nodigest"
+		fi
+		if [[ "$ver" > "4.0.99" ]]; then
+			nosig="--nosignature"
+		fi
+
+		COMPREPLY=( $( rpm -qa $nodig $nosig | sed -ne \
+		's|^\('$cur'.*\)-[0-9a-zA-Z._]\+-[0-9a-z.@]\+$|\1|p' ) )
+	fi
+}
+
+_rpm_groups()
+{
+	local IFS=$'\t'
+	# remove trailing backslash, or grep will complain
+	cur=${cur%"\\"}
+	COMPREPLY=( $( rpm -qa $nodig $nosig --queryformat '%{group}\n' | \
+		       grep "^$cur" ) )
+	# backslash escape spaces and translate newlines to tabs
+	COMPREPLY=( $( echo "${COMPREPLY[@]}" | sed 's/ /\\ /g' | tr '\n' '\t' ) )
+}
+
+# rpm(8) completion
+# 
+_rpm()
+{
+	local cur prev ver nodig nosig
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+	nodig=""
+	nosig=""
+	ver=$(rpm --version); ver=${ver##* }
+  
+	if [[ "$ver" > "4.0.4" ]]; then
+		nodig="--nodigest"
+	fi
+	if [[ "$ver" > "4.0.99" ]]; then
+		nosig="--nosignature"
+	fi
+
+	if [ $COMP_CWORD -eq 1 ]; then
+		# first parameter on line
+		case "$cur" in
+		-b*)
+			COMPREPLY=( $( compgen -W '-ba -bb -bc -bi -bl -bp -bs'\
+				       -- $cur ) )
+			;;
+		-t*)
+			COMPREPLY=( $( compgen -W '-ta -tb -tc -ti -tl -tp -ts'\
+				       -- $cur ) )
+			;;
+		--*)
+			COMPREPLY=( $( compgen -W '--help --version --initdb \
+			--checksig --recompile --rebuild --resign --addsign \
+			--rebuilddb --showrc --setperms --setugids --tarbuild \
+			--eval --install --upgrade --query --freshen --erase \
+			--verify --querytags --rmsource --rmspec --clean \
+			--import' -- $cur ) )
+			;;
+		*)
+			COMPREPLY=( $( compgen -W '-b -e -F -i -q -t -U -V' \
+				       -- $cur ) )
+			;;
+		esac
+
+	return 0
+	fi
+
+	case "$prev" in
+	--@(@(db|exclude)path|prefix|relocate|root))
+		_filedir -d
+		return 0
+		;;
+	--eval)
+		# get a list of macros
+		COMPREPLY=( $( sed -ne 's|^\(%'${cur#\%}'[^ '$'\t'']*\).*$|\1|p' \
+			       /usr/lib/rpm/macros ) )
+		return 0
+		;;
+	--pipe)
+		COMPREPLY=( $( compgen -c -- $cur ) )
+		return 0
+		;;
+	--rcfile)
+		_filedir
+		return 0
+		;;
+	--specfile)
+		# complete on .spec files
+		_filedir spec
+		return 0
+		;;
+	--whatprovides)
+		if [[ "$cur" == */* ]]; then
+			_filedir
+		else
+		# complete on capabilities
+			COMPREPLY=( $( rpm -qa $nodig $nosig --queryformat \
+					'%{providename}\n' | grep "^$cur" ) )
+		fi
+		return 0
+		;;
+	--whatrequires)
+		# complete on capabilities
+		COMPREPLY=( $( rpm -qa $nodig $nosig --queryformat \
+				'%{requirename}\n' | grep "^$cur" ) )
+		return 0
+		;;
+	esac
+
+	case "${COMP_WORDS[1]}" in
+	-@([iFU]*|-install|-freshen|-upgrade))
+		if [[ "$cur" == -* ]]; then
+			COMPREPLY=( $( compgen -W '--percent --force --test \
+			--replacepkgs --replacefiles --root --excludedocs \
+			--includedocs --noscripts --rcfile --ignorearch \
+			--dbpath --prefix --ignoreos --nodeps --allfiles \
+			--ftpproxy --ftpport --justdb --httpproxy --httpport \
+			--noorder --relocate --badreloc --notriggers \
+			--excludepath --ignoresize --oldpackage --define \
+			--eval --pipe --queryformat --repackage --nosuggests \
+			--nodigest --nosignature' -- $cur ) )
+		else
+			_filedir 'rpm'
+		fi
+		;;
+	-@(e|-erase))
+		if [[ "$cur" == -* ]]; then
+			COMPREPLY=( $( compgen -W '--allmatches --noscripts \
+			--notriggers --nodeps --test --repackage' -- $cur ) )
+		else
+			_rpm_installed_packages
+		fi
+		;;
+	-@(q*|-query))
+		# check whether we're doing file completion
+		if [ "${COMP_LINE#* -*([^ -])f}" != "$COMP_LINE" ]; then
+		    if [[ "$cur" == -* ]]; then
+			COMPREPLY=( $( compgen -W '--scripts --root \
+				--rcfile --requires --ftpport --ftpproxy \
+				--httpproxy --httpport --provides --triggers \
+				--dump --changelog --dbpath \
+				--last --filesbypkg \
+				--info --list --state \
+				--docfiles --configfiles --queryformat \
+				--conflicts --obsoletes \
+				--nodigest --nosignature \
+				--triggerscripts' -- $cur ) )
+		    else
+			_filedir
+		    fi
+		elif [ "${COMP_LINE#* -*([^ -])g}" != "$COMP_LINE" ]; then
+			_rpm_groups
+		elif [ "${COMP_LINE#* -*([^ -])p}" != "$COMP_LINE" ]; then
+			# uninstalled package completion
+			if [[ "$cur" == -* ]]; then
+				COMPREPLY=( $( compgen -W '--scripts --root \
+				--rcfile --whatprovides --whatrequires \
+				--requires --triggeredby --ftpport --ftpproxy \
+				--httpproxy --httpport --provides --triggers \
+				--dump --changelog --dbpath --filesbypkg \
+				--define --eval --pipe --showrc --info --list \
+				--state --docfiles --configfiles --queryformat\
+				--conflicts --obsoletes --nodigest \
+				--nosignature' -- $cur ) )
+			else
+				_filedir 'rpm'
+			fi
+		else
+			# installed package completion
+			if [[ "$cur" == -* ]]; then
+				COMPREPLY=( $( compgen -W '--scripts --root \
+				--rcfile --whatprovides --whatrequires \
+				--requires --triggeredby --ftpport --ftpproxy \
+				--httpproxy --httpport --provides --triggers \
+				--dump --changelog --dbpath --specfile \
+				--querybynumber --last --filesbypkg --define \
+				--eval --pipe --showrc --info --list --state \
+				--docfiles --configfiles --queryformat \
+				--conflicts --obsoletes --pkgid --hdrid \
+				--fileid --tid --nodigest --nosignature \
+				--triggerscripts' -- $cur ) )
+			elif [ "${COMP_LINE#* -*([^ -])a}" == "$COMP_LINE" ]; then
+				_rpm_installed_packages
+			fi
+		fi
+		;;
+	-@(K*|-checksig))
+		if [[ "$cur" == -* ]]; then
+			COMPREPLY=( $( compgen -W '--nopgp --nogpg --nomd5 \
+					--nodigest --nosignature' -- $cur ) )
+		else
+			_filedir 'rpm'
+		fi
+		;;
+	-@([Vy]*|-verify))
+		if [[ "$cur" == -* ]]; then
+			COMPREPLY=( $( compgen -W '--root --rcfile --dbpath \
+			--nodeps --nogroup --nolinkto --nomode --nomtime \
+			--nordev --nouser --nofiles --noscripts --nomd5 \
+			--querytags --specfile --whatrequires --whatprovides \
+			--nodigest --nosignature' -- $cur ) )
+		# check whether we're doing file completion
+		elif [ "${COMP_LINE#* -*([^ -])f}" != "$COMP_LINE" ]; then
+			_filedir
+		elif [ "${COMP_LINE#* -*([^ -])g}" != "$COMP_LINE" ]; then
+			_rpm_groups
+		elif [ "${COMP_LINE#* -*([^ -])p}" != "$COMP_LINE" ]; then
+			_filedir 'rpm'
+		else
+			_rpm_installed_packages
+		fi
+		;;
+	-[bt]*)
+		if [[ "$cur" == -* ]]; then
+			COMPREPLY=( $( compgen -W '--short-circuit --timecheck \
+			--clean --rmsource --rmspec --test --sign --buildroot \
+			--target -- buildarch --buildos --nobuild --nodeps \
+			--nodirtokens' -- $cur ) )
+		elif [[ ${COMP_WORDS[1]} == -b* ]]; then
+			_filedir 'spec'
+		else
+			_filedir '@(tgz|tar.@(gz|bz2))'
+		fi
+		;;
+	--re@(build|compile))
+		if [[ "$cur" == -* ]]; then
+			COMPREPLY=( $( compgen -W '--nodeps --rmsource \
+			  --rmspec --sign --nodirtokens --target' -- $cur ) )
+		else
+			_filedir '?(no)src.rpm'
+		fi
+		;;
+	--tarbuild)
+		_filedir '@(tgz|tar.@(gz|bz2))'
+		;;
+	--@(re|add)sign)
+		_filedir 'rpm'
+		;;
+	--set@(perms|gids))
+		_rpm_installed_packages
+		;;
+	--@(clean|rms@(ource|pec)))
+		if [[ "$cur" == -* ]]; then
+			COMPREPLY=( $( compgen -W '--clean --rmsource \
+					--rmspec' -- $cur ) )
+		else
+			_filedir 'spec'
+		fi
+		;;
+	--@(import|dbpath|root))
+		if [[ "$cur" == -* ]]; then
+			COMPREPLY=( $( compgen -W '--import --dbpath --root' \
+					-- $cur ) )
+		else
+			_filedir
+		fi
+		;;
+	esac
+
+	return 0
+}
+complete -F _rpm $filenames rpm rpmbuild
+}
+
+# Debian apt-get(8) completion.
+#
+have apt-get &&
+_apt_get()
+{
+	local cur prev special i
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	for (( i=0; i < ${#COMP_WORDS[@]}-1; i++ )); do
+		if [[ ${COMP_WORDS[i]} == @(install|remove|purge|source|build-dep) ]]; then
+			special=${COMP_WORDS[i]}
+		fi
+	done
+
+	if [ -n "$special" ]; then
+		case $special in
+		remove|purge)
+			if [ -f /etc/debian_version ]; then
+				# Debian system
+				COMPREPLY=( $( _comp_dpkg_installed_packages \
+						$cur ) )
+			else
+				# assume RPM based
+				_rpm_installed_packages
+			fi
+			return 0
+			;;
+		*)
+			COMPREPLY=( $( apt-cache pkgnames $cur 2> /dev/null ) )
+			return 0
+			;;
+
+		esac
+	fi
+
+	case "$prev" in
+	    -@(c|-config-file))
+ 		     _filedir
+		     return 0
+		     ;;
+
+	    -@(t|-target-release|-default-release))
+		     COMPREPLY=( $( apt-cache policy | \
+				    grep "release.o=Debian,a=$cur" | \
+				    sed -e "s/.*a=\(\w*\).*/\1/" | uniq 2> /dev/null) )
+		     return 0
+		     ;;
+ 
+	esac
+
+	if [[ "$cur" == -* ]]; then
+
+		COMPREPLY=( $( compgen -W '-d -f -h -v -m -q -s -y \
+				-u -t -b -c -o --download-only --fix-broken \
+				--help --version --ignore-missing \
+				--fix-missing --no-download --quiet --simulate \
+				--just-print --dry-run --recon --no-act --yes \
+				--assume-yes --show-upgraded --only-source \
+				--compile --build --ignore-hold \
+				--target-release --no-upgrade --force-yes \
+				--print-uris --purge --reinstall \
+				--list-cleanup --default-release \
+				--trivial-only --no-remove --diff-only \
+				--tar-only --config-file --option --auto-remove' -- $cur ) )
+	else
+
+		COMPREPLY=( $( compgen -W 'update upgrade dselect-upgrade \
+				dist-upgrade install remove purge source \
+				build-dep check clean autoclean autoremove' \
+				-- $cur ) )
+
+	fi
+
+
+	return 0
+} &&
+complete -F _apt_get $filenames apt-get
+
+# Debian apt-cache(8) completion.
+#
+have apt-cache &&
+_apt_cache()
+{
+	local cur prev special i
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	
+	if [ "$cur" != show ]; then
+	    for (( i=0; i < ${#COMP_WORDS[@]}-1; i++ )); do
+		if [[ ${COMP_WORDS[i]} == @(add|depends|dotty|policy|rdepends|madison|show?(pkg|src|)) ]]; then
+		    special=${COMP_WORDS[i]}
+		fi
+	    done
+	fi
+
+
+	if [ -n "$special" ]; then
+	    case $special in
+		add)
+		    _filedir
+		    return 0
+		    ;;
+		
+ 		*)
+		    COMPREPLY=( $( apt-cache pkgnames $cur 2> /dev/null ) )
+		    return 0
+		    ;;
+		
+	    esac
+	fi
+
+
+	case "$prev" in
+	     -@(c|p|s|-config-file|-@(pkg|src)-cache))
+		     _filedir
+		     return 0
+		     ;;
+	     search)
+		     if [[ "$cur" != -* ]]; then
+			    return 0
+		     fi
+		     ;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+
+		COMPREPLY=( $( compgen -W '-h -v -p -s -q -i -f -a -g -c \
+				-o --help --version --pkg-cache --src-cache \
+				--quiet --important --full --all-versions \
+				--no-all-versions --generate --no-generate \
+				--names-only --all-names --recurse \
+				--config-file --option' -- $cur ) )
+	else
+
+		COMPREPLY=( $( compgen -W 'add gencaches show showpkg showsrc \
+				stats dump dumpavail unmet search search \
+				depends rdepends pkgnames dotty xvcg \
+				policy madison' -- $cur ) )
+
+	fi
+
+
+	return 0
+} &&
+complete -F _apt_cache $filenames apt-cache
+
+
+# Debian aptitude(1) completion
+#
+have aptitude && {
+have grep-status && {
+_comp_dpkg_hold_packages()
+{
+	grep-status -P -e "^$1" -a -FStatus 'hold' -n -s Package
+}
+} || {
+_comp_dpkg_hold_packages()
+{
+	grep -B 2 'hold' /var/lib/dpkg/status | grep "Package: $1" \
+		| cut -d\  -f2
+}
+}
+
+_aptitude()
+{
+	local cur dashoptions prev special i
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+
+	dashoptions='-S -u -i -h --help --version -s --simulate -d \
+		     --download-only -P --prompt -y --assume-yes -F \
+		     --display-format -O --sort -w --width -f -r -g \
+		     --with-recommends --with-suggests -R -G \
+		     --without-recommends --without-suggests -t \
+		     --target-release -V --show-versions -D --show-deps\
+		     -Z -v --verbose --purge-unused'
+
+	for (( i=0; i < ${#COMP_WORDS[@]}-1; i++ )); do
+	    if [[ ${COMP_WORDS[i]} == @(install|reinstall|hold|unhold|markauto|unmarkauto|dist-upgrade|full-upgrade|download|show|forbid-version|purge|remove|changelog|why|why-not|keep|keep-all) ]]; then
+		special=${COMP_WORDS[i]}
+	    fi
+	    #exclude some mutually exclusive options
+	    [[ ${COMP_WORDS[i]} == '-u' ]] && dashoptions=${dashoptions/-i}
+	    [[ ${COMP_WORDS[i]} == '-i' ]] && dashoptions=${dashoptions/-u}
+	done
+
+	if [[ -n "$special" ]]; then
+	   case $special in
+	       @(install|hold|markauto|unmarkauto|dist-upgrade|full-upgrade|download|show|changelog|why|why-not))
+		   COMPREPLY=( $( apt-cache pkgnames $cur 2> /dev/null ) )
+		   return 0
+		   ;;
+	       @(purge|remove|reinstall|forbid-version))
+  		   COMPREPLY=( $( _comp_dpkg_installed_packages $cur ) )
+		   return 0
+		   ;;
+	       unhold)
+  		   COMPREPLY=( $( _comp_dpkg_hold_packages $cur ) )
+		   return 0
+		   ;;
+
+	   esac
+	fi
+
+	case $prev in
+	    # don't complete anything if these options are found
+	    @(autoclean|clean|forget-new|search|upgrade|safe-upgrade|update|keep-all))
+		return 0
+		;;
+
+	    -S)
+		_filedir
+		return 0
+		;;
+
+	    -@(t|-target-release|-default-release))
+		COMPREPLY=( $( apt-cache policy | \
+		    grep "release.o=Debian,a=$cur" | \
+		    sed -e "s/.*a=\(\w*\).*/\1/" | uniq 2> /dev/null ) )
+		return 0
+		;;
+
+	esac
+
+	if [[ "$cur" == -* ]]; then
+	    COMPREPLY=( $( compgen -W "$dashoptions" -- $cur ) )
+	else
+	    COMPREPLY=( $( compgen -W 'update upgrade safe-upgrade forget-new clean \
+				       autoclean install reinstall remove \
+				       hold unhold purge markauto unmarkauto why why-not \
+				       dist-upgrade full-upgrade download search show \
+				       forbid-version changelog keep-all' -- $cur ) )
+	fi
+
+
+	return 0
+}
+complete -F _aptitude $default aptitude
+}
+
+# Debian apt-build(1) completion.
+#
+have apt-build &&
+_apt_build()
+{
+	local cur prev special i
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	for (( i=0; i < ${#COMP_WORDS[@]}-1; i++ )); do
+		if [[ ${COMP_WORDS[i]} == @(install|remove|source|info|clean) ]]; then
+			special=${COMP_WORDS[i]}
+		fi
+	done
+
+	if [ -n "$special" ]; then
+		case $special in
+		@(install|source|info))
+			COMPREPLY=( $( apt-cache pkgnames $cur 2> /dev/null ) )
+			return 0
+			;;
+		remove)
+			COMPREPLY=( $( _comp_dpkg_installed_packages \
+					$cur ) )
+			return 0
+			;;
+		*)
+			return 0
+			;;
+		esac
+	fi
+
+	case "$prev" in
+
+	     --@(patch|build-dir|repository-dir))
+		   _filedir
+		   return 0
+		   ;;
+ 
+	     -@(h|-help))
+		   return 0
+		   ;;
+
+	esac
+
+	if [[ "$cur" == -* ]]; then
+	    COMPREPLY=( $( compgen -W '--help --show-upgraded -u --build-dir \
+				  --repository-dir --build-only \
+				  --build-command --reinstall --rebuild \
+				  --remove-builddep --no-wrapper --purge \
+				  --patch --patch-strip -p --yes -y \
+				  --version -v --no-source' -- $cur ) )
+
+	else
+	    COMPREPLY=( $( compgen -W 'update upgrade install remove \
+				  source dist-upgrade world clean info \
+				  clean-build update-repository ' -- $cur ) )
+	fi
+
+
+	return 0
+} &&
+complete -F _apt_build $filenames apt-build
+
+# chsh(1) completion
+#
+_chsh()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	if [ "$prev" = "-s" ]; then
+	  if [ -f /etc/debian_version ]; then
+	    COMPREPLY=( $( </etc/shells ) )
+	  else
+	    COMPREPLY=( $( chsh -l | grep "^$cur" ) )
+	  fi
+	else
+	  COMPREPLY=( $( compgen -u -- $cur ) )
+	fi
+
+	return 0
+}
+complete -F _chsh chsh
+
+# chkconfig(8) completion
+#
+have chkconfig &&
+_chkconfig()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+	@([1-6]|--@(list|add|del)))
+		_services
+		return 0
+		;;
+	--level)
+		COMPREPLY=( $( compgen -W '1 2 3 4 5 6' -- $cur ) )
+		return 0
+		;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '--list --add --del --level' -- $cur ) )
+	else
+		if [ $COMP_CWORD -eq 2 -o $COMP_CWORD -eq 4 ]; then
+			COMPREPLY=( $( compgen -W 'on off reset' -- $cur ) )
+		else
+			_services
+		fi
+	fi
+} &&
+complete -F _chkconfig chkconfig
+
+# This function provides simple user@host completion
+#
+_user_at_host() {
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	if [[ $cur == *@* ]]; then
+		_known_hosts
+	else
+		COMPREPLY=( $( compgen -u -- "$cur" ) )
+	fi
+
+	return 0
+}
+shopt -u hostcomplete && complete -F _user_at_host $nospace talk ytalk finger
+
+# This function performs host completion based on ssh's known_hosts files,
+# defaulting to standard host completion if they don't exist.
+#
+_known_hosts()
+{
+       local cur curd ocur user suffix aliases global_kh user_kh hosts i host
+       local -a kh khd config
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	ocur=$cur
+
+	[ "$1" = -a ] || [ "$2" = -a ] && aliases='yes'
+	[ "$1" = -c ] || [ "$2" = -c ] && suffix=':'
+	[[ $cur == *@* ]] && user=${cur%@*}@ && cur=${cur#*@}
+	kh=()
+
+	# ssh config files
+	[ -r /etc/ssh/ssh_config ] &&
+	  config=( "${config[@]}" "/etc/ssh/ssh_config" )
+	[ -r "${HOME}/.ssh/config" ] &&
+	  config=( "${config[@]}" "${HOME}/.ssh/config" )
+	[ -r "${HOME}/.ssh2/config" ] &&
+	  config=( "${config[@]}" "${HOME}/.ssh2/config" )
+
+	if [ ${#config[@]} -gt 0 ]; then
+	    # expand path (if present) to global known hosts file
+	    global_kh=$( eval echo $( sed -ne 's/^[ \t]*[Gg][Ll][Oo][Bb][Aa][Ll][Kk][Nn][Oo][Ww][Nn][Hh][Oo][Ss][Tt][Ss][Ff][Ii][Ll][Ee]['"$'\t '"']*\(.*\)$/\1/p' "${config[@]}" ) )
+	    # expand path (if present) to user known hosts file
+	    user_kh=$( eval echo $( sed -ne 's/^[ \t]*[Uu][Ss][Ee][Rr][Kk][Nn][Oo][Ww][Nn][Hh][Oo][Ss][Tt][Ss][Ff][Ii][Ll][Ee]['"$'\t '"']*\(.*\)$/\1/p' "${config[@]}" ) )
+	fi
+
+	# Global known_hosts files
+	[ -r "$global_kh" ] &&
+	    kh=( "${kh[@]}" "$global_kh" )
+	[ -r /etc/ssh/ssh_known_hosts ] &&
+	    kh=( "${kh[@]}" /etc/ssh/ssh_known_hosts )
+	[ -r /etc/ssh/ssh_known_hosts2 ] &&
+	    kh=( "${kh[@]}" /etc/ssh/ssh_known_hosts2 )
+	[ -r /etc/known_hosts ] &&
+	    kh=( "${kh[@]}" /etc/known_hosts )
+	[ -r /etc/known_hosts2 ] &&
+	    kh=( "${kh[@]}" /etc/known_hosts2 )
+	[ -d /etc/ssh2/knownhosts ] &&
+	    khd=( "${khd[@]}" /etc/ssh2/knownhosts/*pub )
+
+	# User known_hosts files
+	[ -r "$user_kh" ] &&
+	    kh=( "${kh[@]}" "$user_kh" )
+	[ -r ~/.ssh/known_hosts ] &&
+	    kh=( "${kh[@]}" ~/.ssh/known_hosts )
+	[ -r ~/.ssh/known_hosts2 ] &&
+	    kh=( "${kh[@]}" ~/.ssh/known_hosts2 )
+	[ -d ~/.ssh2/hostkeys ] &&
+	    khd=( "${khd[@]}" ~/.ssh2/hostkeys/*pub )
+
+	# If we have known_hosts files to use
+	if [ ${#kh[@]} -gt 0 -o ${#khd[@]} -gt 0 ]; then
+	    # Escape slashes and dots in paths for awk
+	    cur=${cur//\//\\\/}
+	    cur=${cur//\./\\\.}
+	    curd=$cur
+
+	    if [[ "$cur" == [0-9]*.* ]]; then
+		# Digits followed by a dot - just search for that
+		cur="^$cur.*"
+	    elif [[ "$cur" == [0-9]* ]]; then
+		# Digits followed by no dot - search for digits followed
+		# by a dot
+		cur="^$cur.*\."
+	    elif [ -z "$cur" ]; then
+		# A blank - search for a dot or an alpha character
+		cur="[a-z.]"
+	    else
+		cur="^$cur"
+	    fi
+
+	    if [ ${#kh[@]} -gt 0 ]; then
+
+		# FS needs to look for a comma separated list
+		COMPREPLY=( $( awk 'BEGIN {FS=","}
+				/^[^|]/ {for (i=1; i<=2; ++i) { \
+				       gsub(" .*$", "", $i); \
+				       if ($i ~ /'$cur'/) {print $i} \
+				}}' "${kh[@]}" 2>/dev/null ) )
+	    fi
+	    if [ ${#khd[@]} -gt 0 ]; then
+		# Needs to look for files called
+		# .../.ssh2/key_22_<hostname>.pub
+		# dont fork any processes, because in a cluster environment, 
+		# there can be hundreds of hostkeys
+		for i in "${khd[@]}" ; do
+		    if [[ "$i" == *key_22_$curd*.pub ]] && [ -r "$i" ] ; then
+			host=${i/#*key_22_/}
+			host=${host/%.pub/}
+			COMPREPLY=( "${COMPREPLY[@]}" $host )
+		    fi
+		done
+	    fi
+
+	    # append any available aliases from config files
+	    if [ ${#config[@]} -gt 0 ] && [ -n "$aliases" ]; then
+		local host_aliases=$( sed -ne 's/^[Hh][Oo][Ss][Tt]\([Nn][Aa][Mm][Ee]\)\?['"$'\t '"']\+\([^*?]*\)$/\2/p' "${config[@]}" )
+		hosts=$( compgen -W "$host_aliases" -- $ocur )
+		COMPREPLY=( "${COMPREPLY[@]}" $hosts )
+	    fi
+
+	    # Now add results of normal hostname completion
+	    COMPREPLY=( "${COMPREPLY[@]}" $( compgen -A hostname -- $ocur ) )
+
+	    # apply suffix
+	    for (( i=0; i < ${#COMPREPLY[@]}; i++ )); do
+		COMPREPLY[i]=$user${COMPREPLY[i]}$suffix
+	    done
+	else
+	    # Just do normal hostname completion
+	    COMPREPLY=( $( compgen -A hostname -S "$suffix" -- $cur ) )
+	fi
+
+	return 0
+}
+complete -F _known_hosts traceroute traceroute6 tracepath tracepath6 \
+	ping ping6 fping fping6 telnet host nslookup rsh rlogin ftp dig ssh-installkeys mtr
+
+# ssh(1) completion
+#
+have ssh && {
+_ssh()
+{
+	local cur prev
+	local -a config
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+	-*c)
+	    COMPREPLY=( $( compgen -W 'blowfish 3des 3des-cbc blowfish-cbc \
+			   arcfour cast128-cbc' -- $cur ) )
+	    ;;
+	-*i)
+	    _filedir
+	    ;;
+	-*l)
+	    COMPREPLY=( $( compgen -u -- $cur ) )
+	    ;;
+	*)
+	    _known_hosts -a
+
+	    [ $COMP_CWORD -eq 1 ] || \
+		COMPREPLY=( "${COMPREPLY[@]}" $( compgen -c -- $cur ) )
+	esac
+
+	return 0
+}
+shopt -u hostcomplete && complete -F _ssh ssh slogin sftp xhost autossh
+
+# scp(1) completion
+#
+_scp()
+{
+	local cur userhost path
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	_expand || return 0
+
+	if [[ "$cur" == *:* ]]; then
+		local IFS=$'\t\n'
+		# remove backslash escape from :
+		cur=${cur/\\:/:}
+		userhost=${cur%%?(\\):*}
+		path=${cur#*:}
+		# unescape spaces
+		path=${path//\\\\\\\\ / }
+		if [ -z "$path" ]; then
+			# default to home dir of specified user on remote host
+			path=$(ssh -o 'Batchmode yes' $userhost pwd 2>/dev/null)
+		fi
+		# escape spaces; remove executables, aliases, pipes and sockets;
+		# add space at end of file names
+		COMPREPLY=( $( ssh -o 'Batchmode yes' $userhost \
+			       command ls -aF1d "$path*" 2>/dev/null | \
+			       sed -e "s/[][(){}<>\",:;^&!$&=?\`|\\ ']/\\\\\\\\\\\\&/g" \
+				   -e 's/[*@|=]$//g' -e 's/[^\/]$/& /g' ) )
+		return 0
+	fi
+
+	[[ "$cur" == */* ]] || _known_hosts -c -a
+		local IFS=$'\t\n'
+		COMPREPLY=( "${COMPREPLY[@]}" $( command ls -aF1d $cur* \
+			    2>/dev/null | sed \
+			    -e "s/[][(){}<>\",:;^&!$&=?\`|\\ ']/\\\\&/g" \
+			    -e 's/[*@|=]$//g' -e 's/[^\/]$/& /g' ) )
+	return 0
+}
+complete -F _scp $nospace scp
+}
+
+# rsync(1) completion
+#
+have rsync &&
+_rsync()
+{
+	local cur prev shell i userhost path
+ 
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	_expand || return 0
+
+	case "$prev" in
+	--@(config|password-file|include-from|exclude-from))
+		_filedir
+		return 0
+		;;
+	-@(T|-temp-dir|-compare-dest))
+		_filedir -d
+		return 0
+		;;
+	-@(e|-rsh))
+		COMPREPLY=( $( compgen -W 'rsh ssh' -- $cur ) )
+		return 0
+		;;
+	esac
+ 
+	case "$cur" in
+	-*)
+		COMPREPLY=( $( compgen -W '-v -q  -c -a -r -R -b -u -l -L -H \
+				-p -o -g -D -t -S -n -W -x -B -e -C -I -T -P \
+				-z -h -4 -6 --verbose --quiet --checksum \
+				--archive --recursive --relative --backup \
+				--backup-dir --suffix= --update --links \
+				--copy-links --copy-unsafe-links --safe-links \
+				--hard-links --perms --owner --group --devices\
+				--times --sparse --dry-run --whole-file \
+				--no-whole-file --one-file-system \
+				--block-size= --rsh= --rsync-path= \
+				--cvs-exclude --existing --ignore-existing \
+				--delete --delete-excluded --delete-after \
+				--ignore-errors --max-delete= --partial \
+				--force --numeric-ids --timeout= \
+				--ignore-times --size-only --modify-window= \
+				--temp-dir= --compare-dest= --compress \
+				--exclude= --exclude-from= --include= \
+				--include-from= --version --daemon --no-detach\
+				--address= --config= --port= --blocking-io \
+				--no-blocking-io --stats --progress \
+				--log-format= --password-file= --bwlimit= \
+				--write-batch= --read-batch= --help' -- $cur ))
+		;;
+	*:*)
+		# find which remote shell is used
+		shell=rsh
+		for (( i=1; i < COMP_CWORD; i++ )); do
+			if [[ "${COMP_WORDS[i]}" == -@(e|-rsh) ]]; then
+				shell=${COMP_WORDS[i+1]}
+				break
+			fi
+		done
+		if [[ "$shell" == ssh ]]; then
+			# remove backslash escape from :
+			cur=${cur/\\:/:}
+			userhost=${cur%%?(\\):*}
+			path=${cur#*:}
+			# unescape spaces
+			path=${path//\\\\\\\\ / }
+			if [ -z "$path" ]; then
+				# default to home dir of specified
+				# user on remote host
+				path=$(ssh -o 'Batchmode yes' \
+					$userhost pwd 2>/dev/null)
+			fi
+			# escape spaces; remove executables, aliases, pipes
+			# and sockets; add space at end of file names
+			COMPREPLY=( $( ssh -o 'Batchmode yes' $userhost \
+				command ls -aF1d "$path*" 2>/dev/null | \
+				sed -e 's/ /\\\\\\\ /g' -e 's/[*@|=]$//g' \
+				-e 's/[^\/]$/& /g' ) )
+		fi
+		;;
+	*)
+		_known_hosts -c -a
+		_filedir
+		;;
+	esac
+ 
+	return 0
+} &&
+complete -F _rsync $nospace $filenames rsync
+
+# Linux route(8) completion
+#
+[ $UNAME = Linux ] &&
+_route()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	if [ "$prev" = dev ]; then
+	    COMPREPLY=( $( ifconfig -a | sed -ne 's|^\('$cur'[^ ]*\).*$|\1|p' ))
+	    return 0
+	fi
+
+	COMPREPLY=( $( compgen -W 'add del -host -net netmask metric mss \
+				   window irtt reject mod dyn reinstate dev \
+				   default gw' -- $cur ) )
+
+	COMPREPLY=( $( echo " ${COMP_WORDS[@]}" | \
+		       (while read -d ' ' i; do
+			   [ "$i" == "" ] && continue
+			   # flatten array with spaces on either side,
+			   # otherwise we cannot grep on word
+			   # boundaries of first and last word
+			   COMPREPLY=" ${COMPREPLY[@]} "
+			   # remove word from list of completions
+			   COMPREPLY=( ${COMPREPLY/ $i / } )
+			done
+		       echo "${COMPREPLY[@]}")
+		  ) )
+	return 0
+}
+[ $UNAME = Linux ] && complete -F _route route
+
+# GNU make(1) completion
+#
+have make || have gmake || have gnumake || have pmake &&
+_make()
+{
+	local file makef makef_dir="." makef_inc cur prev i
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	# --name value style option
+	case $prev in
+		-@(f|o|W))
+			_filedir
+			return 0
+			;;
+		-@(I|C))
+			_filedir -d
+			return 0
+			;;
+	esac
+
+	# --name=value style option
+	if [[ "$cur" == *=* ]]; then
+		prev=${cur/=*/}
+		cur=${cur/*=/}
+		case "$prev" in
+			--@(file|makefile))
+				_filedir
+				return 0
+				;;
+			--@(directory|include-dir))
+				_filedir -d
+				return 0
+				;;
+		esac
+	fi
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-b -m -B -C -d -e -f -h -i -I\
+			-j -l -k -n -o -p -q -r -R - s -S -t -v -w -W \
+			--always-make --directory= --debug \
+			--environment-overrides --file= --makefile= --help \
+			--ignore-errors --include-dir= --jobs --load-average \
+			--max-load --keep-going --just-print --dry-run \
+			--recon --old-file= --assume-old= --print-data-base \
+			--question --no-builtin-rules --no-builtin-variables \
+			--silent --quiet --no-keep-goind --stop --touch \
+			--version --print-directory --no-print-directory \
+			--what-if= --new-file= --assume-new= \
+			--warn-undefined-variables' -- $cur ) )
+	else
+		# before we check for makefiles, see if a path was specified
+		# with -C
+		for (( i=0; i < ${#COMP_WORDS[@]}; i++ )); do
+			if [[ ${COMP_WORDS[i]} == -C ]]; then
+				# eval for tilde expansion
+				eval makef_dir=${COMP_WORDS[i+1]}
+				break
+			fi
+		done
+
+		# make reads `GNUmakefile', then `makefile', then `Makefile'
+		if [ -f ${makef_dir}/GNUmakefile ]; then
+			makef=${makef_dir}/GNUmakefile
+		elif [ -f ${makef_dir}/makefile ]; then
+			makef=${makef_dir}/makefile
+		elif [ -f ${makef_dir}/Makefile ]; then
+			makef=${makef_dir}/Makefile
+		else
+			makef=${makef_dir}/*.mk	       # local convention
+		fi
+
+		# before we scan for targets, see if a Makefile name was
+		# specified with -f
+		for (( i=0; i < ${#COMP_WORDS[@]}; i++ )); do
+			if [[ ${COMP_WORDS[i]} == -f ]]; then
+				# eval for tilde expansion
+				eval makef=${COMP_WORDS[i+1]}
+				break
+			fi
+		done
+
+		[ ! -f $makef ] && return 0
+
+		# deal with included Makefiles
+ 		makef_inc=$( grep -E '^-?include' $makef | sed -e "s,^.* ,"$makef_dir"/," )
+
+ 		for file in $makef_inc; do
+ 			[ -f $file ] && makef="$makef $file"
+ 		done
+
+		COMPREPLY=( $( awk -F':' '/^[a-zA-Z0-9][^$#\/\t=]*:([^=]|$)/ \
+				{split($1,A,/ /);for(i in A)print A[i]}' \
+				$makef 2>/dev/null | command grep "^$cur" ))
+	fi
+} &&
+complete -f -F _make $filenames make gmake gnumake pmake
+
+# GNU tar(1) completion
+#
+_tar()
+{
+	local cur ext regex tar untar
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	if [ $COMP_CWORD -eq 1 ]; then
+		COMPREPLY=( $( compgen -W 'c t x u r d A' -- $cur ) )
+		return 0
+	fi
+
+	case "${COMP_WORDS[1]}" in
+	?(-)[cr]*f)
+		_filedir
+		return 0
+		;;
+	+([^IZzjy])f)
+		ext='t@(ar?(.@(Z|gz|bz?(2)))|gz|bz?(2))'
+		regex='t\(ar\(\.\(Z\|gz\|bz2\?\)\)\?\|gz\|bz2\?\)'
+		;;
+	*[Zz]*f)
+		ext='t?(ar.)@(gz|Z)'
+		regex='t\(ar\.\)\?\(gz\|Z\)'
+		;;
+	*[Ijy]*f)
+		ext='t?(ar.)bz?(2)'
+		regex='t\(ar\.\)\?bz2\?'
+		;;
+	*)
+		_filedir
+		return 0
+		;;
+		
+	esac
+
+	if [[ "$COMP_LINE" == *$ext' ' ]]; then
+		# complete on files in tar file
+		#
+		# get name of tar file from command line
+		tar=$( echo "$COMP_LINE" | \
+			sed -e 's/^.* \([^ ]*'$regex'\) .*$/\1/' )
+		# devise how to untar and list it
+		untar=t${COMP_WORDS[1]//[^Izjyf]/}
+
+		COMPREPLY=( $( compgen -W "$( echo $( tar $untar $tar \
+				2>/dev/null ) )" -- "$cur" ) )
+		return 0
+	fi
+
+	# file completion on relevant files
+	_filedir "$ext"
+
+	return 0
+}
+[ -n "${COMP_TAR_INTERNAL_PATHS:-}" ] && complete -F _tar $dirnames tar ||
+	complete -F _tar $filenames tar
+
+# jar(1) completion
+#
+have jar &&
+_jar()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	if [ $COMP_CWORD = 1 ]; then
+		COMPREPLY=( $( compgen -W 'c t x u' -- $cur ) )
+		return 0
+	fi
+
+	case "${COMP_WORDS[1]}" in
+		*c*f)
+			_filedir
+			;;
+		*f)
+			_filedir '?(e|j|w)ar'
+			;;
+		*)
+			_filedir
+			;;
+	esac
+} &&
+complete -F _jar $filenames jar
+
+# Linux iptables(8) completion
+#
+have iptables &&
+_iptables()
+{
+	local cur prev table chain
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+	chain='s/^Chain \([^ ]\+\).*$/\1/p'
+
+	if [[ $COMP_LINE == *-t\ *filter* ]]; then
+		table="-t filter"
+	elif [[ $COMP_LINE == *-t\ *nat* ]]; then
+		table="-t nat"
+	elif [[ $COMP_LINE == *-t\ *mangle* ]]; then
+		table="-t mangle"
+	fi
+
+	case "$prev" in
+	-*[AIDRPFXLZ])
+		COMPREPLY=( $( compgen -W '`iptables $table -nL | \
+			    sed -ne "s/^Chain \([^ ]\+\).*$/\1/p"`' -- $cur ) )
+		;;
+	-*t)
+		COMPREPLY=( $( compgen -W 'nat filter mangle' -- $cur ) )
+		;;
+	-j)
+		if [ "$table" = "-t filter" -o "$table" = "" ]; then
+		    COMPREPLY=( $( compgen -W 'ACCEPT DROP LOG ULOG REJECT \
+		    `iptables $table -nL | sed -ne "$chain" \
+		    -e "s/INPUT|OUTPUT|FORWARD|PREROUTING|POSTROUTING//"`' -- \
+		    $cur ) )
+		elif [ "$table" = "-t nat" ]; then
+		    COMPREPLY=( $( compgen -W 'ACCEPT DROP LOG ULOG REJECT \
+		    MIRROR SNAT DNAT MASQUERADE `iptables $table -nL | \
+		    sed -ne "$chain" -e "s/OUTPUT|PREROUTING|POSTROUTING//"`' \
+		    -- $cur ) )
+		elif [ "$table" = "-t mangle" ]; then
+		    COMPREPLY=( $( compgen -W 'ACCEPT DROP LOG ULOG REJECT \
+		    MARK TOS `iptables $table -nL | sed -ne "$chain" \
+		    -e "s/INPUT|OUTPUT|FORWARD|PREROUTING|POSTROUTING//"`' -- \
+		    $cur ) )
+		fi
+		;;
+	*)
+		if [[ "$cur" == -* ]]; then
+		    COMPREPLY=( $( compgen -W '-i -o -s -d -p -f -m --append \
+		    --delete --insert --replace --list --flush --zero --new \
+		    --delete-chain --policy --rename-chain --proto --source \
+		    --destination --in-interface --jump --match --numeric \
+		    --out-interface --table --verbose --line-numbers --exact \
+		    --fragment --modprobe= --set-counters --version' -- "$cur") )
+		fi
+		;;
+	esac
+
+} &&
+complete -F _iptables iptables
+
+# tcpdump(8) completion
+#
+have tcpdump &&
+_tcpdump()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(r|w|F))
+			_filedir
+			return 0
+			;;
+		-i)
+			_available_interfaces -a
+			return 0
+			;;
+	esac
+
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-a -d -e -f -l -n -N -O -p \
+			-q -R -S -t -u -v -x -C -F -i -m -r -s -T -w \
+			-E' -- $cur ) )
+	fi
+
+} &&
+complete -F _tcpdump tcpdump
+
+# autorpm(8) completion
+#
+have autorpm &&
+_autorpm()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	COMPREPLY=( $( compgen -W '--notty --debug --help --version \
+				   auto add fullinfo info help install list \
+				   remove set' -- $cur ) )
+
+} &&
+complete -F _autorpm autorpm
+
+# This meta-cd function observes the CDPATH variable, so that cd additionally
+# completes on directories under those specified in CDPATH.
+#
+_cd()
+{
+	local IFS=$'\t\n' cur=`_get_cword` i j k
+
+	# try to allow variable completion
+	if [[ "$cur" == ?(\\)\$* ]]; then
+		COMPREPLY=( $( compgen -v -P '$' -- "${cur#?(\\)$}" ) )
+		return 0
+	fi
+
+	# Use standard dir completion if no CDPATH or parameter starts with /,
+	# ./ or ../
+	if [ -z "${CDPATH:-}" ] || [[ "$cur" == ?(.)?(.)/* ]]; then
+		_filedir -d
+		return 0
+	fi
+
+	local -r mark_dirs=$(_rl_enabled mark-directories && echo y)
+	local -r mark_symdirs=$(_rl_enabled mark-symlinked-directories && echo y)
+
+	# we have a CDPATH, so loop on its contents
+	for i in ${CDPATH//:/$'\t'}; do
+		# create an array of matched subdirs
+		k="${#COMPREPLY[@]}"
+		for j in $( compgen -d $i/$cur ); do
+			if [[ ( $mark_symdirs && -h $j || $mark_dirs && ! -h $j ) && ! -d ${j#$i/} ]]; then
+				j="${j}/"
+			fi
+			COMPREPLY[k++]=${j#$i/}
+		done
+	done
+
+	_filedir -d
+
+	if [[ ${#COMPREPLY[@]} -eq 1 ]]; then
+	    i=${COMPREPLY[0]}
+	    if [ "$i" == "$cur" ] && [[ $i != "*/" ]]; then
+		COMPREPLY[0]="${i}/"
+	    fi
+	fi
+	    
+	return 0
+}
+if shopt -q cdable_vars; then
+    complete -v -F _cd $nospace $filenames cd
+else
+    complete -F _cd $nospace $filenames cd
+fi
+
+_remove_comp_word()
+{
+	if [[ COMP_CWORD -eq 0 ]]; then
+		return
+	elif [[ ${#COMP_WORDS[@]} -ge 2 ]]; then
+		local old_cw0="${COMP_WORDS[0]}"
+		local new_cw0="${COMP_WORDS[1]}"
+		local old_length="${#COMP_LINE}"
+		COMP_LINE=${COMP_LINE#${old_cw0}}
+		local head=${COMP_LINE:0:${#new_cw0}}
+		local i=1
+		while [[ $head != $new_cw0 ]]; do
+			COMP_LINE=${COMP_LINE:1}
+			head=${COMP_LINE:0:${#new_cw0}}
+			if (( ++i > 10 )); then
+				break
+			fi
+		done
+		local new_length="${#COMP_LINE}"
+		COMP_POINT=$(( COMP_POINT + new_length - old_length))
+
+		COMP_CWORD=$(( COMP_CWORD - 1 ))
+		for (( i=0; i < ${#COMP_WORDS[@]} - 1; ++i )); do
+			COMP_WORDS[i]="${COMP_WORDS[i+1]}"
+		done
+		unset COMP_WORDS[${#COMP_WORDS[@]}-1]
+	else
+		return
+	fi
+}
+
+# A meta-command completion function for commands like sudo(8), which need to
+# first complete on a command, then complete according to that command's own
+# completion definition - currently not quite foolproof (e.g. mount and umount
+# don't work properly), but still quite useful.
+#
+_command()
+{
+	local cur func cline cspec noglob cmd done i \
+	      _COMMAND_FUNC _COMMAND_FUNC_ARGS
+
+	_remove_comp_word
+	COMPREPLY=()
+	cur=`_get_cword`
+	# If the the first arguments following our meta-command-invoker are
+	# switches, get rid of them. Most definitely not foolproof.
+	done=
+	while [ -z $done ] ; do
+	    cmd=${COMP_WORDS[0]}
+	    if [[ "$cmd" == -* ]] && [ $COMP_CWORD -ge 1 ]; then
+	        _remove_comp_word
+	    elif [[ "$cmd" == -* ]] && [[ $COMP_CWORD -eq 0 ]]; then
+		return
+	    else 
+		done=1
+	    fi
+	done
+
+	if [ $COMP_CWORD -eq 0 ]; then
+		COMPREPLY=( $( compgen -c -- $cur ) )
+	elif complete -p $cmd &>/dev/null; then
+		cspec=$( complete -p $cmd )
+		if [ "${cspec#* -F }" != "$cspec" ]; then
+			# COMP_CWORD and COMP_WORDS() are not read-only,
+			# so we can set them before handing off to regular
+			# completion routine
+
+			# get function name
+			func=${cspec#*-F }
+			func=${func%% *}
+
+			if [[ ${#COMP_WORDS[@]} -ge 2 ]]; then
+				$func $cmd "${COMP_WORDS[${#COMP_WORDS[@]}-1]}" "${COMP_WORDS[${#COMP_WORDS[@]}-2]}"
+			else
+				$func $cmd "${COMP_WORDS[${#COMP_WORDS[@]}-1]}"
+			fi
+
+			# remove any \: generated by a command that doesn't
+			# default to filenames or dirnames (e.g. sudo chown)
+			# FIXME: I'm pretty sure this does not work!
+			if [ "${cspec#*-o }" != "$cspec" ]; then
+				cspec=${cspec#*-o }
+				cspec=${cspec%% *}
+				if [[ "$cspec" != @(dir|file)names ]]; then
+					COMPREPLY=("${COMPREPLY[@]//\\\\:/:}")
+				fi
+			fi
+		elif [ -n "$cspec" ]; then
+			cspec=${cspec#complete};
+			cspec=${cspec%%$cmd};
+			COMPREPLY=( $( eval compgen "$cspec" -- "$cur" ) );
+		fi
+	fi
+
+	[ ${#COMPREPLY[@]} -eq 0 ] && _filedir
+}
+complete -F _command $filenames nohup exec nice eval strace time ltrace then \
+	else do vsound command xargs
+
+_root_command()
+{
+	PATH=/usr/gnu/bin:$PATH:/sbin:/usr/sbin _command $1 $2 $3
+}
+complete -F _root_command $filenames sudo fakeroot really
+
+# ant(1) completion
+#
+have ant && {
+_ant()
+{
+	local cur prev buildfile i
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-buildfile|-f)
+			_filedir 'xml'
+			return 0
+			;;
+		-logfile)
+			_filedir
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		# relevant options completion
+		COMPREPLY=( $( compgen -W '-help -projecthelp -version -quiet \
+			       -verbose -debug -emacs -logfile -logger \
+			       -listener -buildfile -f -D -find' -- $cur ) )
+	else
+		# available targets completion
+		# find which buildfile to use
+		buildfile=build.xml
+		for (( i=1; i < COMP_CWORD; i++ )); do
+			if [[ "${COMP_WORDS[i]}" == -buildfile ]]; then
+				buildfile=${COMP_WORDS[i+1]}
+				break
+			fi
+		done
+		[ ! -f $buildfile ] && return 0
+
+		# parse buildfile for targets
+		COMPREPLY=( $( awk -F'"' '/<target name="/ {print $2}' \
+				$buildfile | grep "^$cur" )
+			    $( awk -F"'" "/<target name='/ "'{print $2}' \
+				$buildfile | grep "^$cur" )
+			    $( awk -F'"' '/<target [^n]/ {if ($1 ~ /name=/) { print $2 } else if ($3 ~ /name=/) {print $4} else if ($5 ~ /name=/) {print $6}}' \
+				$buildfile | grep "^$cur" ) )
+	fi
+}
+have complete-ant-cmd.pl && \
+     complete -C complete-ant-cmd.pl -F _ant $filenames ant || \
+     complete -F _ant $filenames ant
+}
+
+have nslookup &&
+_nslookup()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=${COMP_WORDS[COMP_CWORD]#-}
+
+	COMPREPLY=( $( compgen -P '-' -W 'all class= debug d2 domain= \
+			       srchlist= defname search port= querytype= \
+			       type= recurse retry root timeout vc \
+			       ignoretc' -- $cur ) )
+} &&
+complete -F _nslookup nslookup
+
+# mysqladmin(1) completion
+#
+have mysqladmin &&
+_mysqladmin()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+	-u)
+		COMPREPLY=( $( compgen -u -- $cur ) )
+		return 0
+		;;
+	*)
+		;;
+	esac
+
+	COMPREPLY=( $( compgen -W '-# -f -? -C -h -p -P -i -r -E -s -S -t -u \
+					      -v -V -w' -- $cur ) )
+
+	COMPREPLY=( "${COMPREPLY[@]}" \
+		    $( compgen -W 'create drop extended-status flush-hosts \
+				   flush-logs flush-status flush-tables \
+				   flush-threads flush-privileges kill \
+				   password ping processlist reload refresh \
+				   shutdown status variables version' \
+		       -- $cur ) )
+} &&
+complete -F _mysqladmin mysqladmin
+
+# gzip(1) completion
+#
+have gzip &&
+_gzip()
+{
+	local cur prev xspec IFS=$'\t\n'
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-c -d -f \
+			-h -l -L -n -N -q -r -S -t -v -V \
+			-1 -2 -3 -4 -5 -6 -7 -8 -9 \
+			--stdout --decompress --force --help --list \
+			--license --no-name --name --quiet --recursive \
+			--suffix --test --verbose --version --fast \
+			--best' -- $cur ) )
+		return 0
+	fi
+
+	xspec="*.?(t)gz"
+	if [[ "$prev" == --* ]]; then
+		[[ "$prev" == --decompress || \
+			"$prev" == --list || \
+			"$prev" == --test ]] && xspec="!"$xspec
+		[[ "$prev" == --force ]] && xspec=
+	elif [[ "$prev" == -* ]]; then
+		[[ "$prev" == -*[dlt]* ]] && xspec="!"$xspec
+		[[ "$prev" == -*f* ]] && xspec=
+	elif [ "$prev" = '>' ]; then
+		xspec=
+	elif [ "$prev" = '<' ]; then
+		xspec=
+	fi
+
+	_expand || return 0
+
+	COMPREPLY=( $( compgen -f -X "$xspec" -- $cur ) \
+		    $( compgen -d -- $cur ) )
+} &&
+complete -F _gzip $filenames gzip
+
+# bzip2(1) completion
+#
+have bzip2 &&
+_bzip2()
+{
+	local cur prev xspec IFS=$'\t\n'
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-c -d -f -h -k -L -q -s \
+			-t -v -V -z -1 -2 -3 -4 -5 -6 -7 -8 -9 \
+			--help --decompress --compress --keep --force \
+			--test --stdout --quiet --verbose --license \
+			--version --small --fast --best' -- $cur ) )
+		return 0
+	fi
+
+	xspec="*.bz2"
+	if [[ "$prev" == --* ]]; then
+		[[ "$prev" == --decompress || \
+			"$prev" == --list || \
+			"$prev" == --test ]] && xspec="!"$xspec
+		[[ "$prev" == --compress ]] && xspec=
+	elif [[ "$prev" == -* ]]; then
+		[[ "$prev" == -*[dt]* ]] && xspec="!"$xspec
+		[[ "$prev" == -*z* ]] && xspec=
+	fi
+
+	_expand || return 0
+
+	COMPREPLY=( $( compgen -f -X "$xspec" -- $cur ) \
+		    $( compgen -d -- $cur ) )
+} &&
+complete -F _bzip2 $filenames bzip2
+
+# openssl(1) completion
+#
+have openssl && {
+_openssl_sections()
+{
+	local config
+
+	config=/etc/ssl/openssl.cnf
+	[ ! -f $config ] && config=/usr/share/ssl/openssl.cnf
+	for (( i=2; i < COMP_CWORD; i++ )); do
+		if [[ "${COMP_WORDS[i]}" == -config ]]; then
+			config=${COMP_WORDS[i+1]}
+			break
+		fi
+	done
+	[ ! -f $config ] && return 0
+
+	COMPREPLY=( $( awk '/\[.*\]/ {print $2} ' $config | grep "^$cur" ) )
+}
+
+_openssl()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	if [ $COMP_CWORD -eq 1 ]; then
+		COMPREPLY=( $( compgen -W 'asn1parse ca ciphers crl crl2pkcs7 \
+			dgst dh dhparam dsa dsaparam enc errstr gendh gendsa \
+			genrsa nseq passwd pkcs12 pkcs7 pkcs8 rand req rsa \
+			rsautl s_client s_server s_time sess_id smime speed \
+			spkac verify version x509 md2 md4 md5 mdc2 rmd160 sha \
+			sha1 base64 bf bf-cbc bf-cfb bf-ecb bf-ofb cast \
+			cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb des \
+			des-cbc des-cfb des-ecb des-ede des-ede-cbc \
+			des-ede-cfb des-ede-ofb des-ede3 des-ede3-cbc \
+			des-ede3-cfb des-ede3-ofb des-ofb des3 desx rc2 \
+			rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb \
+			rc4 rc4-40' -- $cur ) )
+	else
+		prev=${COMP_WORDS[COMP_CWORD-1]}
+		case ${COMP_WORDS[1]} in
+			asn1parse)
+				case $prev in
+					-inform)
+						COMPREPLY=( $( compgen -W 'DER PEM' -- $cur ) )
+						return 0
+						;;
+					-@(in|out|oid))
+						_filedir
+						return 0
+						;;
+					esac
+
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-inform -in -out -noout -offset \
+						-length -i -oid -strparse' -- $cur ) )
+				fi
+				;;
+			ca)
+				case $prev in
+					-@(config|revoke|cert|in|out|spkac|ss_cert))
+						_filedir
+						return 0
+						;;
+					-outdir)
+						_filedir -d
+						return 0
+						;;
+					-@(name|crlexts|extensions))
+						_openssl_sections
+						return 0
+						;;
+				esac
+
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-verbose -config -name \
+						-gencrl -revoke -crldays -crlhours -crlexts \
+						-startdate -enddate -days -md -policy -keyfile \
+						-key -passin -cert -in -out -notext -outdir \
+						-infiles -spkac -ss_cert -preserveDN -batch \
+						-msie_hack -extensions' -- $cur ) )
+				fi
+				;;
+			ciphers)
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-v -ssl2 -ssl3 -tls1' -- $cur ) )
+				fi
+				;;
+			crl)
+				case $prev in
+					-@(in|out)form)
+						COMPREPLY=( $( compgen -W 'DER PEM' -- $cur ) )
+						return 0
+						;;
+					-@(in|out|CAfile))
+						_filedir
+						return 0
+						;;
+					-CAPath)
+						_filedir -d
+						return 0
+						;;
+				esac
+
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-inform -outform -text -in -out -noout \
+						-hash -issuer -lastupdate -nextupdate -CAfile -CApath' -- $cur ) )
+				fi
+				;;
+			crl2pkcs7)
+				case $prev in
+					-@(in|out)form)
+						COMPREPLY=( $( compgen -W 'DER PEM' -- $cur ) )
+						return 0
+						;;
+					-@(in|out))
+						_filedir
+						return 0
+						;;
+				esac
+
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-inform -outform -in -out -print_certs' -- $cur ) )
+				fi
+				;;
+			dgst)
+				case $prev in
+					-@(out|sign|verify|prvrify|signature))
+						_filedir
+						return 0
+						;;
+				esac
+
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-md5 -md4 -md2 -sha1 -sha -mdc2 -ripemd160 -dss1 \
+						-c -d -hex -binary -out -sign -verify -prverify -signature' -- $cur ) )
+				else
+						_filedir
+				fi
+			       ;;
+			dsa)
+				case $prev in
+					-@(in|out)form)
+						COMPREPLY=( $( compgen -W 'DER PEM' -- $cur ) )
+						return 0
+						;;
+					-@(in|out))
+						_filedir
+						return 0
+						;;
+				esac
+
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-inform -outform -in -passin -out -passout -des -des3 -idea -text -noout \
+						-modulus -pubin -pubout' -- $cur ) )
+				fi
+				;;
+			dsaparam)
+				case $prev in
+					-@(in|out)form)
+						COMPREPLY=( $( compgen -W 'DER PEM' -- $cur ) )
+						return 0
+						;;
+					-@(in|out|rand))
+						_filedir
+						return 0
+						;;
+				esac
+
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-inform -outform -in -out -noout \
+						-text -C -rand -genkey' -- $cur ) )
+				fi
+				;;
+			enc)
+				case $prev in
+					-@(in|out|kfile))
+						_filedir
+						return 0
+						;;
+				esac
+
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-ciphername -in -out -pass \
+						-e -d -a -A -k -kfile -S -K -iv -p -P -bufsize -debug' -- $cur ) )
+				fi
+				;;
+			dhparam)
+				case $prev in
+					-@(in|out)form)
+						COMPREPLY=( $( compgen -W 'DER PEM' -- $cur ) )
+						return 0
+						;;
+					-@(in|out|rand))
+						_filedir
+						return 0
+						;;
+				esac
+
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-inform -outform -in -out -dsaparam -noout \
+						-text -C -2 -5 -rand' -- $cur ) )
+				fi
+				;;
+			gendsa)
+				case $prev in
+					-@(out|rand))
+						_filedir
+						return 0
+						;;
+				esac
+
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-out -des -des3 -idea -rand' -- $cur ) )
+				else
+						_filedir
+				fi
+				;;
+			genrsa)
+				case $prev in
+					-@(out|rand))
+						_filedir
+						return 0
+						;;
+				esac
+
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-out -passout -des -des3 -idea -f4 -3 -rand' -- $cur ) )
+				fi
+				;;
+			pkcs7)
+				case $prev in
+					-@(in|out)form)
+						COMPREPLY=( $( compgen -W 'DER PEM' -- $cur ) )
+						return 0
+						;;
+					-@(in|out))
+						_filedir
+						return 0
+						;;
+				esac
+
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-inform -outform -in -out -print_certs -text -noout' -- $cur ) )
+				fi
+				;;
+			rand)
+				case $prev in
+					-@(out|rand))
+						_filedir
+						return 0
+						;;
+				esac
+
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-out -rand -base64' -- $cur ) )
+				fi
+				;;
+			req)
+				case "$prev" in
+					-@(in|out|key)form)
+						COMPREPLY=( $( compgen -W 'DER PEM' -- $cur ) )
+						return 0
+						;;
+
+					-@(in|out|rand|key|keyout|config))
+						_filedir
+						return 0
+						;;
+					-extensions)
+						_openssl_sections
+						return 0
+						;;
+				esac
+
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-inform -outform -in \
+						-passin -out -passout -text -noout -verify \
+						-modulus -new -rand -newkey -newkey -nodes \
+						-key -keyform -keyout -md5 -sha1 -md2 -mdc2 \
+						-config -x509 -days -asn1-kludge -newhdr \
+						-extensions -reqexts section' -- $cur ) )
+				fi
+				;;
+			rsa)
+				case $prev in
+					-@(in|out)form)
+						COMPREPLY=( $( compgen -W 'DER NET PEM' -- $cur ) )
+						return 0
+						;;
+					-@(in|out))
+						_filedir
+						return 0
+						;;
+				esac
+
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-inform -outform -in -passin -out -passout \
+						-sgckey -des -des3 -idea -text -noout -modulus -check -pubin \
+						-pubout -engine' -- $cur ) )
+				fi
+				;;
+			rsautl)
+				case $prev in
+					-@(in|out|inkey))
+						_filedir
+						return 0
+						;;
+				esac
+
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-in -out -inkey -pubin -certin -sign -verify \
+						-encrypt -decrypt -pkcs -ssl -raw -hexdump -asn1parse' -- $cur ) )
+				fi
+				;;
+			s_client)
+				case $prev in
+					-connect)
+						_known_hosts
+						return 0
+						;;
+					-@(cert|key|CAfile|rand))
+						_filedir
+						return 0
+						;;
+					-CApath)
+						_filedir -d
+						return 0
+						;;
+				esac
+
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-connect -verify -cert -key -CApath -CAfile \
+						-reconnect -pause -showcerts -debug -msg -nbio_test -state -nbio \
+						-crlf -ign_eof -quiet -ssl2 -ssl3 -tls1 -no_ssl2 -no_ssl3 -no_tls1 \
+						-bugs -cipher -starttls -engine -rand' -- $cur ) )
+				fi
+				;;
+			s_server)
+				case $prev in
+					-@(cert|key|dcert|dkey|dhparam|CAfile|rand))
+						_filedir
+						return 0
+						;;
+					-CApath)
+						_filedir -d
+						return 0
+						;;
+				esac
+
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-accept -context -verify -Verify -cert -key \
+						 -dcert -dkey -dhparam -nbio -nbio_test -crlf -debug -msg -state -CApath \
+						 -CAfile -nocert -cipher -quiet -no_tmp_rsa -ssl2 -ssl3 -tls1 -no_ssl2 \
+						 -no_ssl3 -no_tls1 -no_dhe -bugs -hack -www -WWW -HTTP -engine -id_prefix \
+						 -rand' -- $cur ) )
+				 fi
+				 ;;
+			s_time)
+				case $prev in
+					-connect)
+						_known_hosts
+						return 0
+						;;
+					-@(cert|key|CAfile))
+						_filedir
+						return 0
+						;;
+					-CApath)
+						_filedir -d
+						return 0
+						;;
+				esac
+
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-connect -www -cert -key -CApath -CAfile -reuse \
+						-new -verify -nbio -time -ssl2 -ssl3 -bugs -cipher' -- $cur ) )
+				fi
+				;;
+
+			sess_id) 
+				case $prev in
+					-@(in|out)form)
+						COMPREPLY=( $( compgen -W 'DER PEM' -- $cur ) )
+						return 0
+						;;
+					-@(in|out))
+						_filedir
+						return 0
+						;;
+				esac
+
+
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-inform -outform -in -out -text -noout \
+						-context ID' -- $cur ) )
+				fi
+				;;
+			smime)
+				case $prev in
+					-@(in|out)form)
+						COMPREPLY=( $( compgen -W 'SMIME DER PEM' -- $cur ) )
+						return 0
+						;;
+					-@(in|out|certfile|signer|recip|inkey|content|rand))
+						_filedir
+						return 0
+						;;
+				esac
+
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-encrypt -decrypt -sign -verify -pk7out -des -des3 \
+						-rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256 -in -certfile -signer \
+						-recip -inform -passin -inkey -out -outform -content -to -from -subject \
+						-text -rand' -- $cur ) )
+				else
+						_filedir
+				fi
+				;;
+			speed)
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-engine' -- $cur ) )
+				else
+					COMPREPLY=( $( compgen -W 'md2 mdc2 md5 hmac sha1 rmd160 idea-cbc \
+						rc2-cbc rc5-cbc bf-cbc des-cbc des-ede3 rc4 rsa512 rsa1024 rsa2048 \
+						rsa4096 dsa512 dsa1024 dsa2048 idea rc2 des rsa blowfish' -- $cur ) )
+				fi
+				;;
+			verify)
+				case $prev in
+					-@(CAfile|untrusted))
+						_filedir
+						return 0
+						;;
+					-CApath)
+						_filedir -d
+						return 0
+						;;
+				esac
+
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-CApath -CAfile -purpose -untrusted -help -issuer_checks \
+						-verbose -certificates' -- $cur ) )
+				else
+						_filedir
+				fi
+				;;
+			x509)
+				case "$prev" in
+					-@(in|out|CA|CAkey|CAserial|extfile))
+						_filedir
+						return 0
+						;;
+					-@(in|out)form)
+						COMPREPLY=( $( compgen -W 'DER PEM NET' -- $cur ) )
+						return 0
+						;;
+					-@(key|CA|CAkey)form)
+						COMPREPLY=( $( compgen -W 'DER PEM' -- $cur ) )
+						return 0
+						;;
+					-extensions)
+						_openssl_sections
+						return 0
+						;;
+				esac
+
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-inform -outform \
+						-keyform -CAform -CAkeyform -in -out \
+						-serial -hash -subject -issuer -nameopt \
+						-email -startdate -enddate -purpose \
+						-dates -modulus -fingerprint -alias \
+						-noout -trustout -clrtrust -clrreject \
+						-addtrust -addreject -setalias -days \
+						-set_serial -signkey -x509toreq -req \
+						-CA -CAkey -CAcreateserial -CAserial \
+						-text -C -md2 -md5 -sha1 -mdc2 -clrext \
+						-extfile -extensions -engine' -- $cur ) )
+				fi
+				;;
+			@(md5|md4|md2|sha1|sha|mdc2|ripemd160))
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-c -d' -- $cur ) )
+				else
+						_filedir
+				fi
+				;;
+		esac
+	fi
+
+	return 0
+}
+complete -F _openssl $default openssl
+}
+
+# screen(1) completion
+#
+have screen &&
+_screen()
+{
+	local cur prev preprev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	[ "$COMP_CWORD" -ge 2 ] && preprev=${COMP_WORDS[COMP_CWORD-2]}
+
+	if [ "$preprev" = "-d" -o "$preprev" = "-D" -a "$prev" = "-r" -o \
+	     "$prev" = "-R" ]; then
+		# list all
+		COMPREPLY=( $( command screen -ls | \
+				sed -ne 's|^['$'\t'']\+\('$cur'[0-9]\+\.[^'$'\t'']\+\).*$|\1|p' ) )
+	else
+		case "$prev" in
+		-[rR])
+			# list detached
+			COMPREPLY=( $( command screen -ls | \
+					sed -ne 's|^['$'\t'']\+\('$cur'[0-9]\+\.[^'$'\t'']\+\).*Detached.*$|\1|p' ) )
+			;;
+		-[dDx])
+			# list attached
+			COMPREPLY=( $( command screen -ls | \
+					sed -ne 's|^['$'\t'']\+\('$cur'[0-9]\+\.[^'$'\t'']\+\).*Attached.*$|\1|p' ) )
+			;;
+		-s)
+			# shells
+			COMPREPLY=( $( grep ^${cur:-[^#]} /etc/shells ) )
+			;;
+		*)
+			;;
+		esac
+	fi
+
+	return 0
+} &&
+complete -F _screen $default screen
+
+# lftp(1) bookmark completion
+#
+have lftp &&
+_lftp()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	if [ $COMP_CWORD -eq 1 ] && [ -f ~/.lftp/bookmarks ]; then
+	    COMPREPLY=( $( compgen -W '$( sed -ne "s/^\(.*\)'$'\t''.*$/\1/p" \
+			   ~/.lftp/bookmarks )' -- $cur ) )
+	fi
+
+	return 0
+} &&
+complete -F _lftp $default lftp
+
+# ncftp(1) bookmark completion
+#
+have ncftp &&
+_ncftp()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	if [ $COMP_CWORD -eq 1 ] && [ -f ~/.ncftp/bookmarks ]; then
+	    COMPREPLY=( $( compgen -W '$( sed -ne "s/^\([^,]\{1,\}\),.*$/\1/p" \
+			   ~/.ncftp/bookmarks )' -- $cur ) )
+	fi
+
+	return 0
+} &&
+complete -F _ncftp $default ncftp
+
+# gdb(1) completion
+#
+have gdb &&
+_gdb()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	if [ $COMP_CWORD -eq 1 ]; then
+		COMPREPLY=( $( compgen -c -- $cur ) )
+	elif [ $COMP_CWORD -eq 2 ]; then
+		prev=${prev##*/}
+		COMPREPLY=( $( compgen -fW "$( command ps axo comm,pid | \
+				awk '{if ($1 ~ /^'"$prev"'/) print $2}' ) )" \
+				-- "$cur" ) )
+	fi
+} &&
+complete -F _gdb $filenames gdb
+
+# Postgresql completion
+#
+have psql && {
+_pg_databases() 
+{
+	return
+	COMPREPLY=( $( psql -l 2>/dev/null | \
+			sed -e '1,/^-/d' -e '/^(/,$d' | \
+			awk '{print $1}' | grep "^$cur" ) )
+}
+
+_pg_users()
+{
+	#COMPREPLY=( $( psql -qtc 'select usename from pg_user' template1 2>/dev/null | \
+	#		grep "^ $cur" ) )
+	#[ ${#COMPREPLY[@]} -eq 0 ] &&
+	COMPREPLY=( $( compgen -u -- $cur ) )
+}
+
+# createdb(1) completion
+#
+_createdb() 
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+	-@(h|-host=)) 
+		_known_hosts
+		return 0
+		;;
+	-@(U|-username=))
+		_pg_users
+		return 0
+		;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-D -T -E -h -p -U -W -e -q \
+			--location= --template= --encoding= --host= --port= \
+			--username= --password --echo --quiet --help' -- $cur ))
+	else
+		_pg_databases
+	fi
+}
+complete -F _createdb $default createdb
+
+# dropdb(1) completion
+#
+_dropdb() 
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+	-@(h|-host=)) 
+		_known_hosts
+		return 0
+		;;
+	-@(U|-username=))
+		_pg_users
+		return 0
+		;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-h -p -U -W -e -q \
+				--host= --port= --username= --password \
+				--interactive --echo --quiet --help' -- $cur ) )
+	else
+		_pg_databases
+	fi
+}
+complete -F _dropdb $default dropdb
+
+# psql(1) completion
+#
+_psql() 
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+	-h|--host) 
+		_known_hosts
+		return 0
+		;;
+	-U|--username)
+		_pg_users
+		return 0
+		;;
+	-d|--dbname)
+		_pg_databases
+		return 0
+		;;
+	-@(o|f)|--output|--file)
+		_filedir
+		return 0
+		;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		# return list of available options
+		COMPREPLY=( $( compgen -W '-a --echo-all -A --no-align \
+			-c --command -d --dbname -e --echo-queries \
+			-E --echo-hidden -f --file -F --filed-separator \
+			-h --host -H --html -l --list -n -o --output \
+			-p --port -P --pset -q -R --record-separator \
+			-s --single-step -S --single-line -t --tuples-only \
+			-T --table-attr -U --username -v --variable \
+			-V --version -W --password -x --expanded -X --nopsqlrc \
+			-? --help ' -- $cur ) )
+	else
+		# return list of available databases
+		_pg_databases
+	fi
+}
+complete -F _psql $default psql
+}
+
+_longopt()
+{
+	local cur opt
+
+	cur=`_get_cword`
+
+	if [[ "$cur" == --*=* ]]; then
+		opt=${cur%%=*}
+		# cut backslash that gets inserted before '=' sign
+		opt=${opt%\\*}
+		cur=${cur#*=}
+		_filedir
+		COMPREPLY=( $( compgen -P "$opt=" -W '${COMPREPLY[@]}' -- $cur))
+		return 0
+	fi
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( $1 --help 2>&1 | sed -e '/--/!d' \
+				-e 's/.*\(--[-A-Za-z0-9]\+=\?\).*/\1/' | \
+			       command grep "^$cur" | sort -u ) )
+	elif [[ "$1" == @(mk|rm)dir ]]; then
+		_filedir -d
+	else
+		_filedir
+	fi
+}
+# makeinfo and texi2dvi are defined elsewhere.
+for i in a2ps autoconf automake bc gprof ld nm objcopy objdump readelf strip \
+	 bison cpio diff patch enscript cp df dir du ln ls mkfifo mknod mv rm \
+	 touch vdir awk gperf grep grub indent less m4 sed shar date \
+	 tee who texindex cat csplit cut expand fmt fold head \
+	 md5sum nl od paste pr ptx sha1sum sort split tac tail tr unexpand \
+	 uniq wc ldd bash id irb mkdir rmdir; do
+  have $i && complete -F _longopt $filenames $i
+done
+
+# These commands use filenames, so '-o filenames' is not needed.
+for i in env netstat seq uname units wget; do
+  have $i && complete -F _longopt $default $i
+done
+unset i
+
+# gcc(1) completion
+#
+# The only unusual feature is that we don't parse "gcc --help -v" output
+# directly, because that would include the options of all the other backend
+# tools (linker, assembler, preprocessor, etc) without any indication that
+# you cannot feed such options to the gcc driver directly.  (For example, the
+# linker takes a -z option, but you must type -Wl,-z for gcc.)  Instead, we
+# ask the driver ("g++") for the name of the compiler ("cc1"), and parse the
+# --help output of the compiler.
+#
+have gcc &&
+_gcc()
+{
+	local cur cc backend
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	_expand || return 0
+
+	case "$1" in
+	gcj)
+		backend=jc1
+		;;
+	gpc)
+		backend=gpc1
+		;;
+	*77)
+		backend=f771
+		;;
+	*)
+		backend=cc1	# (near-)universal backend
+		;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		cc=$( $1 -print-prog-name=$backend )
+		# sink stderr:
+		# for C/C++/ObjectiveC it's useless
+		# for FORTRAN/Java it's an error
+		COMPREPLY=( $( $cc --help 2>/dev/null | tr '\t' ' ' | \
+			       sed -e '/^  *-/!d' -e 's/ *-\([^ ]*\).*/-\1/' | \
+			       command grep "^$cur" | sort -u ) )
+	else
+		_filedir
+	fi
+} &&
+complete $filenames -F _gcc gcc g++ c++ g77 gcj gpc
+[ $UNAME = GNU -o $UNAME = Linux -o $UNAME = Cygwin ] && \
+[ -n "${have:-}" ] && complete $filenames -F _gcc cc
+
+# Linux cardctl(8) completion
+#
+have cardctl &&
+_cardctl()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	if [ $COMP_CWORD -eq 1 ]; then
+		COMPREPLY=( $( compgen -W 'status config ident suspend \
+					   resume reset eject insert scheme' \
+			       -- $cur ) )
+	fi
+} &&
+complete -F _cardctl cardctl
+
+# This function is required by _dpkg() and _dpkg-reconfigure()
+#
+have dpkg && {
+_comp_dpkg_installed_packages()
+{
+	grep -A 1 "Package: $1" /var/lib/dpkg/status | \
+		grep -B 1 -E "ok installed|half-installed|unpacked| \
+       			      half-configured|config-files" | \
+	        grep "Package: $1" | cut -d\  -f2
+}
+
+# Debian dpkg(8) completion
+#
+_dpkg()
+{
+	local cur prev i
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+	i=$COMP_CWORD
+
+	_expand || return 0
+
+	# find the last option flag
+	if [[ $cur != -* ]]; then
+		while [[ $prev != -* && $i != 1 ]]; do
+			i=$((i-1))
+			prev=${COMP_WORDS[i-1]}
+		done
+	fi
+
+	case "$prev" in 
+	-@(c|i|A|I|f|e|x|X|-@(install|unpack|record-avail|contents|info|fsys-tarfile|field|control|extract)))
+		_filedir '?(u)deb'
+		return 0
+		;;
+	-@(b|-build))
+		_filedir -d
+		return 0
+		;;
+   	-@(s|p|l|-@(status|print-avail|list)))
+		COMPREPLY=( $( apt-cache pkgnames $cur 2>/dev/null ) )
+		return 0
+		;;
+	-@(S|-search))
+		_filedir
+		return 0
+		;;
+	-@(r|L|P|-@(remove|purge|listfiles)))
+		COMPREPLY=( $( _comp_dpkg_installed_packages $cur ) )
+		return 0
+		;;
+	*)
+
+	COMPREPLY=( $( compgen -W '-i --install --unpack -A --record-avail \
+			--configure -r --remove -P --purge --get-selections \
+			--set-selections --update-avail --merge-avail \
+			--clear-avail  --command-fd --forget-old-unavail -s \
+			--status -p --print-avail -L --listfiles -l --list \
+			-S --search -C --audit --print-architecture \
+			--print-gnu-build-architecture \
+			--print-installation-architecture \
+			--compare-versions --help --version --force-help \
+			--force-all --force-auto-select --force-downgrade \
+			--force-configure-any --force-hold --force-bad-path \
+			--force-not-root --force-overwrite \
+			--force-overwrite-diverted --force-bad-verify \
+			--force-depends-version --force-depends \
+			--force-confnew --force-confold --force-confdef \
+			--force-confmiss --force-conflicts --force-architecture\
+			--force-overwrite-dir --force-remove-reinstreq \
+			--force-remove-essential -Dh \
+			--debug=help --licence --admindir= --root= --instdir= \
+			-O --selected-only -E --skip-same-version \
+			-G --refuse-downgrade -B --auto-deconfigure \
+			--no-debsig --no-act -D --debug= --status-fd \
+			-b --build -I --info -f --field -c --contents \
+			-x --extract -X --vextract --fsys-tarfile -e --control \
+			--ignore-depends= --abort-after' -- $cur ) )
+		;;
+	esac
+
+
+}
+complete -F _dpkg $filenames dpkg dpkg-deb
+}
+
+# Debian GNU dpkg-reconfigure(8) completion
+#
+have dpkg-reconfigure &&
+_dpkg_reconfigure()
+{
+	local cur prev opt
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+
+	case "$prev" in
+	    -@(f|-frontend))
+		opt=( $( echo /usr/share/perl5/Debconf/FrontEnd/* ) )
+		opt=( ${opt[@]##*/} )
+		opt=( ${opt[@]%.pm} )
+		COMPREPLY=( $( compgen -W '${opt[@]}' -- $cur ) )
+		return 0
+		;;
+	    -@(p|-priority))
+  		COMPREPLY=( $( compgen -W 'low medium high critical' -- $cur ) )
+		return 0
+		;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+	    COMPREPLY=( $( compgen -W '-f --frontend -p --priority -a --all \
+				       -u --unseen-only -h --help -s --showold \
+				       --force --terse' -- $cur ) )
+	else
+	    COMPREPLY=( $( _comp_dpkg_installed_packages $cur ) )
+	fi
+} &&
+complete -F _dpkg_reconfigure $default dpkg-reconfigure
+
+# Debian dpkg-source completion
+#
+have dpkg-source &&
+_dpkg_source()
+{
+	local cur prev options work i action packopts unpackopts
+
+	packopts="-c -l -F -V -T -D -U -W -E -sa -i -I -sk -sp -su -sr -ss -sn -sA -sK -sP -sU -sR"
+	unpackopts="-sp -sn -su"
+	options=`echo "-x -b $packopts $unpackopts" | xargs echo | sort -u | xargs echo`
+
+	COMPREPLY=()
+	if [ "$1" != "dpkg-source" ]; then
+		exit 1
+	fi
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+	action="options"
+	for (( i=0; i < ${#COMP_WORDS[@]}-1; i++ )); do
+		if [[ ${COMP_WORDS[$i]} == "-x" ]]; then
+			action=unpack
+		elif [[ ${COMP_WORDS[$i]} == "-b" ]]; then
+			action=pack
+		elif [[ ${COMP_WORDS[$i]} == "-h" ]]; then
+			action=help
+		fi
+	done
+	# if currently seeing a complete option, return just itself.
+	for i in $options; do
+		if [ "$cur" = "$i" ]; then
+			COMPREPLY=( "$cur" )
+			return 0
+		fi
+	done
+	case "$action" in
+		"unpack")
+			if [ "$cur" = "-" -o "$cur" = "-s" ]; then
+				COMPREPLY=( $unpackots )
+				return 0
+			fi
+			case "$prev" in
+				"-x")
+					COMPREPLY=( $( compgen -d -- "$cur" ) \
+						    $( compgen -f -X '!*.dsc' -- "$cur" ) )
+					return 0
+					;;
+				*)
+					COMPREPLY=( $unpackopts $(compgen -d -f -- "$cur" ) )
+					return 0
+					;;
+			esac
+			return 0
+			;;
+		"pack")
+			if [ "$cur" = "-" ]; then
+				COMPREPLY=( $packopts )
+				return 0
+			fi
+			if [ "$cur" = "-s" ]; then
+				COMPREPLY=( "-sa" "-sk" "-sp" "-su" "-sr" "-ss" "-sn" \
+			    		"-sA" "-sK" "-sP" "-sU" "-sR" )
+				return 0
+			fi
+			case "$prev" in
+				"-b")
+					COMPREPLY=( $( compgen -d -- "$cur" ) )
+					return 0
+					;;
+				"-c"|"-l"|"-T"|"-i"|"-I")
+					# -c: get controlfile
+					# -l: get per-version info from this file
+					# -T: read variables here, not debian/substvars
+					# -i: <regexp> filter out files to ignore diffs of.
+					# -I: filter out files when building tarballs.
+					# return directory names and file names
+					COMPREPLY=( $( compgen -d -f ) )
+					return 0
+					;;
+				"-F")
+					# -F: force change log format
+					COMPREPLY=( $( ( cd /usr/lib/dpkg/parsechangelog; compgen -f "$cur" ) ) )
+					return 0
+					;;
+				"-V"|"-D")
+					# -V: set a substitution variable
+					# we don't know anything about possible variables or values
+					# so we don't try to suggest any completion.
+					COMPREPLY=()
+					return 0
+					;;
+				"-D")
+					# -D: override or add a .dsc field and value
+					# if $cur doesn't contain a = yet, suggest variable names
+					if echo -- "$cur" | grep -q "="; then
+						# $cur contains a "="
+						COMPREPLY=()
+						return 0
+					else
+						COMPREPLY=( Format Source Version Binary Maintainer Uploader Architecture Standards-Version Build-Depends Files )
+						return 0
+					fi
+					;;
+				"-U")
+					# -U: remove a field
+					# Suggest possible fieldnames
+					COMPREPLY=( Format Source Version Binary Maintainer Uploader Architecture Standards-Version Build-Depends Files )
+					return 0
+					;;
+				*)
+					COMPREPLY=( $packopts )
+					return 0
+					;;
+			esac
+			return 0
+			;;
+		*)
+			# if seeing a partial option, return possible completions.
+			if [ "$cur" = "-s" ]; then
+				COMPREPLY=( "-sa" "-sk" "-sp" "-su" "-sr" "-ss" "-sn" \
+			    		"-sA" "-sK" "-sP" "-sU" "-sR" )
+				return 0
+			fi
+			# else return all possible options.
+			COMPREPLY=( $options )
+			return 0
+			;;
+	esac
+} &&
+complete -F _dpkg_source dpkg-source
+
+# Debian Linux dselect(8) completion.
+#
+have dselect &&
+_dselect()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+	     --admindir)
+		  _filedir -d
+		  return 0
+		  ;;
+
+	     -@(D|debug))
+		  _filedir
+		  return 0
+		  ;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+	    COMPREPLY=( $( compgen -W '--admindir --help --version --licence \
+				  --license --expert --debug' -- $cur ) )
+	else
+	    COMPREPLY=( $( compgen -W 'access update select install config \
+				  remove quit' -- $cur ) )
+	fi
+
+
+	return 0
+} &&
+complete -F _dselect $filenames dselect
+
+# Java completion
+#
+
+# available path elements completion
+have java && {
+_java_path()
+{
+	cur=${cur##*:}
+	_filedir '@(jar|zip)'
+}
+
+# exact classpath determination
+_java_find_classpath()
+{
+	local i
+
+	# search first in current options
+	for (( i=1; i < COMP_CWORD; i++ )); do
+		if [[ "${COMP_WORDS[i]}" == -@(cp|classpath) ]]; then
+			classpath=${COMP_WORDS[i+1]}
+			break
+		fi
+	done
+
+	# default to environment
+	[ -z "$classpath" ] && classpath=$CLASSPATH
+
+	# default to current directory
+	[ -z "$classpath" ] && classpath=.
+}
+
+# exact sourcepath determination
+_java_find_sourcepath()
+{
+	local i
+
+	# search first in current options
+	for (( i=1; i < COMP_CWORD; i++ )); do
+		if [[ "${COMP_WORDS[i]}" == -sourcepath ]]; then
+			sourcepath=${COMP_WORDS[i+1]}
+			break
+		fi
+	done
+
+	# default to classpath
+	[ -z "$sourcepath" ] && _java_find_classpath
+	sourcepath=$classpath
+}
+
+# available classes completion
+_java_classes()
+{
+	local classpath i
+
+	# find which classpath to use
+	_java_find_classpath
+
+	# convert package syntax to path syntax
+	cur=${cur//.//}
+	# parse each classpath element for classes
+	for i in ${classpath//:/ }; do
+		if [ -r $i ] && [[ "$i" == *.@(jar|zip) ]]; then
+			if type zipinfo &> /dev/null; then
+				COMPREPLY=( "${COMPREPLY[@]}" $( zipinfo -1 \
+				"$i" | grep "^$cur" | grep '\.class$' | \
+				grep -v "\\$" ) )
+			else
+				COMPREPLY=( "${COMPREPLY[@]}" $( jar tf "$i" \
+				"$cur" | grep "\.class$" | grep -v "\\$" ) )
+			fi
+
+		elif [ -d $i ]; then
+			i=${i%/}
+			COMPREPLY=( "${COMPREPLY[@]}" $( find "$i" -type f \
+			-path "$i/$cur*.class" 2>/dev/null | \
+			grep -v "\\$" | sed -e "s|^$i/||" ) )
+		fi
+	done
+
+	# remove class extension
+	COMPREPLY=( ${COMPREPLY[@]%.class} )
+	# convert path syntax to package syntax
+	COMPREPLY=( ${COMPREPLY[@]//\//.} )
+}
+
+# available packages completion
+_java_packages()
+{
+	local sourcepath i
+
+	# find wich sourcepath to use
+	_java_find_sourcepath
+
+	# convert package syntax to path syntax
+	cur=${cur//.//}
+	# parse each sourcepath element for packages
+	for i in ${sourcepath//:/ }; do
+		if [ -d $i ]; then
+			COMPREPLY=( "${COMPREPLY[@]}" $( command ls -F -d \
+				$i/$cur* 2>/dev/null | sed -e 's|^'$i'/||' ) )
+		fi
+	done
+	# keep only packages
+	COMPREPLY=( $( echo "${COMPREPLY[@]}" | tr " " "\n" | grep "/$" ) )
+	# remove packages extension
+	COMPREPLY=( ${COMPREPLY[@]%/} )
+	# convert path syntax to package syntax
+	cur=${COMPREPLY[@]//\//.}
+}
+
+# java completion
+#
+_java()
+{
+	local cur prev i
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	for ((i=1; i < $COMP_CWORD; i++)); do
+		case ${COMP_WORDS[$i]} in
+		    -cp|-classpath)
+			((i++))	# skip the classpath string.
+			;;
+		    -*)
+			# this is an option, not a class/jarfile name.
+			;;
+		    *)
+			# once we've seen a class, just do filename completion
+			_filedir
+			return 0
+			;;
+		esac
+	done
+
+	case $prev in
+		-@(cp|classpath))
+			_java_path
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		# relevant options completion
+		COMPREPLY=( $( compgen -W '-client -hotspot -server -classic \
+				-cp -classpath -D -verbose -verbose:class \
+				-verbose:gc -version:jni -version \
+				-showversion -? -help -X -jar \
+				-ea -enableassertions -da -disableassertions \
+				-esa -enablesystemassertions \
+				-dsa -disablesystemassertions ' -- $cur ) )
+	else
+		if [[ "$prev" == -jar ]]; then
+			# jar file completion
+			_filedir jar
+		else
+			# classes completion
+			_java_classes
+		fi
+	fi
+}
+complete -F _java $filenames java
+}
+
+# javadoc completion
+#
+have javadoc &&
+_javadoc()
+{
+	COMPREPLY=()
+	local cur prev
+
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case $prev in
+		-@(overview|helpfile|stylesheetfile))
+			_filedir
+			return 0
+			;;
+		-d)
+			_filedir -d
+			return 0
+			;;
+		-@(classpath|bootclasspath|docletpath|sourcepath|extdirs))
+			_java_path
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		# relevant options completion
+		COMPREPLY=( $( compgen -W '-overview -public -protected \
+				-package -private -help -doclet -docletpath \
+				-sourcepath -classpath -exclude -subpackages \
+				-breakiterator -bootclasspath -source -extdirs \
+				-verbose -locale -encoding -J -d -use -version \
+				-author -docfilessubdirs -splitindex \
+				-windowtitle -doctitle -header -footer -bottom \
+				-link -linkoffline -excludedocfilessubdir \
+				-group -nocomment -nodeprecated -noqualifier \
+				-nosince -nodeprecatedlist -notree -noindex \
+				-nohelp -nonavbar -quiet -serialwarn -tag \
+				-taglet -tagletpath -charset -helpfile \
+				-linksource -stylesheetfile -docencoding' -- \
+				$cur ) )
+	else
+		# source files completion
+		_filedir java
+		# packages completion
+		_java_packages
+	fi
+} &&
+complete -F _javadoc $filenames javadoc
+
+# javac completion
+#
+have javac &&
+_javac()
+{
+	COMPREPLY=()
+	local cur prev
+
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case $prev in
+		-d)
+			_filedir -d
+			return 0
+			;;
+		-@(classpath|bootclasspath|sourcepath|extdirs))
+			_java_path
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		# relevant options completion
+		COMPREPLY=( $( compgen -W '-g -g:none -g:lines -g:vars\
+		-g:source -O -nowarn -verbose -deprecation -classpath\
+		-sourcepath -bootclasspath -extdirs -d -encoding -source\
+		-target -help' -- $cur ) )
+	else
+		# source files completion
+		_filedir java
+	fi
+} &&
+complete -F _javac $filenames javac
+
+# PINE address-book completion
+#
+have pine &&
+_pineaddr()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	COMPREPLY=( $( compgen -W '$( awk "{print \$1}" ~/.addressbook 2>/dev/null)' \
+			-- $cur ) )
+} &&
+complete -F _pineaddr $default pine
+
+# mutt completion
+#
+# Mutt doesn't have an "addressbook" like Pine, but it has aliases and
+# a "query" function to retrieve addresses, so that's what we use here.
+have mutt || have muttng && {
+_muttaddr()
+{
+	_muttaliases
+	_muttquery
+	return 0
+}
+
+_muttconffiles()
+{
+	local file sofar
+	local -a newconffiles
+
+	sofar=" $1 "
+	shift
+	while [[ "$1" ]]; do
+	    newconffiles=( $(sed -rn 's|^source[[:space:]]+([^[:space:]]+).*$|\1|p' $(eval echo $1) ) )
+	    for file in "${newconffiles[@]}"; do
+		[[ ! "$file" ]] || [[ "${sofar/ ${file} / }" != "$sofar" ]] &&
+		    continue
+		sofar="$sofar $file"
+		sofar=" $(eval _muttconffiles \"$sofar\" $file) "
+	    done
+	    shift
+	done
+	echo $sofar
+}
+
+_muttaliases()
+{
+	local cur muttrc
+	local -a conffiles aliases
+	cur=`_get_cword`
+
+	[ -f ~/.${muttcmd}/${muttcmd}rc ] && muttrc="~/.${muttcmd}/${muttcmd}rc"
+	[ -f ~/.${muttcmd}rc ] && muttrc="~/.${muttcmd}rc"
+	[ -z "$muttrc" ] && return 0
+
+	conffiles=( $(eval _muttconffiles $muttrc $muttrc) )
+	aliases=( $( sed -rn 's|^alias[[:space:]]+([^[:space:]]+).*$|\1|p' \
+			$(eval echo "${conffiles[@]}") ) )
+	COMPREPLY=( "${COMPREPLY[@]}" $( compgen -W "${aliases[*]}" -- $cur ) )
+
+	return 0
+}
+
+_muttquery()
+{
+	local cur querycmd
+	local -a queryresults
+	cur=`_get_cword`
+
+	querycmd="$( $muttcmd -Q query_command  | sed -r 's|^query_command=\"(.*)\"$|\1|; s|%s|'$cur'|' )"
+	if [ -z "$cur" -o -z "$querycmd" ]; then
+	    queryresults=()
+	else 
+	    queryresults=( $( $querycmd | \
+	      sed -nr '2,$s|^([^[:space:]]+).*|\1|p' ) )
+	fi
+
+	COMPREPLY=( "${COMPREPLY[@]}" $( compgen -W "${queryresults[*]}" \
+			-- $cur ) )
+
+	return 0
+}
+
+_muttfiledir()
+{
+	local cur folder spoolfile
+	cur=`_get_cword`
+
+	# This is currently not working so well. Perhaps this function should
+	# just call _filedir() for the moment.
+	if [[ $cur == [=+]* ]]; then
+		folder="$( $muttcmd -Q folder | sed -r 's|^folder=\"(.*)\"$|\1|' )"
+		: folder:=~/Mail
+
+		# Match any file in $folder beginning with $cur
+		# (minus the leading '=' sign).
+		COMPREPLY=( $( compgen -f -- "$folder/${cur:1}" ) )
+		COMPREPLY=( ${COMPREPLY[@]#$folder/} )
+		return 0
+	elif [ "$cur" == !* ]; then
+		spoolfile="$( $muttcmd -Q spoolfile | sed -r 's|^spoolfile=\"(.*)\"$|\1|' )"
+		[ ! -z "$spoolfile" ] && eval cur="${cur/^!/$spoolfile}";
+	fi
+	_filedir
+
+	return 0
+}
+
+_mutt()
+{
+	local cur prev
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	COMPREPLY=()
+	
+	[ ${COMP_WORDS[0]} == muttng ] && muttcmd="muttng" || muttcmd="mutt"
+
+	case "$cur" in
+	-*)
+		COMPREPLY=( $( compgen -W '-A -a -b -c -e -f -F -H -i -m -n \
+					    -p -Q -R -s -v -x -y -z -Z -h' \
+					    -- $cur ) )
+		return 0
+		;;
+	*)
+	    case "$prev" in
+	    -@(a|f|F|H|i))
+		    _muttfiledir
+		    return 0
+		    ;;
+	    -A)
+		    _muttaliases
+		    return 0
+		    ;;
+	    -@(e|m|Q|s|h|p|R|v|y|z|Z))
+		    return 0
+		    ;;
+	    *)
+		    _muttaddr
+		    return 0
+		    ;;
+	    esac
+	    ;;
+	esac
+	
+}
+complete -F _mutt $default $filenames mutt muttng
+}
+
+_configure_func()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	# if $COMP_CONFIGURE_HINTS is not null, then completions of the form
+	# --option=SETTING will include 'SETTING' as a contextual hint
+	[[ "$cur" != -* ]] && return 0
+
+	if [ -n "$COMP_CONFIGURE_HINTS" ]; then
+		COMPREPLY=( $( $1 --help | awk '/^  --[A-Za-z]/ { print $1; if ($2 ~ /--[A-Za-z]/) print $2 }' | sed -e 's/[[,].*//g' | grep ^$cur ) )
+
+	else
+		COMPREPLY=( $( $1 --help | awk '/^  --[A-Za-z]/ { print $1; if ($2 ~ /--[A-Za-z]/) print $2 }' | sed -e 's/[[,=].*//g' | grep ^$cur ) )
+	fi
+}
+complete -F _configure_func $default configure
+
+# Debian reportbug(1) completion
+#
+have reportbug &&
+_reportbug()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+	    -f|--filename|-i|--include|--mta|-o|--output)
+		_filedir
+		return 0
+		;;
+	    -B|--bts)
+		COMPREPLY=( $( compgen -W "debian guug kde mandrake help" -- \
+			       $cur ))
+		return 0
+		;;
+	    -e|--editor|--mua)
+		COMP_WORDS=(COMP_WORDS[0] $cur)
+		COMP_CWORD=1
+		_command
+		return 0
+		;;
+	    --mode)
+		COMPREPLY=( $( compgen -W "novice standard expert" -- $cur ) )
+		return 0
+		;;
+	    -S|--severity)
+		COMPREPLY=( $( compgen -W "grave serious important normal \
+					   minor wishlist" -- $cur ) )
+		return 0
+		;;
+	    -u|--ui|--interface)
+		COMPREPLY=( $( compgen -W "newt text gnome" -- $cur ) )
+		return 0
+		;;
+	    -t|--type)
+		COMPREPLY=( $( compgen -W "gnats debbugs" -- $cur ) )
+		return 0
+		;;
+	    -T|--tags)
+		COMPREPLY=( $( compgen -W "none patch security upstream sid \
+					   woody potato sarge fixed" -- $cur ))
+		return 0
+		;;
+	    *)
+		;;
+	esac
+	
+	COMPREPLY=($( compgen -W '-h --help -v --version -a --af -b \
+			--no-query-bts --query-bts -B --bts -c --configure \
+			--no-config-files --check-available -d --debug \
+			--no-check-available -e --editor --email -f \
+			--filename -g --gnupg -H --header -i --include -j \
+			--justification -l --ldap --no-ldap -L --list-cc -m \
+			--maintonly --mode --mua --mta --mutt -n --mh --nmh \
+			-o --output -p --print -P --pgp --proxy --http_proxy\
+			-q --quiet -Q --query-only --realname --report-quiet \
+			--reply-to --replyto -s --subject -S --severity \
+			--smtphost -t --type -T --tags --template -V -x \
+			--no-cc --package-version -z --no-compress \
+			--ui --interface -u \
+			wnpp boot-floppies kernel-image' -- $cur ) \
+	    		$( apt-cache pkgnames -- $cur 2> /dev/null ) )
+	_filedir
+	return 0
+} &&
+complete -F _reportbug $filenames reportbug
+
+# Debian querybts(1) completion
+#
+have querybts &&
+_querybts()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+	    -B|--bts)
+		COMPREPLY=( $( compgen -W "debian guug kde mandrake help" -- \
+			       $cur ))
+		return 0
+		;;
+	    -u|--ui|--interface)
+		COMPREPLY=($( compgen -W "newt text gnome" -- $cur ))
+		return 0
+		;;
+	    *)
+		;;
+	esac
+
+	COMPREPLY=($( compgen -W '-h --help -v --version -A --archive \
+			-B --bts -l --ldap --no-ldap --proxy= --http_proxy= \
+			-s --source -w --web -u --ui --interface \
+			wnpp boot-floppies' -- $cur ) \
+	    		$( apt-cache pkgnames -- $cur 2> /dev/null ) )
+} &&
+complete -F _querybts $filenames querybts
+
+# update-alternatives completion
+#
+have update-alternatives && {
+installed_alternatives()
+{
+	local admindir
+	# find the admin dir
+	for i in alternatives dpkg/alternatives rpm/alternatives; do
+		[ -d /var/lib/$i ] && admindir=/var/lib/$i && break
+	done
+	for (( i=1; i < COMP_CWORD; i++ )); do
+		if [[ "${COMP_WORDS[i]}" == --admindir ]]; then
+			admindir=${COMP_WORDS[i+1]}
+			break
+		fi
+	done
+	COMPREPLY=( $( command ls $admindir | grep "^$cur" ) )
+}
+
+_update_alternatives()
+{
+	local cur prev mode args i
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+	--@(altdir|admindir))
+		_filedir -d
+		return 0
+		;;
+	--@(help|version))
+		return 0
+		;;
+	esac
+
+	# find wich mode to use and how many real args used so far
+	for (( i=1; i < COMP_CWORD; i++ )); do
+		if [[ "${COMP_WORDS[i]}" == --@(install|remove|auto|display|config|remove-all) ]]; then
+			mode=${COMP_WORDS[i]}
+			args=$(($COMP_CWORD - i))
+			break
+		fi
+	done
+
+	case $mode in
+	--install)
+		case $args in
+		1)
+			_filedir
+			;;
+		2)
+			installed_alternatives
+			;;
+		3)
+			_filedir
+			;;
+		esac
+		;;
+	--remove)
+		case $args in
+		1)
+			installed_alternatives
+			;;
+		2)
+			_filedir
+			;;
+		esac
+		;;
+	--auto)
+		installed_alternatives
+		;;
+	--remove-all)
+		installed_alternatives
+		;;
+	--display)
+		installed_alternatives
+		;;
+	--config)
+		installed_alternatives
+		;;
+	*)
+		COMPREPLY=( $( compgen -W '--verbose --quiet --help --version \
+			       --altdir --admindir' -- $cur ) \
+			    $( compgen -W '--install --remove --auto --display \
+			       --config' -- $cur ) )
+	esac
+}
+complete -F _update_alternatives update-alternatives
+}
+
+# Python completion
+#
+have python &&
+_python()
+{
+	local prev cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]##*/}
+
+	case "$prev" in
+	-Q)
+		COMPREPLY=( $( compgen -W "old new warn warnall" -- $cur ) )
+		return 0
+		;;
+	-W)
+		COMPREPLY=( $( compgen -W "ignore default all module once error" -- $cur ) )
+		return 0
+		;;
+	-c)
+		_filedir '@(py|pyc|pyo)'
+		return 0
+		;;
+	!(python|-?))
+		[[ ${COMP_WORDS[COMP_CWORD-2]} != -@(Q|W) ]] && _filedir
+		;;
+	esac
+
+
+	# if '-c' is already given, complete all kind of files.
+	for (( i=0; i < ${#COMP_WORDS[@]}-1; i++ )); do
+		if [[ ${COMP_WORDS[i]} == -c ]]; then
+			_filedir
+		fi
+	done
+
+
+	if [[ "$cur" != -* ]]; then
+		_filedir '@(py|pyc|pyo)'
+	else
+		COMPREPLY=( $( compgen -W "- -d -E -h -i -O -Q -S -t -u \
+					   -U -v -V -W -x -c" -- $cur ) )
+	fi
+
+
+
+	return 0
+} &&
+complete -F _python $filenames python
+
+# Perl completion
+#
+have perl &&
+{
+_perlmodules()
+{
+    COMPREPLY=( $( compgen -P "$prefix" -W "$( perl -e 'sub mods { my ($base,$dir)=@_; return if  $base !~ /^\Q$ENV{cur}/; chdir($dir) or return; for (glob(q[*.pm])) {s/\.pm$//; print qq[$base$_\n]}; mods(/^(?:[.\d]+|$Config{archname}-$Config{osname}|auto)$/ ? undef : qq[${base}${_}\\\\:\\\\:],qq[$dir/$_]) for grep {-d} glob(q[*]); } mods(undef,$_) for @INC;' )" -- $cur ) )
+}
+
+_perl()
+{
+    local cur prev prefix temp
+
+    COMPREPLY=()
+    cur=`_get_cword`
+    prev=${COMP_WORDS[COMP_CWORD-1]}
+    prefix=""
+
+    # completing an option (may or may not be separated by a space)
+    if [[ "$cur" == -?* ]]; then
+	temp=$cur
+	prev=${temp:0:2}
+	cur=${temp:2}
+	prefix=$prev
+    fi
+
+    # only handle module completion for now
+    case "$prev" in
+    	-I|-x)
+	    COMPREPLY=( $( compgen -d -P "$prev" -- "$cur" ) )
+	    return 0
+	    ;;
+	-m|-M)
+	    _perlmodules
+	    return 0
+	    ;;
+    esac
+
+    # handle case where first parameter is not a dash option
+    if [[ "${COMP_WORDS[COMP_CWORD]}" != -* ]]; then
+	_filedir
+	return 0
+    fi
+
+    # complete using basic options
+    COMPREPLY=( $( compgen -W '-C -s -T -u -U -W -X -h -v -V -c -w -d -D -p \
+			-n -a -F -l -0 -I -m -M -P -S -x -i -e ' -- $cur ) )
+    return 0
+}
+complete -F _perl $filenames perl
+
+_perldoc()
+{
+    local cur prev prefix temp
+
+    COMPREPLY=()
+    cur=`_get_cword`
+    prev=${COMP_WORDS[COMP_CWORD-1]}
+    prefix=""
+
+    # completing an option (may or may not be separated by a space)
+    if [[ "$cur" == -?* ]]; then
+	temp=$cur
+	prev=${temp:0:2}
+	cur=${temp:2}
+	prefix=$prev
+    fi
+
+    # complete builtin perl functions
+    case $prev in
+	-f)
+	    COMPREPLY=( $( compgen -W 'chomp chop chr crypt hex index lc \
+	    lcfirst length oct ord pack q qq reverse rindex sprintf \
+	    substr tr uc ucfirst y m pos quotemeta s split study qr abs \
+	    atan2 cos exp hex int log oct rand sin sqrt srand pop push \
+	    shift splice unshift grep join map qw reverse sort unpack \
+	    delete each exists keys values binmode close closedir \
+	    dbmclose dbmopen die eof fileno flock format getc print \
+	    printf read readdir rewinddir seek seekdir select syscall \
+	    sysread sysseek syswrite tell telldir truncate warn write \
+	    pack read syscall sysread syswrite unpack vec -X chdir chmod \
+	    chown chroot fcntl glob ioctl link lstat mkdir open opendir \
+	    readlink rename rmdir stat symlink umask unlink utime caller \
+	    continue do dump eval exit goto last next redo return \
+	    sub wantarray caller import local my our package use defined \
+	    formline reset scalar undef \
+	    alarm exec fork getpgrp getppid getpriority kill pipe qx \
+	    setpgrp setpriority sleep system times wait waitpid \
+	    import no package require use bless dbmclose dbmopen package \
+	    ref tie tied untie use accept bind connect getpeername \
+	    getsockname getsockopt listen recv send setsockopt shutdown \
+	    socket socketpair msgctl msgget msgrcv msgsnd semctl semget \
+	    semop shmctl shmget shmread shmwrite endgrent endhostent \
+	    endnetent endpwent getgrent getgrgid getgrnam getlogin \
+	    getpwent getpwnam getpwuid setgrent setpwent endprotoent \
+	    endservent gethostbyaddr gethostbyname gethostent \
+	    getnetbyaddr getnetbyname getnetent getprotobyname \
+	    getprotobynumber getprotoent getservbyname getservbyport \
+	    getservent sethostent setnetent setprotoent setservent \
+	    gmtime localtime time times' -- $cur ) )
+	    return 0
+	    ;;
+    esac
+
+    case $cur in
+	-*)
+	    COMPREPLY=( $( compgen -W '-h -v -t -u -m -l -F -X -f -q' -- $cur ))
+	    return 0
+	    ;;
+	*/*)
+	    return 0
+	    ;;
+	*)
+	    _perlmodules
+	    COMPREPLY=( "${COMPREPLY[@]}" $( compgen -W '$( PAGER=cat man perl 2>/dev/null | sed -ne "/perl.*Perl overview/,/perlwin32/s/^[^a-z0-9]*\([a-z0-9]*\).*$/\1/p")' -- $cur ) )
+
+	    return 0
+	    ;;
+    esac
+}
+complete -F _perldoc $default perldoc
+}
+
+# rcs(1) completion
+#
+have rcs &&
+_rcs()
+{
+	local cur prev file dir i
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	file=${cur##*/}
+	dir=${cur%/*}
+
+	# deal with relative directory
+	[ "$file" = "$dir" ] && dir=.
+
+	COMPREPLY=( $( compgen -f "$dir/RCS/$file" ) )
+
+	for (( i=0; i < ${#COMPREPLY[@]}; i++ )); do
+		file=${COMPREPLY[$i]##*/}
+		dir=${COMPREPLY[$i]%RCS/*}
+		COMPREPLY[$i]=$dir$file
+	done
+	
+	COMPREPLY=( "${COMPREPLY[@]}" $( compgen -G "$dir/$file*,v" ) )
+
+	for (( i=0; i < ${#COMPREPLY[@]}; i++ )); do
+		COMPREPLY[$i]=${COMPREPLY[$i]%,v}
+	done
+
+	# default to files if nothing returned and we're checking in.
+	# otherwise, default to directories
+	[ ${#COMPREPLY[@]} -eq 0 -a $1 = ci ] && _filedir || _filedir -d
+} &&
+complete -F _rcs $filenames ci co rlog rcs rcsdiff
+
+# lilo(8) completion
+#
+have lilo && {
+_lilo_labels()
+{
+	COMPREPLY=( $( awk -F'=' '/label/ {print $2}' \
+		/etc/lilo.conf | sed -e 's/"//g' | grep "^$cur" ) )
+}
+
+_lilo()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case $prev in
+		-@(C|i|m|s|S))
+			_filedir
+			return 0
+			;;
+		-r)
+			_filedir -d
+			return 0
+			;;
+		-@(I|D|R))
+			# label completion
+			_lilo_labels
+			return 0
+			;;
+		-@(A|b|M|u|U))
+			# device completion
+			cur=${cur:=/dev/}
+			_filedir
+			return 0
+			;;
+		-T)
+			# topic completion
+			COMPREPLY=( $( compgen -W 'help ChRul EBDA geom geom= \
+					table= video' -- $cur ) )
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		# relevant options completion
+		COMPREPLY=( $( compgen -W '-A -b -c -C -d -f -g -i -I -l -L -m \
+			-M -p -P -q -r -R -s -S -t -T -u -U -v -V -w -x -z' -- \
+			$cur ) )
+	fi
+}
+complete -F _lilo lilo
+}
+
+# links completion
+#
+have links &&
+_links()
+{
+	local cur
+  
+	COMPREPLY=()
+	cur=`_get_cword`
+  
+	case "$cur" in
+	    --*)
+		COMPREPLY=( $( compgen -W '--help' -- $cur ) )
+		;;
+	    -*)
+		COMPREPLY=( $( compgen -W '-async-dns -max-connections \
+				-max-connections-to-host -retries \
+				-receive-timeout -unrestartable-receive-timeout\
+				-format-cache-size -memory-cache-size \
+				-http-proxy -ftp-proxy -download-dir \
+				-assume-codepage -anonymous -dump -no-connect \
+				-source -version -help' -- $cur ) )
+		;;
+	    *)
+		if [ -r ~/.links/links.his ]; then
+		    COMPREPLY=( $( compgen -W '$( < ~/.links/links.his )' \
+				   -- $cur ) )
+		fi
+				_filedir '@(htm|html)'
+				return 0
+		;;
+	esac
+  
+	return 0
+} &&
+complete -F _links $filenames links
+
+[ $UNAME = FreeBSD ] && {
+# FreeBSD package management tool completion
+#
+_pkg_delete()
+{
+	local cur pkgdir prev
+
+	pkgdir=${PKG_DBDIR:-/var/db/pkg}/
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	[ "$prev" = "-o" -o "$prev" = "-p" -o "$prev" = "-W" ] && return 0
+
+	COMPREPLY=( $( compgen -d $pkgdir$cur ) )
+	COMPREPLY=( ${COMPREPLY[@]#$pkgdir} )
+
+	return 0
+}
+complete -F _pkg_delete $dirnames pkg_delete pkg_info
+have pkg_deinstall && complete -F _pkg_delete $dirnames pkg_deinstall
+
+# FreeBSD kernel module commands
+#
+_kldload()
+{
+	local cur moddir
+
+	moddir=/modules/
+	[ -d $moddir ] || moddir=/boot/kernel/
+	cur=`_get_cword`
+
+	COMPREPLY=( $( compgen -f $moddir$cur ) )
+	COMPREPLY=( ${COMPREPLY[@]#$moddir} )
+	COMPREPLY=( ${COMPREPLY[@]%.ko} )
+
+	return 0
+}
+complete -F _kldload $filenames kldload
+
+_kldunload()
+{
+	local cur
+	cur=`_get_cword`
+	COMPREPLY=( $(kldstat | sed -ne "s/^.*[ \t]\+\($cur[a-z_]\+\).ko$/\1/p") )
+}
+complete -F _kldunload $filenames kldunload
+}
+
+# FreeBSD portupgrade completion
+#
+have portupgrade &&
+_portupgrade()
+{
+	local cur pkgdir prev
+
+	pkgdir=${PKG_DBDIR:-/var/db/pkg}/
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	[ "$prev" = "-l" -o "$prev" = "-L" -o "$prev" = "-o" ] && return 0
+
+	COMPREPLY=( $( compgen -d $pkgdir$cur ) )
+	COMPREPLY=( ${COMPREPLY[@]#$pkgdir} )
+	COMPREPLY=( ${COMPREPLY[@]%-*} )
+
+	return 0
+} &&
+complete -F _portupgrade $dirnames portupgrade
+
+# FreeBSD portinstall completion
+#
+have portinstall &&
+_portinstall()
+{
+	local cur portsdir prev indexfile
+	local -a COMPREPLY2
+
+	portsdir=${PORTSDIR:-/usr/ports}/
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+	# First try INDEX-5
+	indexfile=$portsdir/INDEX-5
+	# Then INDEX if INDEX-5 does not exist or system is not FreeBSD 5.x
+	[ "${OSTYPE%.*}" = "freebsd5" -a -f $indexfile ] ||
+	  indexfile=$portsdir/INDEX
+
+	[ "$prev" = "-l" -o "$prev" = "-L" -o "$prev" = "-o" ] && return 0
+
+	COMPREPLY=( $( egrep "^$cur" < $indexfile | cut -d'|' -f1 ) )
+	COMPREPLY2=( $( egrep "^[^\|]+\|$portsdir$cur" < $indexfile | \
+			cut -d'|' -f2 ) )
+	COMPREPLY2=( ${COMPREPLY2[@]#$portsdir} )
+	COMPREPLY=( "${COMPREPLY[@]}" "${COMPREPLY2[@]}" )
+
+	return 0
+} &&
+complete -F _portinstall $dirnames portinstall
+
+# Slackware Linux removepkg completion
+#
+have removepkg && [ -f /etc/slackware-version ] &&
+_removepkg()
+{
+	local packages cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	COMPREPLY=( $( (cd /var/log/packages; compgen -f -- "$cur") ) )
+} &&
+complete -F _removepkg $filenames removepkg &&
+	complete $dirnames -f -X '!*.tgz' installpkg upgradepkg explodepkg
+
+# look(1) completion
+#
+have look && 
+_look()
+{
+	local cur
+  
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	if [ $COMP_CWORD = 1 ]; then
+		COMPREPLY=( $( compgen -W '$(look $cur)' ) )
+	fi
+} &&
+complete -F _look $default look
+
+# ypcat(1) and ypmatch(1) completion
+#
+have ypmatch &&
+_ypmatch()
+{
+	local cur map
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	[ $1 = ypcat ] && [ $COMP_CWORD -gt 1 ] && return 0
+	[ $1 = ypmatch ] && [ $COMP_CWORD -gt 2 ] && return 0
+
+	if [ $1 = ypmatch ] && [ $COMP_CWORD -eq 1 ] && \
+	   [ ${#COMP_WORDS[@]} -eq 3 ]; then
+		map=${COMP_WORDS[2]}
+		COMPREPLY=( $( compgen -W '$( ypcat $map | \
+						cut -d':' -f 1 )' -- $cur) )
+	else
+		[ $1 = ypmatch ] && [ $COMP_CWORD -ne 2 ] && return 0
+		COMPREPLY=( $( compgen -W \
+			      '$( echo $(ypcat -x | cut -d"\"" -f 2))' -- $cur))
+	fi
+
+	return 0
+} &&
+complete -F _ypmatch ypmatch ypcat
+
+# mplayer(1) completion
+#
+have mplayer && {
+_mplayer_options_list()
+{
+	cur=${cur%\\}
+	COMPREPLY=( $( $1 $2 help 2> /dev/null | \
+		sed -e '1,/^Available/d' | awk '{print $1}' | \
+		sed -e 's/:$//' -e 's/^'${2#-}'$//' -e 's/<.*//' | \
+		grep "^$cur" ) )
+}
+
+_mplayer()
+{
+	local cmd cur prev skinsdir IFS=$' \t\n' i j k=0
+
+	COMPREPLY=()
+	cmd=${COMP_WORDS[0]}
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(ac|afm|vc|vfm|ao|vo|vop|fstype))
+			_mplayer_options_list mplayer $prev
+			return 0
+			;;
+		-@(oac|ovc|of))
+			_mplayer_options_list mencoder $prev
+			return 0
+			;;
+		-audiofile)
+			_filedir '@(mp3|MP3|mpg|MPG|ogg|OGG|wav|WAV|mid|MID|flac|FLAC|mka|MKA)'
+			return 0
+			;;
+		-font)
+			_filedir '@(desc|ttf)'
+			return 0
+			;;
+		-sub)
+			_filedir '@(srt|SRT|sub|SUB|txt|TXT|utf|UTF|rar|RAR|mpsub|smi|js|ssa|SSA|aas|AAS)'
+			return 0
+			;;
+		-vobsub)
+			_filedir '@(idx|IDX|ifo|IFO|sub|SUB)'
+			IFS=$'\t\n' 
+			COMPREPLY=( $( for i in "${COMPREPLY[@]}"; do
+						if [ -f $i -a -r $i ]; then
+							echo ${i%.*}
+						else
+							echo $i
+						fi
+				       done ) )
+			IFS=$' \t\n' 
+			return 0
+			;;
+		-ifo)
+			_filedir '@(ifo|IFO)'
+			return 0
+			;;
+		-cuefile)
+			_filedir '@(bin|BIN|cue|CUE)'
+			return 0
+			;;
+		-skin)
+			# if you don't have installed mplayer in /usr you
+			# may want to set the MPLAYER_SKINS_DIR global variable
+			if [ -n "$MPLAYER_SKINS_DIR" ]; then
+				skinsdir=$MPLAYER_SKINS_DIR
+			else
+				skinsdir=/usr/share/mplayer/Skin
+			fi
+
+			IFS=$'\t\n' 
+			for i in ~/.mplayer/Skin $skinsdir; do
+				if [ -d $i -a -r $i ]; then
+					for j in $( compgen -d $i/$cur ); do
+						COMPREPLY[$k]=${j#$i/}
+						k=$((++k))
+					done
+				fi
+			done
+			IFS=$' \t\n' 
+			return 0
+			;;
+		-@(mixer|@(cdrom|dvd)-device|dvdauth|fb|zrdev))
+			cur=${cur:=/dev/}
+			_filedir
+			return 0
+			;;
+		-@(edl?(out)|lircconf|menu-cfg|playlist|csslib|dumpfile)| \
+		-@(subfile|vobsub|aofile|fbmodeconfig|include|o|dvdkey)| \
+		-passlogfile)
+			_filedir
+			return 0
+			;;
+		-@(auto@(q|sync)|loop|menu-root|speed|sstep|aid|alang)| \
+		-@(?(@(audio|sub)-)demuxer|bandwidth|cache|chapter)| \
+		-@(dvd?(angle)|fps|frames|mc|passwd|user|sb|srate|ss|vcd)| \
+		-@(vi?(d|vo)|ffactor|sid|slang|spu@(align|aa|gauss))| \
+		-@(vobsubid|delay|bpp|brightness|contrast|dfbopts|display)| \
+		-@(fbmode|geometry|guiwid|hue|icelayer|screen[wh]|wid)| \
+		-@(monitor@(aspect|-@(dotclock|[hv]freq))|panscan|saturation)| \
+		-@(xineramascreen|zr@(crop|norm|quality|[xy]doff|[vh]dec))| \
+		-@(aspect|pp|x|y|xy|z|stereo|audio-@(density|delay|preload))| \
+		-@(endpos|osdlevel|ffourcc|sws|channels|skiplimit|format)| \
+		-@(ofps|aa@(driver|@(osd|sub)color)|vobsubout?(i@(ndex|d)))| \
+		-sub@(-bg-@(alpha|color)|cp|delay|fps|pos|align|width)| \
+		-sub@(font-@(blur|outline|autoscale|encoding|@(osd|text)-scale)))
+			return 0
+			;;
+		-lavdopts)
+			COMPREPLY=( $( compgen -W 'ec er= bug= idct= gray' \
+					-- $cur ) )
+			return 0
+			;;
+		-lavcopts)
+			COMPREPLY=( $( compgen -W 'vcodec= vqmin= vqscale= \
+					vqmax= mbqmin= mbqmax= vqdiff= \
+					vmax_b_frames= vme= vhq v4mv \
+					keyint= vb_strategy= vpass= \
+					aspect= vbitrate= vratetol= \
+					vrc_maxrate= vrc_minrate= \
+					vrc_buf_size= vb_qfactor= vi_qfactor= \
+					vb_qoffset= vi_qoffset= vqblur= \
+					vqcomp= vrc_eq= vrc_override= \
+					vrc_init_cplx= vqsquish= vlelim= \
+					vcelim= vstrict= vdpart vpsize= gray \
+					vfdct= idct= lumi_mask= dark_mask= \
+					tcplx_mask= scplx_mask= naq ildct \
+					format= pred qpel precmp= cmp= \
+					subcmp= predia= dia= trell last_pred= \
+					preme= subq= psnr mpeg_quant aic umv' \
+					-- $cur ) )
+			return 0
+			;;
+		-ssf)
+			COMPREPLY=( $( compgen -W 'lgb= cgb= ls= cs= chs= \
+					cvs=' -- $cur ) )
+			return 0
+			;;
+		-jpeg)
+			COMPREPLY=( $( compgen -W 'noprogressive progressive \
+					nobaseline baseline optimize= \
+					smooth= quality= outdir=' -- $cur ) )
+			return 0
+			;;
+		-xvidopts)
+			COMPREPLY=( $( compgen -W 'dr2 nodr2' -- $cur ) )
+			return 0
+			;;
+		-xvidencopts)
+			COMPREPLY=( $( compgen -W 'pass= bitrate= \
+					fixed_quant= me_quality= 4mv \
+					rc_reaction_delay_factor= \
+					rc_averaging_period= rc_buffer= \
+					quant_range= min_key_interval= \
+					max_key_interval= mpeg_quant \
+					mod_quant lumi_mask hintedme \
+					hintfile debug keyframe_boost= \
+					kfthreshold= kfreduction=' -- $cur ) )
+			return 0
+			;;
+		-divx4opts)
+			COMPREPLY=( $( compgen -W 'br= key= deinterlace q= \
+					min_quant= max_quant= rc_period= \
+					rc_reaction_period= crispness= \
+					rc_reaction_ratio= pass= vbrpass= \
+					help' -- $cur ) )
+			return 0
+			;;
+		-info)
+			COMPREPLY=( $( compgen -W 'name= artist= genre= \
+					subject= copyright= srcform= \
+					comment= help' -- $cur ) )
+			return 0
+			;;
+		-lameopts)
+			COMPREPLY=( $( compgen -W 'vbr= abr cbr br= q= aq= \
+					ratio= vol= mode= padding= fast \
+					preset= help' -- $cur ) )
+			return 0
+			;;
+		-rawaudio)
+			COMPREPLY=( $( compgen -W 'on channels= rate= \
+					samplesize= format=' -- $cur ) )
+			return 0
+			;;
+		-rawvideo)
+			COMPREPLY=( $( compgen -W 'on fps= sqcif qcif cif \
+					4cif pal ntsc w= h= y420 yv12 yuy2 \
+					y8 format= size=' -- $cur ) )
+			return 0
+			;;
+		-aop)
+			COMPREPLY=( $( compgen -W 'list= delay= format= fout= \
+					volume= mul= softclip' -- $cur ) )
+			return 0
+			;;
+		-dxr2)
+			COMPREPLY=( $( compgen -W 'ar-mode= iec958-encoded \
+					iec958-decoded mute ucode= 75ire bw \
+					color interlaced macrovision= norm= \
+					square-pixel ccir601-pixel cr-left= \
+					cr-right= cr-top= cr-bot= ck-rmin= \
+					ck-gmin= ck-bmin= ck-rmax= ck-gmax= \
+					ck-bmax= ck-r= ck-g= ck-b= \
+					ignore-cache= ol-osd= olh-cor= \
+					olw-cor= olx-cor= oly-cor= overlay \
+					overlay-ratio= update-cache' -- $cur ))
+			return 0
+			;;
+		-tv)
+			COMPREPLY=( $( compgen -W 'on noaudio driver= device= \
+					input= freq= outfmt= width= height= \
+					buffersize= norm= channel= chanlist= \
+					audiorate= forceaudio alsa amode= \
+					forcechan= adevice= audioid= volume= \
+					bass= treble= balance= fps= \
+					channels= immediatemode=' -- $cur ) )
+			return 0
+			;;
+		-mf)
+			COMPREPLY=( $( compgen -W 'on w= h= fps= type=' \
+					-- $cur ) )
+			return 0
+			;;
+		-cdda)
+			COMPREPLY=( $( compgen -W 'speed= paranoia= \
+					generic-dev= sector-size= overlap= \
+					toc-bias toc-offset= skip noskip' \
+					-- $cur ) )
+			return 0
+			;;
+		-input)
+			COMPREPLY=( $( compgen -W 'conf= ar-delay ar-rate \
+					keylist cmdlist js-dev file' -- $cur ) )
+			return 0
+			;;
+		-af)
+			COMPREPLY=( $( compgen -W 'resample resample= \
+					channels channels= format format= \
+					volume volume= delay delay= pan \
+					pan= sub sub= surround surround=' \
+					-- $cur ) )
+			return 0
+			;;
+		-af-adv)
+			COMPREPLY=( $( compgen -W 'force= list=' -- $cur ) )
+			return 0
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W '-aid -alang -audio-demuxer \
+					-audiofile -cdrom-device -cache -cdda \
+					-channels -chapter -csslib -demuxer \
+					-dvd -dvd-device -dvdangle -dvdauth \
+					-dvdkey -dvdnav -forceidx -fps -frames \
+					-hr-mp3-seek -idx -mc -mf -ni -nobps \
+					-passwd -rawaudio -rtsp-stream-over-tcp\
+					-skipopening -sb -srate -ss -tv -user \
+					-vcd -vid -vivo -ifo -ffactor -font \
+					-noautosub -nooverlapsub -sid -slang \
+					-sub -subcc -subcp -sub-demuxer \
+					-subdelay -subfont-autoscale \
+					-subfont-blur -subfont-encoding \
+					-subfont-osd-scale -subfont-outline \
+					-subfont-text-scale -subfps -subfile \
+					-subpos -unicode -utf8 -vobsub \
+					-vobsubid -ac -afm -aspect -flip \
+					-lavdopts -noaspect -nosound -pp -ssf \
+					-stereo -sws -vc -vfm -vop -xvidopts\
+					-xy -zoom -bandwidth -cuefile \
+					-noextbased -rawvideo -overlapsub \
+					-sub-bg-alpha -sub-bg-color -subalign \
+					-subwidth -sub-no-text-pp -spualign \
+					-spuaa -spugauss -pphelp -verbose -v \
+					-noni -noidx -nohr-mp3-seek -extbased \
+					-bps -oldpp -nozoom -noflip -nounicode \
+					-noutf8' -- $cur ) )
+			# add mplayer specific options
+			[[ "$cmd" == @(?(g)mplayer) ]] && COMPREPLY=( "${COMPREPLY[@]}" \
+				$(compgen -W '-autoq -autosync -benchmark \
+					-framedrop -h -help -hardframedrop \
+					-identify -input -lircconf -loop \
+					-nojoystick -nolirc -nortc -playlist \
+					-quiet -really-quiet -rnd -sdp -skin \
+					-slave -softsleep -speed -sstep \
+					-use-stdin -dumpaudio -dumpfile \
+					-dumpstream -dumpvideo -dumpmicrodvdsub\
+					-dumpmpsub -dumpsrtsub -dumpjacosub \
+					-dumpsami -dumpsub -osdlevel -af \
+					-af-adv -ao -aofile -aop -delay -mixer \
+					-nowaveheader -bpp -brightness \
+					-contrast -display -double -dr -dxr2 \
+					-fb -fbmode -fbmodeconfig -forcexv -fs \
+					-geometry -hue -icelayer -jpeg \
+					-monitor-dotclock -monitor-hfreq \
+					-monitor-vfreq -monitoraspect \
+					-nograbpointer -noslices -panscan \
+					-rootwin -saturation -screenw -screenh \
+					-stop-xscreensaver -vm -vo -vsync -wid \
+					-xineramascreen -z -zrbw -zrcrop \
+					-zrdev -zrfd -zrhelp -zrnorm -zrquality \
+					-zrvdec -zrhdec -zrxdoff -zrydoff -y \
+					-edl -edlout -enqueue -fixed-vo \
+					-menu -menu-root -menu-cfg -shuffle \
+					-format -aahelp -dfbopts -fstype \
+					-guiwid -nokeepaspect -x --help \
+					-aaosdcolor -aasubcolor -aadriver \
+					-aaextended -aaeight' -- $cur) )
+			# add mencoder specific options
+			[[ "$cmd" = mencoder ]] && COMPREPLY=( "${COMPREPLY[@]}" \
+				$(compgen -W '-audio-density -audio-delay \
+					-audio-preload -divx4opts -endpos \
+					-ffourcc -include -info -lameopts \
+					-lavcopts -noskip -o -oac -ofps -ovc \
+					-passlogfile -skiplimit -vobsubout \
+					-vobsuboutindex -vobsuboutid \
+					-xvidencopts -of --verbose' -- $cur) )
+			;;
+		*)
+			_filedir '@(mp?(e)g|MP?(E)G|wm[av]|WM[AV]|avi|AVI|asf|ASF|vob|VOB|bin|BIN|dat|DAT|vcd|VCD|ps|PS|pes|PES|fli|FLI|flv|FLV|viv|VIV|rm?(j)|RM?(J)|ra?(m)|RA?(M)|yuv|YUV|mov|MOV|qt|QT|mp[34]|MP[34]|m4v|M4V|og[gm]|OG[GM]|wav|WAV|dump|DUMP|mk[av]|MK[AV]|m4a|M4A|aac|AAC|m2v|M2V|dv|DV|rmvb|RMVB|mid|MID|ts|TS|3gp|mpc|MPC|flac|FLAC|flv|FLV|divx|DIVX)'
+			;;
+	esac
+
+	return 0
+}
+complete $filenames -F _mplayer mplayer mencoder gmplayer kplayer
+}
+
+# KDE dcop completion
+#
+have dcop &&
+_dcop()
+{
+	local cur compstr
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	if [ -z $cur ]; then
+	    compstr=${COMP_WORDS[*]}
+	else
+	    compstr=$( command echo ${COMP_WORDS[*]} | sed "s/ $cur$//" )
+	fi
+	COMPREPLY=( $( compgen -W '$( command $compstr | sed s/\(.*\)// )'  -- $cur ) )
+} &&
+complete -F _dcop dcop
+
+# wvdial(1) completion
+#
+have wvdial &&
+_wvdial()
+{
+	local cur prev config i IFS=$'\t\n'
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case $prev in
+		--config)
+			_filedir
+			return 0
+			;;
+	esac
+
+	case $cur in
+		-*)
+			COMPREPLY=( $( compgen -W '--config --chat \
+				--remotename --help --version --no-syslog' \
+				-- $cur ) )
+			;;
+		*)
+			# start with global and personal config files
+		       	config="/etc/wvdial.conf"$'\t'"$HOME/.wvdialrc"
+			# replace with command line config file if present
+			for (( i=1; i < COMP_CWORD; i++ )); do
+				if [[ "${COMP_WORDS[i]}" == "--config" ]]; then
+					config=${COMP_WORDS[i+1]}
+					break
+				fi
+			done
+			# parse config files for sections and
+			# remove default section
+			COMPREPLY=( $( sed -ne \
+				    "s|^\[Dialer \($cur.*\)\]$|\1|p" \
+				    $config 2>/dev/null |grep -v '^Defaults$'))
+			# escape spaces
+			COMPREPLY=${COMPREPLY// /\\ }
+			;;
+	esac
+
+} &&
+complete -F _wvdial wvdial
+
+# gpg(1) completion
+#
+have gpg &&
+_gpg() 
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+	-@(s|-sign|-clearsign|-decrypt-files|-load-extension)) 
+		_filedir
+		return 0
+		;;
+	--@(export|@(?(l|nr|nrl)sign|edit)-key)) 
+		# return list of public keys
+		COMPREPLY=( $( compgen -W "$( gpg --list-keys 2>/dev/null | sed -ne 's@^pub.*/\([^ ]*\).*\(<\([^>]*\)>\).*$@\1 \3@p')" -- "$cur" ))
+		return 0
+		;;
+	-@(r|-recipient))
+		COMPREPLY=( $( compgen -W "$( gpg --list-keys 2>/dev/null | sed -ne 's@^pub.*<\([^>]*\)>.*$@\1@p')" -- "$cur" ))
+		if [ -e ~/.gnupg/gpg.conf ]; then
+			COMPREPLY=( "${COMPREPLY[@]}" $( compgen -W "$( sed -ne 's@^[ \t]*group[ \t][ \t]*\([^=]*\).*$@\1@p' ~/.gnupg/gpg.conf  )" -- "$cur") )
+		fi
+		return 0
+		;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-s -b -e -f -c -d -a -r -u -Z -o -v\
+				-q -n -N $(gpg --dump-options)' -- $cur ) )
+	 fi
+
+} &&
+complete -F _gpg $default gpg
+
+# iconv(1) completion
+#
+have iconv &&
+_iconv()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(f|t|-@(from|to)-code))
+			COMPREPLY=( $( compgen -W \
+			    '$( iconv --list | sed -e "s@//@@;" )' -- "$cur" ) )
+			return 0
+			;;
+	esac
+
+
+	if [[ "$cur" = -* ]]; then
+		COMPREPLY=( $( compgen -W '--from-code -f --to-code -t --list
+		--output -o --verbose' -- "$cur" ) )
+		return 0
+	fi
+} &&
+complete -F _iconv $default iconv
+
+# dict(1) completion
+#
+{ have dict || have rdict; } && {
+_dictdata()
+{
+	dict $host $port $1 2>/dev/null | sed -ne \
+	    's/^['$'\t '']['$'\t '']*\([^'$'\t '']*\).*$/\1/p'
+}
+
+_dict()
+{
+	local cur prev host port db dictfile
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+	dictfile=/usr/share/dict/words
+
+	for (( i=1; i < COMP_CWORD; i++ )); do
+		case "${COMP_WORDS[i]}" in
+		-@(h|--host))
+			host=${COMP_WORDS[i+1]}
+			[ -n "$host" ] && host="-h $host"
+			i=$((++i))
+			;;
+		-@(p|-port))
+			port=${COMP_WORDS[i+1]}
+			[ -n "$port" ] && port="-p $port"
+			i=$((++i))
+			;;
+		-@(d|-database))
+			db=${COMP_WORDS[i+1]}
+			[ -n "$db" ] && host="-d $db"
+			i=$((++i))
+			;;
+		*)
+			;;
+		esac
+	done
+
+	if [[ "$cur" = -* ]]; then
+		COMPREPLY=( $( compgen -W '-h --host -p --port -d --database \
+			       -m --match -s --strategy -c --config -C \
+			       --nocorrect -D --dbs -S --strats -H \
+			       --serverhelp -i --info -I --serverinfo \
+			       -a --noauth -u --user -k --key -V --version \
+			       -L --license --help -v --verbose -r --raw \
+			       -P --pager --debug --html --pipesize --client' \
+			       -- "$cur" ) )
+		return 0
+	fi
+
+	case "$prev" in
+	-@(d|-database|i|info))
+		COMPREPLY=( $( compgen -W '$( _dictdata -D )' -- "$cur" ) )
+		return 0
+		;;
+	-@(s|-strategy))
+		COMPREPLY=( $( compgen -W '$( _dictdata -S )' -- "$cur" ) )
+		return 0
+		;;
+	*)
+		;;
+	esac
+
+	[ -r $dictfile ] && \
+		COMPREPLY=( $( compgen -W '$( cat $dictfile )' -- "$cur" ) )
+}
+complete -F _dict $default dict rdict
+}
+
+# cdrecord(1) completion
+#
+have cdrecord &&
+_cdrecord()
+{
+	local cur prev i generic_options track_options track_mode
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	# foo=bar style option
+	if [[ "$cur" == *=* ]]; then
+		prev=${cur/=*/}
+		cur=${cur/*=/}
+		case "$prev" in
+			@(text|cue)file)
+				_filedir
+				return 0
+				;;
+			blank)
+				COMPREPLY=( $( compgen -W 'help all fast \
+				track unreserve trtail unclose session' \
+				-- $cur ) )
+				return 0
+				;;
+			driveropts)
+				COMPREPLY=( $( compgen -W 'burnfree noburnfree\
+				  varirec= audiomaster forcespeed noforcespeed\
+				  speedread nospeedread singlesession \
+				  nosinglesession hidecdr nohidecdr tattooinfo\
+				  tattoofile=' -- $cur ) )
+				return 0
+				;;
+		esac
+	fi
+
+	generic_options=(-version -v -V -d -silent -s -force -immed -dummy \
+			 -dao -raw -raw96r -raw96p -raw16 -multi -msinfo -toc \
+			 -atip -fix -nofix -waiti -load -lock -eject -format \
+			 -setdropts -checkdrive -prcap -inq -scanbus -reset \
+			 -abort -overburn -ignsize -useinfo -packet -noclose \
+			 -text debug= kdebug= kd= minbuf= speed= blank= fs= \
+			 dev= gracetime= timeout= driver= driveropts= \
+			 defpregap= pktsize= mcn= textfile= cuefile=)
+	track_options=(-audio -swab -data -mode2 -xa -xa1 -xa2 -xamix -cdi \
+		       -isosize -pad padsize= -nopad -shorttrack -noshorttrack\
+		       pregap= -preemp -nopreemp -copy -nocopy -scms tcsize= \
+		       isrc= index=)
+	# look if previous was either a file or a track option
+	track_mode=0
+	if [ $COMP_CWORD -gt 1 ]; then
+		if [ -f "$prev" ]; then
+			track_mode=1
+		else
+			for (( i=0; i < ${#track_options[@]}; i++ )); do
+				if [[ "${track_options[i]}" == "$prev" ]]; then
+					track_mode=1
+					break
+				fi
+			done
+		fi
+	fi
+
+	# files are always eligible completion
+	_filedir
+	# track options are always available
+	COMPREPLY=( "${COMPREPLY[@]}" $( compgen -W '${track_options[@]}' -- $cur ) )
+	# general options are no more available after file or track option
+	if [ $track_mode -eq 0 ]; then
+		COMPREPLY=( "${COMPREPLY[@]}" \
+			    $( compgen -W '${generic_options[@]}' -- $cur ) )
+	fi
+
+} &&
+complete -F _cdrecord $filenames cdrecord
+
+# mkisofs(8) completion
+#
+have mkisofs &&
+_mkisofs()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(o|abstract|biblio|check-session|copyright|log-file|root-info|prep-boot|*-list))
+			_filedir
+			return 0
+			;;
+		-*-charset)
+			COMPREPLY=( $( mkisofs -input-charset help 2>&1 | \
+					tail +3 | grep "^$cur") )
+			return 0
+			;;
+		-uid)
+			_uids
+			return 0
+			;;
+		-gid)
+			_gids
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-abstract -A -allow-lowercase \
+				-allow-multidot -biblio -cache-inodes \
+				-no-cache-inodes -b -eltorito-alt-boot -B -G \
+				-hard-disk-boot -no-emul-boot -no-boot \
+				-boot-load-seg -boot-load-size \
+				-boot-info-table -C -c -check-oldname \
+				-check-session -copyright -d -D -dir-mode \
+				-dvd-video -f -file-mode -gid -gui \
+				-graft-points -hide -hide-list -hidden \
+				-hidden-list -hide-joliet -hide-joliet-list \
+				-hide-joliet-trans-tbl -hide-rr-moved \
+				-input-charset -output-charset -iso-level -J \
+				-joliet-long -jcharset -l -L -log-file -m \
+				-exclude-list -max-iso9660-filenames -M -N \
+				-new-dir-mode -nobak -no-bak -force-rr -no-rr \
+				-no-split-symlink-components \
+				-no-split-symlink-fields -o -pad -no-pad \
+				-path-list -P -p -print-size -quiet -R -r \
+				-relaxed-filenames -sort -split-output \
+				-stream-media-size -stream-file-name -sysid -T\
+				-table-name -ucs-level -udf -uid \
+				-use-fileversion -U -no-iso-translate -V \
+				-volset -volset-size -volset-seqno -v -x -z \
+				-hfs -apple -map -magic -hfs-creator \
+				-hfs-type -probe -no-desktop -mac-name \
+				-boot-hfs-file -part -auto -cluster-size \
+				-hide-hfs -hide-hfs-list -hfs-volid \
+				-icon-position -root-info -prep-boot \
+				-input-hfs-charset -output-hfs-charset \
+				-hfs-unlock -hfs-bless -hfs-parms --cap \
+				--netatalk --double --ethershare --ushare \
+				--exchange --sgi --xinet --macbin --single \
+				--dave --sfm --osx-double --osx-hfs' -- $cur ))
+	else
+		_filedir
+	fi
+
+} &&
+complete -F _mkisofs $filenames mkisofs
+
+# mc(1) completion
+#
+have mc &&
+_mc()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	# -name value style option
+	case "$prev" in
+		-@(e|v|l|P))
+			_filedir
+			return 0
+			;;
+	esac
+
+	# --name=value style option
+	if [[ "$cur" == *=* ]]; then
+		prev=${cur/=*/}
+		cur=${cur/*=/}
+		case "$prev" in
+			--@(edit|view|ftplog|printwd))
+				_filedir
+				return 0
+				;;
+		esac
+	fi
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-a --stickchars -b --nocolor -c \
+			--color -C --colors= -d --nomouse -e --edit= -f \
+			--datadir -k --resetsoft -l --ftplog= -P --printwd= \
+			-s --slow -t --termcap -u --nosubshell -U --subshell \
+			-v --view= -V --version -x --xterm -h --help' -- $cur ) )
+	else
+		_filedir -d
+	fi
+} &&
+complete -F _mc $filenames mc
+
+# yum(8) completion
+#
+have yum && {
+_yum()
+{
+	local cur prev special
+	
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	for (( i=0; i < ${#COMP_WORDS[@]}-1; i++ )); do
+		if [[ ${COMP_WORDS[i]} == @(install|update|upgrade|remove|erase|deplist) ]]; then
+			special=${COMP_WORDS[i]}
+		fi
+	done
+
+	if [ -n "$special" ]; then
+	    case $special in
+		install|deplist)
+		    COMPREPLY=( $( compgen -W '$( yum -C list | cut -d" " -f1 )' -- $cur ) )
+		    return 0
+		    ;;
+		*)
+		    _rpm_installed_packages
+		    return 0
+		    ;;
+		esac
+	fi
+
+	case $cur in
+	    --*)
+		COMPREPLY=( $( compgen -W '--installroot --version --help --enablerepo --disablerepo --exclude --obsoletes --noplugins' -- $cur ) )
+		return 0
+		;;
+	    -*)
+		COMPREPLY=( $( compgen -W '-c -e -d -y -t -R -C -h' -- $cur ) )
+		return 0
+		;;
+	esac
+
+	case $prev in
+	    list)
+		COMPREPLY=( $( compgen -W 'all available updates installed extras obsoletes recent' -- $cur ) )
+		;;
+	    clean)
+		COMPREPLY=( $( compgen -W 'packages headers metadata cache dbcache all' -- $cur ) )
+		;;
+	    localinstall)
+		_filedir rpm
+		;;
+	    -c)
+		_filedir
+		;;
+	    --installroot)
+		_filedir -d
+		;;
+	    *)
+		COMPREPLY=( $( compgen -W 'install update check-update upgrade remove list \
+						search info provides clean groupinstall groupupdate \
+						grouplist deplist erase groupinfo groupremove \
+						localinstall localupdate makecache resolvedep \
+						shell whatprovides' -- $cur ) )
+		;;
+	esac
+}
+complete -F _yum $filenames yum
+
+# yum-arch(8) completion
+#
+_yum_arch()
+{
+    local cur
+    COMPREPLY=()
+    cur=`_get_cword`
+
+    case "$cur" in
+	-*)
+	    COMPREPLY=( $( compgen -W '-d -v -vv -n -c -z -s -l -q' -- $cur ) )
+	    ;;
+	*)
+	    _filedir -d
+	    ;;
+    esac
+
+    return 0
+
+}
+complete -F _yum_arch $filenames yum-arch
+}
+
+# ImageMagick completion
+#
+have convert && {
+_ImageMagick()
+{
+	local prev
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-channel)
+			COMPREPLY=( $( compgen -W 'Red Green Blue Opacity \
+				Matte Cyan Magenta Yellow Black' -- $cur ) )
+			return 0
+			;;
+		-colormap)
+			COMPREPLY=( $( compgen -W 'shared private' -- $cur ) )
+			return 0
+			;;
+		-colorspace)
+			COMPREPLY=( $( compgen -W 'GRAY OHTA RGB Transparent \
+				XYZ YCbCr YIQ YPbPr YUV CMYK' -- $cur ) )
+			return 0
+			;;
+		-compose)
+			COMPREPLY=( $( compgen -W 'Over In Out Atop Xor Plus \
+				Minus Add Subtract Difference Multiply Bumpmap\
+				Copy CopyRed CopyGreen CopyBlue CopyOpacity' \
+				-- $cur ) )
+			return 0
+			;;
+		-compress)
+			COMPREPLY=( $( compgen -W 'None BZip Fax Group4 JPEG \
+				Lossless LZW RLE Zip' -- $cur ) )
+			return 0
+			;;
+		-dispose)
+			COMPREPLY=( $( compgen -W 'Undefined None Background \
+						    Previous' -- $cur ) )
+			return 0
+			;;
+		-encoding)
+			COMPREPLY=( $( compgen -W 'AdobeCustom AdobeExpert \
+				AdobeStandard AppleRoman BIG5 GB2312 Latin2 \
+				None SJIScode Symbol Unicode Wansung' -- $cur))
+			return 0
+			;;
+		-endian)
+			COMPREPLY=( $( compgen -W 'MSB LSB' -- $cur ) )
+			return 0
+			;;
+		-filter)
+			COMPREPLY=( $( compgen -W 'Point Box Triangle Hermite \
+				Hanning Hamming Blackman Gaussian Quadratic \
+				Cubic Catrom Mitchell Lanczos Bessel Sinc' \
+				-- $cur ) )
+			return 0
+			;;
+		-format)
+			COMPREPLY=( $( convert -list format | \
+				    awk '/ [r-][w-][+-] / {print $1}' | \
+				    tr -d '*' | tr [:upper:] [:lower:] | \
+				    grep "^$cur" ) )
+			return 0
+			;;
+		-gravity)
+			COMPREPLY=( $( compgen -W 'Northwest North NorthEast \
+				West Center East SouthWest South SouthEast' \
+				-- $cur ) )
+			return 0
+			;;
+		-intent)
+			COMPREPLY=( $( compgen -W 'Absolute Perceptual \
+					Relative Saturation' -- $cur ) )
+			return 0
+			;;
+		-interlace)
+			COMPREPLY=( $( compgen -W 'None Line Plane Partition' \
+					-- $cur ) )
+			return 0
+			;;
+		-limit)
+			COMPREPLY=( $( compgen -W 'Disk File Map Memory' \
+					-- $cur ) )
+			return 0
+			;;
+		-list)
+			COMPREPLY=( $( compgen -W 'Delegate Format Magic \
+					Module Resource Type' -- $cur ) )
+			return 0
+			;;
+		-map)
+			COMPREPLY=( $( compgen -W 'best default gray red \
+					green blue' -- $cur ) )
+			_filedir
+			return 0
+			;;
+		-noise)
+			COMPREPLY=( $( compgen -W 'Uniform Gaussian \
+					Multiplicative \
+				Impulse Laplacian Poisson' -- $cur ) )
+			return 0
+			;;
+		-preview)
+			COMPREPLY=( $( compgen -W 'Rotate Shear Roll Hue \
+					Saturation Brightness Gamma Spiff \
+					Dull Grayscale Quantize Despeckle \
+					ReduceNoise AddNoise Sharpen Blur \
+					Treshold EdgeDetect Spread Shade \
+					Raise Segment Solarize Swirl Implode \
+					Wave OilPaint CharcoalDrawing JPEG' \
+					-- $cur ) )
+			return 0
+			;;
+		-@(mask|profile|texture|tile|write))
+			_filedir
+			return 0
+			;;
+		-type)
+			COMPREPLY=( $( compgen -W 'Bilevel Grayscale Palette \
+					PaletteMatte TrueColor TrueColorMatte \
+					ColorSeparation ColorSeparationlMatte \
+					Optimize' -- $cur ) )
+			return 0
+			;;
+		-units)
+			COMPREPLY=( $( compgen -W 'Undefined PixelsPerInch \
+					PixelsPerCentimeter' -- $cur ) )
+			return 0
+			;;
+		-virtual-pixel)
+			COMPREPLY=( $( compgen -W 'Constant Edge mirror tile' \
+					-- $cur ) )
+			return 0
+			;;
+		-visual)
+			COMPREPLY=( $( compgen -W 'StaticGray GrayScale \
+					StaticColor PseudoColor TrueColor \
+					DirectColor defaut visualid' -- $cur ))
+			return 0
+			;;
+	esac
+}
+
+_convert()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	_ImageMagick
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-adjoin -affine -antialias -append \
+			-authenticate -average -background -black-threshold \
+			-blue-primary -blur -border -bordercolor -channel \
+			-charcoal -chop -clip -coalesce -colorize -colors \
+			-colorspace -comment -compress -contrast -convolve \
+			-crop -cycle -debug -deconstruct -delay -density \
+			-depth -despeckle -display -dispose -dither -draw \
+			-edge -emboss -encoding -endian -enhance -equalize \
+			-extract -fill -filter -flatten -flip -flop -font \
+			-frame -fuzz -gamma -gaussian -geometry \
+			-green-primary -gravity -help -implode -intent \
+			-interlace -label -lat -level -limit -list -log -loop \
+			-map -mask -matte -median -modulate -monochrome \
+			-morph -mosaic -negate -noop -noise -normalize \
+			-opaque -ordered-dither -page -paint -ping -pointsize \
+			-preview -profile -quality -raise -random-threshold \
+			-region -raise -red-primary -render -resize -resample \
+			-roll -rotate -sample -sampling-factor -scale -scene \
+			-seed -segment -shade -sharpen -shave -shear -size \
+			-solarize -spread -stroke -strokewidth -swirl \
+			-texture -threshold -thumbnail -tile -transform \
+			-transparent -treedepth -trim -type -undercolor \
+			-units -unsharp -verbose -version -view \
+			-virtual-pixel -wave -white-point -white-threshold \
+			-write' -- $cur ) )
+	elif [[ "$cur" == +* ]]; then
+		COMPREPLY=( $( compgen -W '+adjoin +append +compress \
+			+contrast +debug +dither +endian +gamma +label +map \
+			+mask +matte +negate +noise +page +raise +render \
+			+write' -- $cur ) ) 
+	else
+		_filedir
+	fi
+}
+complete -F _convert $filenames convert
+
+_mogrify()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	_ImageMagick
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-affine -antialias -authenticate \
+			-background -black-threshold -blue-primary -blur \
+			-border -bordercolor -channel -charcoal -chop \
+			-colorize -colors -colorspace -comment -compress \
+			-contrast -convolve -crop -cycle -debug -delay \
+			-density -depth -despeckle -display -dispose -dither \
+			-draw -edge -emboss -encoding -endian -enhance \
+			-equalize -extract -fill -filter -flip -flop -font \
+			-format -frame -fuzz -gamma -gaussian -geometry \
+			-green-primary -implode -interlace -help -label -lat \
+			-level -limit -list -log -loop -map -mask -matte \
+			-median -modulate -monochrome -negate -noop \
+			-normalize -opaque -page -paint -fill -ordered-dither \
+			-pointsize -profile -quality -raise -random-threshold \
+			-red-primary -region -resample -resize -roll -rotate \
+			-sample -sampling-factor -scale -scene -seed -segment \
+			-shade -sharpen -shear -size -solarize -spread \
+			-stroke -strokewidth -swirl -texture -threshold \
+			-thumbnail -tile -transform -transparent -treedepth \
+			-trim -type -undercolor -units -unsharp -verbose \
+			-version -view -virtual-pixel -wave -white-point \
+			-white-threshold' -- $cur ) )
+	elif [[ "$cur" == +* ]]; then
+		COMPREPLY=( $( compgen -W '+compress +contrast +debug +dither \
+			+endian +gamma +label +map +mask +matte +negate +page \
+			+raise' -- $cur ) ) 
+	else
+		_filedir
+	fi
+}
+complete -F _mogrify $filenames mogrify
+
+_display()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	_ImageMagick
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-authenticate -backdrop -border \
+			-colormap -colors -colorspace -comment -compress \
+			-contrast -crop -debug -delay -density -depth \
+			-despeckle -display -dispose -dither -edge -endian \
+			-enhance -extract -filter -flip -flop -frame -gamma \
+			-geometry -help -immutable -interlace -label -limit \
+			-log -map -matte -monochrome -negate -noop -page \
+			-quality -raise -remote -roll -rotate -sample \
+			-sampling-factor -scene -segment -sharpen -size \
+			-texture -treedepth -trim -update -verbose -version \
+			-virtual-pixel -window -window_group -write' -- $cur))
+	elif [[ "$cur" == +* ]]; then
+		COMPREPLY=( $( compgen -W '+compress +contrast +debug +dither \
+			+endian +gamma +label +map +matte +negate +page \
+			+raise +write' -- $cur ) ) 
+	else
+		_filedir
+	fi
+}
+complete -F _display $filenames display
+
+_animate()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	_ImageMagick
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-authenticate -backdrop -colormap \
+			-colors -colorspace -crop -debug -delay -density \
+			-depth -display -dither -extract -gamma -geometry \
+			-help -interlace -limit -log -matte -map -monochrome \
+			-noop -pause -remote -rotate -sampling-factor -scene \
+			-size -treedepth -trim -verbose -version -visual \
+			-virtual-pixel -window' -- $cur ) )
+	elif [[ "$cur" == +* ]]; then
+		COMPREPLY=( $( compgen -W '+debug +dither +gamma +map +matte' -- $cur ) ) 
+	else
+		_filedir
+	fi
+}
+complete -F _animate $filenames animate
+
+_identify()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	_ImageMagick
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-authenticate -debug -density \
+			-depth -extract -format -help -interlace -limit -list \
+			-log -size -sampling-factor -verbose -version \
+			-virtual-pixel' -- $cur ) )
+	elif [[ "$cur" == +* ]]; then
+		COMPREPLY=( $( compgen -W '+debug ' -- $cur ) ) 
+	else
+		_filedir
+	fi
+}
+complete -F _identify $filenames identify
+
+_montage()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	_ImageMagick
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-adjoin -affine -authenticate \
+			-blue-primary -blur -colors -colorspace -comment \
+			-compose -compress -crop -debug -density -depth \
+			-display -dispose -dither -draw -encoding -endian \
+			-extract -fill -filter -flip -flop -frame -gamma \
+			-geometry -gravity -green-primary -interlace -help \
+			-label -limit -log -matte -mode -monochrome -noop \
+			-page -pointsize -quality -red-primary -resize \
+			-rotate -sampling-factor -scene -shadow -size \
+			-stroke -texture -thumbnail -tile -transform \
+			-transparent -treedepth -trim -type -verbose \
+			-version -virtual-pixel -white-point' -- $cur ) )
+	elif [[ "$cur" == +* ]]; then
+		COMPREPLY=( $( compgen -W '+adjoin +compress +debug +dither \
+			+endian +gamma +label +matte +page' -- $cur ) ) 
+	else
+		_filedir
+	fi
+}
+complete -F _montage $filenames montage
+
+_composite()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	_ImageMagick
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-affine -authenticate \
+			-blue-primary -colors -colorspace -comment -compose \
+			-compress -debug -density -depth -displace -display \
+			-dispose -dissolve -dither -encoding -endian -extract \
+			-filter -font -geometry -gravity -green-primary -help \
+			-interlace -label -limit -log -matte -monochrome \
+			-negate -page -profile -quality -red-primary -rotate \
+			-resize -sampling-factor -scene -sharpen -size \
+			-stegano -stereo -thumbnail -tile -transform \
+			-treedepth -type -units -unsharp -verbose -version \
+			-virtual-pixel -watermark -white-point -write' \
+			-- $cur ) )
+	elif [[ "$cur" == +* ]]; then
+		COMPREPLY=( $( compgen -W '+compress +debug +dither +endian +label \
+			+matte +negate +page +write' -- $cur ) ) 
+	else
+		_filedir
+	fi
+}
+complete -F _composite $filenames composite
+}
+
+# dd(1) completion
+#
+have dd &&
+_dd()
+{
+	 local cur
+
+	 COMPREPLY=()
+	cur=`_get_cword`
+
+	 case "$cur" in
+	 if=*|of=*)
+		 cur=${cur#*=}
+		 _filedir
+		 return 0
+		 ;;
+	 conv=*)
+		 cur=${cur#*=}
+		 COMPREPLY=( $( compgen -W 'ascii ebcdic ibm block unblock \
+				lcase notrunc ucase swab noerror sync' \
+				-- $cur ) )
+		 return 0
+		 ;;
+	 esac
+
+	 _expand || return 0
+
+	 COMPREPLY=( $( compgen -W '--help --version' -- $cur ) \
+		     $( compgen -W 'bs cbs conv count ibs if obs of seek skip'\
+				-S '=' -- $cur ) )
+} &&
+complete -F _dd $nospace $filenames dd
+
+# CUPS cancel(1) completion
+#
+have cancel &&
+_cancel()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	COMPREPLY=( $( lpstat | cut -d' ' -f1 | grep "^$cur" ) )
+} &&
+complete -F _cancel $filenames cancel
+
+# aspell(1) completion
+#
+have aspell && {
+_aspell_dictionary()
+{
+	local datadir
+	datadir=/usr/lib/aspell
+	COMPREPLY=( $( command ls $datadir/*.@(multi|alias) ) )
+	COMPREPLY=( ${COMPREPLY[@]%.@(multi|alias)} )
+	COMPREPLY=( $( compgen -W '${COMPREPLY[@]#$datadir/}' -- $cur ) )
+}
+
+_aspell()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	# --name value style option
+	case "$prev" in
+		@(-c|-p|check))
+			_filedir
+			return 0
+			;;
+		@(dump|create|merge))
+			COMPREPLY=( $( compgen -W 'master personal repl' -- $cur ) )
+			return 0
+			;;
+		-d)
+			_aspell_dictionary
+			return 0
+			;;
+	esac
+
+	# --name=value style option
+	if [[ "$cur" == *=* ]]; then
+		prev=${cur/=*/}
+		cur=${cur/*=/}
+		case "$prev" in
+			--@(conf|personal|repl|per-conf))
+				_filedir
+				return 0
+				;;
+			--@(conf-dir|data-dir|dict-dir|home-dir|local-data-dir|prefix))
+				_filedir -d
+				return 0
+				;;
+			--master)
+				_aspell_dictionary
+				return 0
+				;;
+			--mode)
+				COMPREPLY=( $( compgen -W 'none url email sgml tex' -- $cur ) )
+				return 0
+				;; 
+			--sug-mode)
+				COMPREPLY=( $( compgen -W 'ultra fast normal bad-speller' -- $cur ) )
+				return 0
+				;;
+			--keymapping)
+				COMPREPLY=( $( compgen -W 'aspell ispell' -- $cur ) )
+				return 0
+				;;
+		esac
+	fi
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '--conf= --conf-dir= --data-dir= --dict-dir= \
+			--encoding= --add-filter= --rem-filter= --mode= -e \
+			-H -t --add-extra-dicts= --rem-extra-dicts= \
+			--home-dir= -W --ignore= --ignore-accents \
+			--dont-ignore-accents --ignore-case --dont-ignore-case \
+			--ignore-repl --dont-ignore-repl --jargon= --keyboard= \
+			--lang= --language-tag= --local-data-dir= -d --master= \
+			--module= --add-module-search-order= \
+			--rem-module-search-order= --per-conf= -p --personal= \
+			--prefix= --repl= -C -B --run-together --dont-run-together \
+			--run-together-limit= --run-together-min= --save-repl \
+			--dont-save-repl --set-prefix --dont-set-prefix --size= \
+			--spelling= --strip-accents --dont-strip-accents \
+			--sug-mode= --add-word-list-path= --rem-word-list-path= \
+			-b -x --backup -b|-x --dont-backup --reverse --dont-reverse \
+			--time --dont-time --keymapping= --add-email-quote= \
+			--rem-email-quote= --email-margin= --add-tex-command= \
+			--rem-tex-command= --tex-check-comments \
+			--dont-tex-check-comments --add-tex-extension= \
+			--rem-tex-extension= --add-sgml-check= --rem-sgml-check= \
+			--add-sgml-extension= --rem-sgml-extension=' -- $cur ) )
+	else
+		COMPREPLY=( $( compgen -W '-? help -c check -a pipe -l list \
+			config config soundslike filter -v version dump \
+			create merge' -- $cur ) )
+	fi
+
+}
+complete -F _aspell $filenames aspell
+}
+
+# xmms(1) completion
+#
+have xmms &&
+_xmms()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-h --help -r --rew -p --play \
+			-u --pause -s --stop -t --play-pause -f --fwd -e \
+			--enqueue -m --show-main-window -i --sm-client-id \
+			-v --version' -- $cur ) )
+	else
+		_filedir '@(mp[23]|MP[23]|ogg|OGG|wav|WAV|pls|m3u|xm|mod|s[3t]m|it|mtm|ult|flac)'
+
+	fi
+
+} &&
+complete -F _xmms $filenames xmms
+
+# info(1) completion
+#
+have info &&
+_info()
+{
+	local cur infopath UNAME
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	_expand || return 0
+
+	# default completion if parameter contains /
+	if [[ "$cur" == */* ]]; then
+		_filedir
+		return 0
+	fi
+
+	infopath='/usr/share/info'
+
+	if [ "${INFOPATH: -1:1}" == ':' ]; then
+		infopath=${INFOPATH}${infopath}
+	elif [ ${INFOPATH:+set} ]; then
+		infopath=$INFOPATH
+	fi
+
+	infopath=$infopath:
+	if [ -n "$cur" ]; then
+		infopath="${infopath//://$cur* }"
+	else
+		infopath="${infopath//:// }"
+	fi
+
+	# redirect stderr for when path doesn't exist
+	COMPREPLY=( $( eval command ls "$infopath" 2>/dev/null ) )
+	# weed out directory path names and paths to info pages
+	COMPREPLY=( ${COMPREPLY[@]##*/?(:)} )
+	# weed out info dir file
+	for (( i=0 ; i < ${#COMPREPLY[@]} ; ++i )); do
+		if [ "${COMPREPLY[$i]}" == 'dir' ]; then
+			unset COMPREPLY[$i];
+		fi;
+	done  
+	# strip suffix from info pages
+	COMPREPLY=( ${COMPREPLY[@]%.@(gz|bz2)} )
+	COMPREPLY=( $( compgen -W '${COMPREPLY[@]%.*}' -- "${cur//\\\\/}" ) )
+
+	return 0
+} &&
+complete -F _info $filenames info
+
+# dhclient(1) completion
+#
+have dhclient && _dhclient()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(cf|lf|pf|sf))
+			_filedir
+			return 0
+			;;
+		-s)
+			_known_hosts
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-p -d -q -1 -r -lf -pf \
+			-cf -sf -s -g -n -nw -w' -- $cur ) )
+	else
+		_available_interfaces
+	fi
+} &&
+complete -F _dhclient dhclient
+
+# lvm(8) completion
+#
+have lvm && {
+_volumegroups()
+{
+	COMPREPLY=( $(compgen -W "$( vgscan 2>/dev/null | \
+	    sed -n -e 's|.*Found.*"\(.*\)".*$|\1|p' )" -- $cur ) )
+}
+
+_physicalvolumes()
+{
+	COMPREPLY=( $(compgen -W "$( pvscan 2>/dev/null | \
+	    sed -n -e 's|^.*PV \(.*\) VG.*$|\1|p' )" -- $cur ) )
+}
+
+_logicalvolumes()
+{
+	COMPREPLY=( $(compgen -W "$( lvscan 2>/dev/null | \
+	    sed -n -e "s|^.*'\(.*\)'.*$|\1|p" )" -- $cur ) )
+}
+
+_units()
+{
+	COMPREPLY=( $( compgen -W 'h s b k m g t H K M G T' -- $cur ) )
+}
+
+_sizes()
+{
+	COMPREPLY=( $( compgen -W 'k K m M g G t T' -- $cur ) )
+}
+
+_args()
+{
+	args=0
+	if [[ "${COMP_WORDS[0]}" == lvm ]]; then
+		offset=2
+	else
+		offset=1
+	fi
+	for (( i=$offset; i < COMP_CWORD; i++ )); do
+		if [[ "${COMP_WORDS[i]}" != -* ]]; then
+			args=$(($args + 1))
+		fi
+	done
+}
+
+_lvmdiskscan()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-d --debug -h -? --help -l \
+			--lvmpartition -v --verbose --version' -- $cur ) )
+	fi
+}
+complete -F _lvmdiskscan lvmdiskscan
+
+_pvscan()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-d --debug -e \
+			--exported -n --novolumegroup -h -? \
+			--help --ignorelockingfailure -P \
+			--partial -s --short -u --uuid -v \
+			--verbose --version' -- $cur ) )
+	fi
+}
+complete -F _pvscan pvscan
+
+_pvs()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(o|O|-options|-sort))
+			COMPREPLY=( $( compgen -W 'pv_fmt pv_uuid \
+				pv_size pv_free pv_used pv_name \
+				pv_attr pv_pe_count \
+				pv_pe_alloc_count' -- $cur ) )
+			return 0
+			;;
+		--units)
+			_units
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '--aligned -a --all -d --debug \
+			-h -? --help --ignorelockingfailure --noheadings \
+			--nosuffix -o --options -O --sort \
+			--separator --unbuffered --units \
+			-v --verbose --version' -- $cur ) )
+	else
+		_physicalvolumes
+	fi
+}
+complete -F _pvs pvs
+
+_pvdisplay()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		--units)
+			_units
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-c --colon -C --columns --units \
+			-v --verbose -d --debug -h --help --version' -- $cur ) )
+	else
+		_physicalvolumes
+	fi
+}
+complete -F _pvdisplay pvdisplay
+
+_pvchange()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(A|x|-autobackup|--allocatable))
+			COMPREPLY=( $( compgen -W 'y n' -- $cur ) )
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-a --all -A --autobackup \
+			-d --debug -h --help -t --test -u --uuid -x \
+			--allocatable -v --verbose --addtag --deltag \
+			--version' -- $cur ) )
+	else
+		_physicalvolumes
+	fi
+}
+complete -F _pvchange pvchange
+
+_pvcreate()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		--restorefile)
+			_filedir
+			return 0
+			;;
+		-@(M|-metadatatype))
+			COMPREPLY=( $( compgen -W '1 2' -- $cur ) )
+			return 0
+			;;
+		--metadatacopies)
+			COMPREPLY=( $( compgen -W '0 1 2' -- $cur ) )
+			return 0
+			;;
+		--@(metadatasize|setphysicalvolumesize))
+			_sizes
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '--restorefile -d --debug -f \
+			--force -h -? --help --labelsector -M --metadatatype \
+			--metadatacopies --metadatasize \
+			--setphysicalvolumesize -t --test -u --uuid uuid -v \
+			--verbose -y --yes --version' -- $cur ) )
+	else
+		_physicalvolumes
+	fi
+}
+complete -F _pvcreate pvcreate
+
+_pvmove()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(A|-autobackup))
+			COMPREPLY=( $( compgen -W 'y n' -- $cur ) )
+			return 0
+			;;
+		-@(n|-name))
+			_logicalvolumes
+			return 0
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '--abort -A --autobackup \
+			-b --background -d --debug -f --force -h -? \
+			--help -i --interval -t --test -v --verbose \
+			--version -n --name' -- $cur ) )
+	else
+		_physicalvolumes
+	fi
+}
+complete -F _pvmove pvmove
+
+_pvremove()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-d --debug -f --force -h -? \
+			--help -y --yes -t --test -v --verbose \
+			--version' -- $cur ) )
+	else
+		_physicalvolumes
+	fi
+}
+complete -F _pvremove pvremove
+
+_vgscan()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-d --debug -h --help \
+			--ignorelockingfailure --mknodes -P \
+			--partial -v --verbose --version' -- $cur ) )
+	fi
+}
+complete -F _vgscan vgscan
+
+_vgs()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(o|O|-options|-sort))
+			COMPREPLY=( $( compgen -W 'vg_fmt vg_uuid vg_name \
+				vg_attr vg_size vg_free vg_sysid \
+				vg_extent_size vg_extent_count vg_free_count \
+				max_lv max_pv pv_count lv_count snap_count \
+				vg_seqno' -- $cur ) )
+			return 0
+			;;
+		--units)
+			_units
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '--aligned -d --debug \
+			-h --help --ignorelockingfailure --noheadings \
+			--nosuffix -o --options -O --sort -P --partial \
+			--separator --unbuffered --units \
+			-v --verbose --version' -- $cur ) )
+	else
+		_volumegroups
+	fi
+}
+complete -F _vgs vgs
+
+_vgdisplay()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		--units)
+			_units
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-c --colon -C --columns --units \
+			-P --partial -A --activevolumegroups -v --verbose \
+			-d --debug -h --help --version' -- $cur ) )
+	else
+		_volumegroups
+	fi
+}
+complete -F _vgdisplay vgdisplay
+
+_vgchange()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(a|A|x|-available|-autobackup|-resizeable))
+			COMPREPLY=( $( compgen -W 'y n' -- $cur ) )
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-A --autobackup --alloc -P \
+			--partial -d --debug -h --help --ignorelockingfailure \
+			-t --test -u --uuid -v --verbose --version -a \
+			--available -x --resizeable -l --logicalvolume \
+			--addtag --deltag' -- $cur ) )
+	else
+		_volumegroups
+	fi
+}
+complete -F _vgchange vgchange
+
+_vgcreate()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(A|-autobackup))
+			COMPREPLY=( $( compgen -W 'y n' -- $cur ) )
+			return 0
+			;;
+		-@(M|-metadatatype))
+			COMPREPLY=( $( compgen -W '1 2' -- $cur ) )
+			return 0
+			;;
+		-@(s|-physicalextentsize))
+			_sizes
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-A --autobackup --addtag \
+			--alloc -d --debug -h --help -l --maxlogicalvolumes \
+			-M --metadatatype -p --maxphysicalvolumes -s \
+			--physicalextentsize -t --test -v --verbose \
+			--version' -- $cur ) )
+	else
+		_args
+		if [ $args -eq 0 ]; then
+			_volumegroups
+		else
+			_physicalvolumes
+		fi
+	fi
+}
+complete -F _vgcreate vgcreate
+
+_vgremove()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-d --debug -h --help -t --test \
+		-v --verbose --version' -- $cur ) )
+	else
+		_volumegroups
+	fi
+}
+complete -F _vgremove vgremove
+
+_vgrename()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(A|-autobackup))
+			COMPREPLY=( $( compgen -W 'y n' -- $cur ) )
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-A --autobackup -d --debug -h \
+			-? --help -t --test -v --verbose --version' -- $cur ) )
+	else
+		_volumegroups
+	fi
+}
+complete -F _vgrename vgrename
+
+_vgreduce()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(A|-autobackup))
+			COMPREPLY=( $( compgen -W 'y n' -- $cur ) )
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-a --all -A --autobackup -d \
+			--debug -h --help --removemissing -t --test -v \
+			--verbose --version' -- $cur ) )
+
+	else
+		_args
+		if [ $args -eq 0 ]; then
+			_volumegroups
+		else
+			_physicalvolumes
+		fi
+	fi
+}
+complete -F _vgreduce vgreduce
+
+_vgextend()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(A|-autobackup))
+			COMPREPLY=( $( compgen -W 'y n' -- $cur ) )
+			return 0
+			;;
+		-@(L|-size))
+			_sizes
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-A --autobackup -d --debug -h \
+			-? --help -t --test -v --verbose --version' -- $cur ) )
+	else
+		_args
+		if [ $args -eq 0 ]; then
+			_volumegroups
+		else
+			_physicalvolumes
+		fi
+	fi
+}
+complete -F _vgextend vgextend
+
+_vgport()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-a --all -d --debug -h \
+			-? --help -v --verbose --version' -- $cur ) )
+	else
+		_volumegroups
+	fi
+}
+complete -F _vgport vgimport vgexport
+
+_vgck()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-d --debug -h \
+			-? --help -v --verbose --version' -- $cur ) )
+	else
+		_volumegroups
+	fi
+}
+complete -F _vgck vgck
+
+_vgconvert()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(M|-metadatatype))
+			COMPREPLY=( $( compgen -W '1 2' -- $cur ) )
+			return 0
+			;;
+		--metadatacopies)
+			COMPREPLY=( $( compgen -W '0 1 2' -- $cur ) )
+			return 0
+			;;
+		--metadatasize)
+			_sizes
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-d --debug -h --help --labelsector \ 
+			-M --metadatatype --metadatacopies --metadatasize \
+			-t --test -v --verbose --version' -- $cur ) )
+	else
+		_volumegroups
+	fi
+}
+complete -F _vgconvert vgconvert
+
+_vgcfgbackup()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(f|-file))
+			_filedir
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-d --debug -f --file -h --help \
+			--ignorelockingfailure -P --partial -v --verbose \
+			--version' -- $cur ) )
+	else
+		_volumegroups
+	fi
+}
+complete -F _vgcfgbackup vgcfgbackup
+
+_vgcfgrestore()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(f|-file))
+			_filedir
+			return 0
+			;;
+		-@(M|-metadatatype))
+			COMPREPLY=( $( compgen -W '1 2' -- $cur ) )
+			return 0
+			;;
+		-@(n|-name))
+			_volumegroups
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-d --debug -f --file -l --list \
+			-h --help -M --Metadatatype -n --name -t --test \
+			-v --verbose --version' -- $cur ) )
+	else
+		_volumegroups
+	fi
+}
+complete -F _vgcfgrestore vgcfgrestore
+
+_vgmerge()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(A|-autobackup))
+			COMPREPLY=( $( compgen -W 'y n' -- $cur ) )
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-A --autobackup -d --debug \
+			-h --help -l --list -t --test -v --verbose \
+			--version' -- $cur ) )
+	else
+		_volumegroups
+	fi
+}
+complete -F _vgmerge vgmerge
+
+_vgsplit()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(A|-autobackup))
+			COMPREPLY=( $( compgen -W 'y n' -- $cur ) )
+			return 0
+			;;
+		-@(M|-metadatatype))
+			COMPREPLY=( $( compgen -W '1 2' -- $cur ) )
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-A --autobackup -d --debug \
+			-h --help -l --list -M --metadatatype -t --test \
+			-v --verbose --version' -- $cur ) )
+	else
+		_args
+		if [ $args -eq 0 -o $args -eq 1 ]; then
+			_volumegroups
+		else
+			_physicalvolumes
+		fi
+	fi
+}
+complete -F _vgsplit vgsplit
+
+_vgmknodes()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-d --debug -h --help -v --verbose \
+			--version' -- $cur ) )
+	else
+		_volumegroups
+	fi
+}
+complete -F _vgmknodes vgmknodes
+
+_lvscan()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-b --blockdevice -d --debug \
+			-h -? --help --ignorelockingfailure -P \
+			--partial -v --verbose --version' -- $cur ) )
+	fi
+}
+complete -F _lvscan lvscan
+
+_lvs()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(o|O|-options|-sort))
+			COMPREPLY=( $( compgen -W 'lv_uuid lv_name \
+				lv_attr lv_minor lv_size seg_count \
+				origin snap_percent segtype stripes \
+				stripesize chunksize seg_start \
+				seg_size' -- $cur ) )
+			return 0
+			;;
+		--units)
+			_units
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '--aligned -d --debug \
+			-h --help --ignorelockingfailure --noheadings \
+			--nosuffix -o --options -O --sort -P --partial \
+			--segments --separator --unbuffered --units \
+			-v --verbose --version' -- $cur ) )
+	else
+		_logicalvolumes
+	fi
+}
+complete -F _lvs lvs
+
+_lvdisplay()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		--units)
+			_units
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-c --colon -C --columns --units \
+			-P --partial -m --maps -v --verbose -d --debug -h \
+			--help --version' -- $cur ) )
+	else
+		_logicalvolumes
+	fi
+}
+complete -F _lvdisplay lvdisplay
+
+_lvchange()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(a|A|C|M|-available|-autobackup|-continguous|-persistent))
+			COMPREPLY=( $( compgen -W 'y n' -- $cur ) )
+			return 0
+			;;
+		-@(p|-permission))
+			COMPREPLY=( $( compgen -W 'r rw' -- $cur ) )
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-A --autobackup -a --available \
+			--addtag --alloc -C --contiguous -d --debug --deltag \
+			-f --force -h --help --ignorelockingfailure -M \
+			--persistent --major major --minor minor -P --partial \
+			-p --permission -r --readahead --refresh -t --test \
+			-v --verbose --version' -- $cur ) )
+	else
+		_logicalvolumes
+	fi
+}
+complete -F _lvchange lvchange
+
+_lvcreate()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(A|C|M|Z|-autobackup|-continguous|-persistent|-zero))
+			COMPREPLY=( $( compgen -W 'y n' -- $cur ) )
+			return 0
+			;;
+		-@(L|-size))
+			_sizes
+			return 0
+			;;
+		-@(p|-permission))
+			COMPREPLY=( $( compgen -W 'r rw' -- $cur ) )
+			return 0
+			;;
+		-@(n|-name))
+			_logicalvolumes
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-A --autobackup --addtag --alloc \
+			-C --contiguous -d --debug -h -? --help -i --stripes \
+			-I --stripesize -l --extents -L --size -M --persistent \
+			--major --minor -n --name -p --permission -r \
+			--readahead -t --test --type -v --verbose -Z --zero \
+			--version' -- $cur ) )
+	else
+		_args
+		if [ $args -eq 0 ]; then
+			_volumegroups
+		else
+			_physicalvolumes
+		fi
+	fi
+}
+complete -F _lvcreate lvcreate
+
+_lvremove()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(A|-autobackup))
+			COMPREPLY=( $( compgen -W 'y n' -- $cur ) )
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-A --autobackup -d --debug -f \
+			--force -h -?  --help -t --test -v --verbose \
+			--version' -- $cur ) )
+	else
+		_logicalvolumes
+	fi
+}
+complete -F _lvremove lvremove
+
+_lvrename()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(A|-autobackup))
+			COMPREPLY=( $( compgen -W 'y n' -- $cur ) )
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-A --autobackup -d --debug -h \
+			-? --help -t --test -v --verbose --version' -- $cur ) )
+	else
+		_logicalvolumes
+	fi
+}
+complete -F _lvrename lvrename
+
+_lvreduce()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(A|-autobackup))
+			COMPREPLY=( $( compgen -W 'y n' -- $cur ) )
+			return 0
+			;;
+		-@(L|-size))
+			_sizes
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-A --autobackup -d \
+			--debug -f --force -h --help -l --extents \
+			-L --size -n --nofsck -r --resizefs -t --test \
+			-v --verbose --version' -- $cur ) )
+	else
+		_logicalvolumes
+	fi
+}
+complete -F _lvreduce lvreduce
+
+_lvresize()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(A|-autobackup))
+			COMPREPLY=( $( compgen -W 'y n' -- $cur ) )
+			return 0
+			;;
+		-@(L|-size))
+			_sizes
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-A --autobackup --alloc -d \
+			--debug -h --help -i --stripes -I --stripesize \
+			-l --extents -L --size -n --nofsck -r --resizefs \
+			-t --test --type -v --verbose --version' -- $cur ) )
+	else
+		_args
+		if [ $args -eq 0 ]; then
+			_logicalvolumes
+		else
+			_physicalvolumes
+		fi
+	fi
+}
+complete -F _lvresize lvresize
+
+_lvextend()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+		-@(A|-autobackup))
+			COMPREPLY=( $( compgen -W 'y n' -- $cur ) )
+			return 0
+			;;
+		-@(L|-size))
+			_sizes
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-A --autobackup --alloc -d \
+			--debug -h --help -i --stripes -I --stripesize \
+			-l --extents -L --size -n --nofsck -r --resizefs \
+			-t --test --type -v --verbose --version' -- $cur ) )
+	else
+		_args
+		if [ $args -eq 0 ]; then
+			_logicalvolumes
+		else
+			_physicalvolumes
+		fi
+	fi
+}
+complete -F _lvextend lvextend
+
+_lvm()
+{
+	local prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	if [ $COMP_CWORD -eq 1 ]; then
+		COMPREPLY=( $( compgen -W 'dumpconfig help lvchange \
+			lvcreate lvdisplay lvextend lvmchange \
+			lvmdiskscan lvmsadc lvmsar lvreduce \
+			lvremove lvrename lvresize lvs lvscan \
+			pvchange pvcreate pvdata pvdisplay pvmove \
+			pvremove pvresize pvs pvscan vgcfgbackup \
+			vgcfgrestore vgchange vgck vgconvert \
+			vgcreate vgdisplay vgexport vgextend \
+			vgimport vgmerge vgmknodes vgreduce \
+			vgremove vgrename vgs vgscan vgsplit \
+			version' -- $cur ) )
+	else
+		case ${COMP_WORDS[1]} in
+			pvchange)
+				_pvchange
+				;;
+			pvcreate)
+				_pvcreate
+				;;
+			pvdisplay)
+				_pvdisplay
+				;;
+			pvmove)
+				_pvmove
+				;;
+			pvremove)
+				_pvremove
+				;;
+			pvresize)
+				_pvresize
+				;;
+			pvs)
+				_pvs
+				;;
+			pvscan)
+				_pvscan
+				;;
+			vgcfgbackup)
+				_vgcfgbackup
+				;;
+			vgcfgrestore)
+				_vgcfgrestore
+				;;
+			vgchange)
+				_vgchange
+				;;
+			vgck)
+				_vgck
+				;;
+			vgconvert)
+				_vgconvert
+				;;
+			vgcreate)
+				_vgcreate
+				;;
+			vgdisplay)
+				_vgdisplay
+				;;
+			vgexport)
+				_vgexport
+				;;
+			vgextend)
+				_vgextend
+				;;
+			vgimport)
+				_vgimport
+				;;
+			vgmerge)
+				_vgmerge
+				;;
+			vgmknodes)
+				_vgmknodes
+				;;
+			vgreduce)
+				_vgreduce
+				;;
+			vgremove)
+				_vgremove
+				;;
+			vgrename)
+				_vgrename
+				;;
+			vgs)
+				_vgs
+				;;
+			vgscan)
+				_vgscan
+				;;
+			vgsplit)
+				_vgsplit
+				;;
+			lvchange)
+				_lvchange
+				;;
+			lvcreate)
+				_lvcreate
+				;;
+			lvdisplay)
+				_lvdisplay
+				;;
+			lvextend)
+				_lvextend
+				;;
+			lvreduce)
+				_lvreduce
+				;;
+			lvremove)
+				_lvremove
+				;;
+			lvrename)
+				_lvrename
+				;;
+			lvresize)
+				_lvresize
+				;;
+			lvs)
+				_lvs
+				;;
+			lvscan)
+				_lvscan
+				;;
+		esac
+	fi
+}
+complete -F _lvm lvm
+}
+
+# mkinitrd(8) completion
+#
+have mkinitrd &&
+_mkinitrd()
+{
+	local cur args
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	# --name value style option
+	case "$prev" in
+		--preload)
+			_modules
+			return 0
+			;;
+	esac
+
+	# --name=value style option
+	if [[ "$cur" == *=* ]]; then
+		prev=${cur/=*/}
+		cur=${cur/*=/}
+		case "$prev" in
+			--@(with|builtin))
+				_modules
+				return 0
+				;;
+			--@(fstab|dsdt))
+				_filedir
+				return 0
+				;;
+			--tmpdir)
+				_filedir -d
+				return 0
+				;;
+		esac
+	fi
+
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '--version -v -f --preload \
+			--with= --omit-scsi-modules --omit-raid-modules \
+			--images-version --fstab= --nocompress --builtin= \
+			--nopivot --noudev --allow-missing --tmpdir= \
+			--initrdfs= --dsdt= --lvm-version= --froce-usb' \
+			-- $cur ) )
+	else
+		_count_args
+
+		case $args in
+			1)
+				_filedir
+				;;
+			2)
+				COMPREPLY=( $( command ls /lib/modules | grep "^$cur" ) )
+				;;
+		esac
+	fi
+
+} &&
+complete -F _mkinitrd mkinitrd
+
+# pkgconfig(1) completion
+#
+have pkg-config &&
+_pkg_config()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	if [[ "$cur" == -* ]]; then
+		# return list of available options
+		COMPREPLY=( $( compgen -W '-version --modversion \
+		      --atleast-pkgconfig-version= --libs --libs-only-l \
+		      --libs-only-other --libs-only-L --cflags \
+		      --cflags-only-I --cflags-only-other --variable= \
+		      --define-variable= --exists --uninstalled \
+		      --atleast-version= --exact-version= --max-version= \
+		      --list-all --debug --print-errors --silence-errors \
+		      --errors-to-stdout -? --help --usage' -- $cur))
+	else
+		COMPREPLY=( $( pkg-config --list-all 2>/dev/null | \
+				    awk '{print $1}' | grep "^$cur" ) )
+	fi
+} &&
+complete -F _pkg_config pkg-config
+
+
+# cpio(1) completion
+#
+have cpio && {
+_cpio_format()
+{
+	COMPREPLY=( $( compgen -W 'bin odc newc crc tar ustar hpbin hpodc' -- $cur ) )
+}
+
+_cpio()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	# --name value style option
+	case $prev in
+		-H)
+			_cpio_format
+			return 0
+			;;
+		-@(E|F|I))
+			_filedir
+			return 0
+			;;
+		-R)
+			_usergroup
+			return 0
+			;;
+	esac
+
+	# --name=value style option
+	if [[ "$cur" == *=* ]]; then
+		prev=${cur/=*/}
+		cur=${cur/*=/}
+		case $prev in
+			--format)
+				_cpio_format
+				return 0
+				;;
+			--@(file|pattern-file))
+				_filedir
+				return 0
+				;;
+			--owner)
+				_usergroup
+				return 0
+				;;
+			--rsh-command)
+				COMPREPLY=( $( compgen -c -- $cur ) )
+				return 0
+				;;
+		esac
+	fi
+
+	if [ $COMP_CWORD -eq 1 ]; then
+		COMPREPLY=( $( compgen -W '-o --create -i --extract -p --pass-through' -- $cur) ) 
+	else
+		case ${COMP_WORDS[1]} in
+			-@(o|-create))
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-0 -a -c -v -A -B\
+						-L -V -C -H -M -O -F --file= --format=\
+						--message= --null --reset-access-time\
+						--verbose --dot --append --block-size=\
+						--dereference --io-size= --quiet\
+						--force-local --rsh-command= --help\
+						--version' -- $cur ) )
+				fi
+				;;
+			-@(i|-extract))
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-b -c -d -f -m -n -r\
+						-t -s -u -v -B -S -V -C -E -H -M -R -I\
+						-F --file= --make-directories\
+						--nonmatching\
+						--preserve-modification-time\
+						--numeric-uid-gid --rename -t --list\
+						--swap-bytes --swap --dot\
+						--unconditional --verbose --block-size=\
+						--swap-halfwords --io-size=\
+						--pattern-file= --format= --owner=\
+						--no-preserve-owner --message=\
+						--force-local --no-absolute-filenames\
+						--sparse --only-verify-crc --quiet\
+						--rsh-command= --help\
+						--version' -- $cur ) )
+				fi
+				;;
+			-@(p|-pass-through))
+				if [[ "$cur" == -* ]]; then
+					COMPREPLY=( $( compgen -W '-0 -a -d -l -m -u -v\
+						-L -V -R --null --reset-access-time\
+						--make-directories --link --quiet\
+						--preserve-modification-time\
+						--unconditional --verbose --dot\
+						--dereference --owner=\
+						--no-preserve-owner --sparse --help\
+						--version' -- $cur ) )
+				else
+					_filedir -d
+				fi
+				;;
+		esac
+	fi
+}
+complete -F _cpio cpio
+}
+
+# id(1) completion
+#
+have id &&
+_id()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-a -g --group -G --groups -n --name\
+			-r --real -u --user --help --version' -- $cur ) )
+	else
+		COMPREPLY=( $( compgen -u $cur  ) )
+	fi
+} &&
+complete -F _id id
+
+# getent(1) completion
+#
+have getent &&
+_getent()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case $prev in
+		passwd)
+			COMPREPLY=( $( compgen -u $cur  ) )
+			return 0
+			;;
+		group)
+			COMPREPLY=( $( compgen -g $cur  ) )
+			return 0
+			;;
+		services)
+			COMPREPLY=( $( compgen -s $cur  ) )
+			return 0
+			;;
+		hosts)
+			COMPREPLY=( $( compgen -A hostname $cur  ) )
+			return 0
+			;;
+		protocols)
+			COMPREPLY=( $( getent protocols | awk '{print $1}' | grep "^$cur" ) )
+			return 0
+			;;
+		networks)
+			COMPREPLY=( $( getent networks | awk '{print $1}' | grep "^$cur" ) )
+			return 0
+			;;
+	esac
+
+
+	if [ $COMP_CWORD -eq 1 ]; then
+		COMPREPLY=( $( compgen -W 'passwd group hosts services protocols networks' -- $cur ) )
+	fi
+} &&
+complete -F _getent getent
+
+# ntpdate(1) completion
+#
+have ntpdate &&
+_ntpdate()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case $prev in
+		-k)
+			_filedir
+			return 0
+			;;
+		-U)
+			COMPREPLY=( $( compgen -u $cur  ) )
+			return 0
+			;;
+	esac
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-4 -6 -b -B -d -Q -q -s -u -v -a\
+			-e -k -p -o -r -t' -- $cur ) )
+	else
+		_known_hosts
+	fi
+} &&
+complete -F _ntpdate ntpdate
+
+# smartctl(8) completion
+#
+have smartctl && {
+_smartctl_quietmode()
+{
+	COMPREPLY=( $( compgen -W 'errorsonly silent' -- $cur ) )
+}
+_smartctl_device()
+{
+	COMPREPLY=( $( compgen -W 'ata scsi 3ware' -- $cur ) )
+}
+_smartctl_tolerance()
+{
+	COMPREPLY=( $( compgen -W 'warn exit ignore' -- $cur ) )
+}
+_smartctl_badsum()
+{
+	COMPREPLY=( $( compgen -W 'normal conservative permissive verypermissive' -- $cur ) )
+}
+_smartctl_report()
+{
+	COMPREPLY=( $( compgen -W 'ioctl ataioctl scsiioctl' -- $cur ) )
+}
+_smartctl_feature()
+{
+	COMPREPLY=( $( compgen -W 'on off' -- $cur ) )
+}
+_smartctl_log()
+{
+	COMPREPLY=( $( compgen -W 'error selftest selective directory' -- $cur ) )
+}
+_smartctl_vendorattribute()
+{
+	COMPREPLY=( $( compgen -W 'help 9,minutes 9,seconds 9,halfminutes \
+		9,temp 192,emergencyretractcyclect 193,loadunload \
+		194,10xCelsius 194,unknown 198,offlinescanuncsectorct \
+		200,writeerrorcount 201,detectedtacount 220,temp' -- $cur ) )
+}
+_smartctl_firmwarebug()
+{
+	COMPREPLY=( $( compgen -W 'none samsung samsung2' -- $cur ) )
+}
+_smartctl_presets()
+{
+	COMPREPLY=( $( compgen -W 'use ignore show showall' -- $cur ) )
+}
+_smartctl_test()
+{
+	COMPREPLY=( $( compgen -W 'offline short long conveyance select afterselect,on afterselect,off pending' -- $cur ) )
+}
+
+_smartctl()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	# --name value style option
+	case "$prev" in
+		-q)
+			_smartctl_quietmode
+			;;
+		-d)
+			_smartctl_device
+			return 0
+			;;
+		-t)
+			_smartctl_tolerance
+			return 0
+			;;
+		-b)
+			_smartctl_badsum
+			return 0
+			;;
+		-r)
+			_smartctl_report
+			return 0
+			;;
+		-s)
+			_smartctl_feature
+			return 0
+			;;
+		-o)
+			_smartctl_feature
+			return 0
+			;;
+		-S)
+			_smartctl_feature
+			return 0
+			;;
+		-l)
+			_smartctl_log
+			return 0
+			;;
+		-v)
+			_smartctl_vendorattribute
+			return 0
+			;;
+		-F)
+			_smartctl_firmwarebug
+			return 0
+			;;
+		-P)
+			_smartctl_presets
+			return 0
+			;;
+		-t)
+			_smartctl_test
+			return 0
+			;;
+	esac
+
+	# --name=value style option
+	if [[ "$cur" == *=* ]]; then
+		prev=${cur/=*/}
+		cur=${cur/*=/}
+		case "$prev" in
+			--quietmode)
+				_smartctl_quietmode
+				return 0
+				;;
+			--device)
+				_smartctl_device
+				return 0
+				;;
+			--tolerance)
+				_smartctl_tolerance
+				return 0
+				;;
+			--badsum)
+				_smartctl_badsum
+				return 0
+				;;
+			--report)
+				_smartctl_report
+				return 0
+				;;
+			--smart)
+				_smartctl_feature
+				return 0
+				;;
+			--offlineauto)
+				_smartctl_feature
+				return 0
+				;;
+			--saveauto)
+				_smartctl_feature
+				return 0
+				;;
+			--log)
+				_smartctl_log
+				return 0
+				;;
+			--vendorattribute)
+				_smartctl_vendorattribute
+				return 0
+				;;
+			--firmwarebug)
+				_smartctl_firmwarebug
+				return 0
+				;;
+			--presets)
+				_smartctl_presets
+				return 0
+				;;
+			--test)
+				_smartctl_test
+				return 0
+				;;
+		esac
+	fi
+
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-h --help --usage -V --version \
+			--copyright --license-i --info -a --all -q \
+			--quietmode= -d --device= -T --tolerance= -b --badsum= \
+			-r --report= -s --smart= -o --offlineauto= -S \
+			--saveauto= -H --health -c --capabilities -A \
+			--attributes -l --log= -v --vendorattribute= -F \
+			--firmwarebug= -P --presets= -t --test= -C \
+			--captive -X --abort' -- $cur ) )
+	else
+		cur=${cur:=/dev/}
+		_filedir
+	fi
+}
+complete -F _smartctl smartctl
+}
+
+# vncviewer(1) completion
+#
+have vncviewer &&
+_vncviewer()
+{
+	local cur prev
+	local -a config
+    
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case "$prev" in
+	-via)
+	   _known_hosts -a
+	   ;;
+	*)
+	   # ssh into the the server, find and ping the broadcast address, then
+	   # sort and show the results.
+	   COMPREPLY=( $( ssh -o 'Batchmode yes' $prev \
+			  "ping -bnc 4 255.255.255.255" 2>/dev/null | \
+			  awk -F ' ' '{print $4}' | \
+			  sort -n | uniq | egrep '[0-9]+\.[0-9]+\.' 2>/dev/null ) )
+	esac
+								   
+	return 0
+} &&
+complete -F _vncviewer vncviewer
+
+# sysctl(8) completion
+#
+have sysctl &&
+_sysctl()
+{
+	local cur
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	COMPREPLY=( $( compgen -W "$(sysctl -N -a 2>/dev/null)" -- $cur ) )
+
+	return 0
+} &&
+complete -F _sysctl sysctl
+
+# update-rc.d(8) completion
+#
+# Copyright (C) 2004 Servilio Afre Puentes <servilio@gmail.com>
+#
+have update-rc.d &&
+_update_rc_d()
+{
+    local cur prev sysvdir services options valid_options
+
+    cur=`_get_cword`
+    prev=${COMP_WORDS[COMP_CWORD-1]}
+
+    [ -d /etc/rc.d/init.d ] && sysvdir=/etc/rc.d/init.d \
+	|| sysvdir=/etc/init.d
+
+    services=( $(echo $sysvdir/!(README*|*.sh|*.dpkg*|*.rpm*)) )
+    services=( ${services[@]#$sysvdir/} )
+    options=( -f -n )
+
+    if [[ $COMP_CWORD -eq 1 || "$prev" == -* ]]; then
+	valid_options=( $( \
+	    echo "${COMP_WORDS[@]} ${options[@]}" \
+	    | tr " " "\n" \
+	    | sed -ne "/$( echo "${options[@]}" | sed "s/ /\\|/g" )/p" \
+	    | sort | uniq -u \
+	    ) )
+	COMPREPLY=( $( compgen -W '${options[@]} ${services[@]}' \
+	    -X '$( echo ${COMP_WORDS[@]} | tr " " "|" )' -- $cur ) )
+    elif [[ "$prev" == ?($( echo ${services[@]} | tr " " "|" )) ]]; then
+	COMPREPLY=( $( compgen -W 'remove defaults start stop' -- $cur ) )
+    elif [[ "$prev" == defaults && "$cur" == [0-9] ]]; then
+	COMPREPLY=( 0 1 2 3 4 5 6 7 8 9 )
+    elif [[ "$prev" == defaults && "$cur" == [sk]?([0-9]) ]]; then
+	COMPREPLY=( 0 1 2 3 4 5 6 7 8 9 )
+    elif [[ "$prev" == defaults && -z "$cur" ]]; then
+	COMPREPLY=( 0 1 2 3 4 5 6 7 8 9 s k )
+    elif [[ "$prev" == ?(start|stop) ]]; then
+	if [[ "$cur" == [0-9] || -z "$cur" ]]; then 
+	    COMPREPLY=( 0 1 2 3 4 5 6 7 8 9 )
+	elif [[ "$cur" == [0-9][0-9] ]]; then 
+	    COMPREPLY=( $cur )
+	else
+	    COMPREPLY=()
+	fi
+    elif [[ "$prev" == ?([0-9][0-9]|[0-6S]) ]]; then
+	if [[ -z "$cur" ]]; then
+	    if [[ $prev == [0-9][0-9] ]]; then
+		COMPREPLY=( 0 1 2 3 4 5 6 S )
+	    else
+		COMPREPLY=( 0 1 2 3 4 5 6 S . )
+	    fi
+	elif [[ "$cur" == [0-6S.] ]]; then 
+	    COMPREPLY=( $cur )
+	else
+	    COMPREPLY=()
+	fi
+    elif [[ "$prev" == "." ]]; then
+	COMPREPLY=( $(compgen -W "start stop" -- $cur) )
+    else
+	COMPREPLY=()
+    fi
+
+    return 0
+} &&
+complete -F _update_rc_d update-rc.d
+
+# invoke-rc.d(8) completion
+#
+# Copyright (C) 2004 Servilio Afre Puentes <servilio@gmail.com>
+#
+have invoke-rc.d &&
+_invoke_rc_d()
+{
+    local cur prev sysvdir services options valid_options
+
+    cur=`_get_cword`
+    prev=${COMP_WORDS[COMP_CWORD-1]}
+
+    [ -d /etc/rc.d/init.d ] && sysvdir=/etc/rc.d/init.d \
+	|| sysvdir=/etc/init.d
+
+    services=( $(echo $sysvdir/!(README*|*.sh|*.dpkg*|*.rpm*)) )
+    services=( ${services[@]#$sysvdir/} )
+    options=( --help --quiet --force --try-anyway --disclose-deny --query --no-fallback )
+
+    if [[ ($COMP_CWORD -eq 1) || ("$prev" == --* ) ]]; then
+	valid_options=( $( \
+	    echo ${COMP_WORDS[@]} ${options[@]} \
+	    | tr " " "\n" \
+	    | sed -ne "/$( echo ${options[@]} | sed "s/ /\\\\|/g" )/p" \
+	    | sort | uniq -u \
+	    ) )
+	COMPREPLY=( $( compgen -W '${valid_options[@]} ${services[@]}' -- \
+	    $cur ) )
+    elif [ -x $sysvdir/$prev ]; then
+	COMPREPLY=( $( compgen -W '`sed -ne "y/|/ /; \
+					    s/^.*Usage:[ ]*[^ ]*[ ]*{*\([^}\"]*\).*$/\1/p" \
+					    $sysvdir/$prev`' -- \
+	    $cur ) )
+    else
+	COMPREPLY=()
+    fi
+
+    return 0
+} &&
+complete -F _invoke_rc_d invoke-rc.d
+
+# minicom(1) completion
+#
+have minicom &&
+_minicom()
+{
+	local cur prev
+
+	COMPREPLY=()
+	cur=`_get_cword`
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+
+	case $prev in
+		-@(a|c))
+			COMPREPLY=( $( compgen -W 'on off' -- $cur ) )
+			return 0
+			;;
+		-@(S|C))
+			_filedir
+			return 0
+			;;
+		-P)
+			COMPREPLY=( $( command ls /dev/tty* ) )
+			COMPREPLY=( $( compgen -W '${COMPREPLY[@]} ${COMPREPLY[@]#/dev/}' -- $cur ) )
+			return 0
+			;;
+	esac
+
+
+	if [[ "$cur" == -* ]]; then
+		COMPREPLY=( $( compgen -W '-s -o -m -M -z -l -L -w -a -t \
+			-c -S -d -p -C -T -8' -- $cur ) )
+	else
+		COMPREPLY=( $( command ls /etc/minicom/minirc.* 2>/dev/null | sed -e 's|/etc/minicom/minirc.||' | grep "^$cur" ) )
+	fi
+} &&
+complete -F _minicom minicom
+
+# svn completion
+#
+have svn &&
+{
+_svn()
+{
+	local cur prev commands options command
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	commands='add blame praise annotate ann cat checkout co cleanup commit \
+		ci copy cp delete del remove rm diff di export help ? h import \
+		info list ls lock log merge mkdir move mv rename ren \
+		propdel pdel pd propedit pedit pe propget pget pg \
+		proplist plist pl propset pset ps resolved revert \
+		status stat st switch sw unlock update up'
+
+	if [[ $COMP_CWORD -eq 1 ]] ; then
+		if [[ "$cur" == -* ]]; then
+			COMPREPLY=( $( compgen -W '--version' -- $cur ) )
+		else
+			COMPREPLY=( $( compgen -W "$commands" -- $cur ) )
+		fi
+	else
+
+		prev=${COMP_WORDS[COMP_CWORD-1]}
+		case $prev in
+			--config-dir)
+				_filedir -d
+				return 0;
+				;;
+			-@(F|-file|-targets))
+				_filedir
+				return 0;
+				;;
+			--encoding)
+				COMPREPLY=( $( compgen -W \
+					'$( iconv --list | sed -e "s@//@@;" )' \
+					-- "$cur" ) )
+				return 0;
+				;;
+			--@(editor|diff|diff3)-cmd)
+				COMP_WORDS=(COMP_WORDS[0] $cur)
+				COMP_CWORD=1
+				_command
+				return 0;
+				;;
+		esac
+
+		command=${COMP_WORDS[1]}
+
+		if [[ "$cur" == -* ]]; then
+			# possible options for the command
+			case $command in
+				add)
+					options='--auto-props --no-auto-props \
+						--force --targets --no-ignore \
+						--non-recursive -N -q --quiet'
+					;;
+				@(blame|annotate|ann|praise))
+					options='-r --revisions --username \
+						--password --no-auth-cache \
+						--non-interactive -v \
+						--verbose --incremental --xml'
+					;;
+				cat)
+					options='-r --revision --username \
+						--password --no-auth-cache \
+						--non-interactive'
+					;;
+				@(checkout|co))
+					options='-r --revision -q --quiet -N \
+						--non-recursive --username \
+						--password --no-auth-cache \
+						--non-interactive \
+						--ignore-externals'
+					;;
+				cleanup)
+					options='--diff3-cmd'
+					;;
+				@(commit|ci))
+					options='-m --message -F --file \
+						--encoding --force-log -q \
+						--quiet --non-recursive -N \
+						--targets --editor-cmd \
+						--username --password \
+						--no-auth-cache \
+						--non-interactive --no-unlock'
+					;;
+				@(copy|cp))
+					options='-m --message -F --file \
+						--encoding --force-log -r \
+						--revision -q --quiet \
+						--editor-cmd -username \
+						--password --no-auth-cache \
+						--non-interactive'
+					;;
+				@(delete|del|remove|rm))
+					options='--force -m --message -F \
+						--file --encoding --force-log \
+						-q --quiet --targets \
+						--editor-cmd -username \
+						--password --no-auth-cache \
+						--non-interactive'
+					;;
+				@(diff|di))
+					options='-r --revision -x --extensions \
+						--diff-cmd --no-diff-deleted \
+						-N --non-recursive --username \
+						--password --no-auth-cache \
+						--non-interactive --force \
+						--old --new --notice-ancestry'
+					;;
+				export)
+					options='-r --revision -q --quiet \
+						--username --password \
+						--no-auth-cache \
+						--non-interactive -N \
+						--non-recursive --force \
+						--native-eol --ignore-externals'
+					;;
+				import)
+					options='--auto-props --no-auto-props \
+						-m --message -F --file \
+						--encoding --force-log -q \
+						--quiet --non-recursive \
+						--no-ignore --editor-cmd \
+						--username --password \
+						--no-auth-cache \
+						--non-interactive'
+					;; 
+				info)
+					options='--username --password \
+						--no-auth-cache \
+						--non-interactive -r \
+						--revision --xml --targets \
+						-R --recursive --incremental'
+					;;
+				@(list|ls))
+					options='-r --revision -v --verbose -R \
+						--recursive --username \
+						--password --no-auth-cache \
+						--non-interactive \
+						--incremental --xml'
+					;;
+				lock)
+					options='-m --message -F --file \
+						--encoding --force-log \
+						--targets --force --username \
+						--password --no-auth-cache \
+						--non-interactive'
+					;;
+				log)
+					options='-r --revision -v --verbose \
+						--targets --username \
+						--password --no-auth-cache \
+						--non-interactive \
+						--stop-on-copy --incremental \
+						--xml -q --quiet --limit'
+					;;
+				merge)
+					options='-r --revision -N \
+						--non-recursive -q --quiet \
+						--force --dry-run --diff3-cmd \
+						--username --password \
+						--no-auth-cache \
+						--non-interactive \
+						--ignore-ancestry'
+					;;
+				mkdir)
+					options='-m --message -F --file \
+						--encoding --force-log -q \
+						--quiet --editor-cmd \
+						--username --password \
+						--no-auth-cache \
+						--non-interactive'
+					;;
+				@(move|mv|rename|ren))
+					options='-m --message -F --file \
+						--encoding --force-log -r \
+						--revision -q --quiet \
+						--force --editor-cmd \
+						--username --password \
+						--no-auth-cache \
+						--non-interactive'
+					;;
+				@(propdel|pdel|pd))
+					options='-q --quiet -R --recursive -r \
+						--revision --revprop \
+						--username --password \
+						--no-auth-cache \
+						--non-interactive'
+					;;
+				@(propedit|pedit|pe))
+					options='-r --revision --revprop \
+						--encoding --editor-cmd \
+						--username --password \
+						--no-auth-cache \
+						--non-interactive --force'
+					;;
+				@(propget|pget|pg))
+					options='-R --recursive -r --revision \
+						--revprop --strict --username \
+						--password --no-auth-cache \
+						--non-interactive'
+					;;
+				@(proplist|plist|pl))
+					options='-v --verbose -R --recursive \
+						-r --revision --revprop -q \
+						--quiet --username --password \
+						--no-auth-cache \
+						--non-interactive'
+					;;
+				@(propset|pset|ps))
+					options='-F --file -q --quiet \
+						--targets -R --recursive \
+						--revprop --encoding \
+						--username --password \
+						--no-auth-cache \
+						--non-interactive -r \
+						--revision --force'
+					;;
+				resolved)
+					options='--targets -R --recursive -q \
+						--quiet'
+					;;
+				revert)
+					options='--targets -R --recursive -q \
+						--quiet'
+					;;
+				@(status|stat|st))
+					options='-u --show-updates -v \
+						--verbose -N --non-recursive \
+						-q --quiet --username \
+						--password --no-auth-cache \
+						--non-interactive --no-ignore \
+						--ignore-externals \
+						--incremental --xml'
+					;;
+				@(switch|sw))
+					options='--relocate -r --revision -N \
+						--non-recursive -q --quiet \
+						--username --password \
+						--no-auth-cache \
+						--non-interactive --diff3-cmd'
+					;;
+				unlock)
+					options='--targets --force --username \
+						--password --no-auth-cache \
+						--non-interactive'
+					;;
+				@(update|up))
+					options='-r --revision -N \
+						--non-recursive -q --quiet \
+						--username --password \
+						--no-auth-cache \
+						--non-interactive \
+						--diff3-cmd --ignore-externals'
+					;;
+			esac
+			options="$options --help -h --config-dir"
+
+			COMPREPLY=( $( compgen -W "$options" -- $cur ) )
+		else
+			if [[ "$command" == @(help|h|\?) ]]; then
+				COMPREPLY=( $( compgen -W "$commands" -- $cur ) )
+			else
+				_filedir
+			fi
+		fi
+	fi
+
+	return 0
+}
+complete -F _svn $default svn
+
+_svnadmin()
+{
+	local cur prev commands options mode
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	commands='create deltify dump help ? hotcopy list-dblogs \
+		list-unused-dblogs load lslocks lstxns recover rmlocks \
+		rmtxns setlog verify'
+
+	if [[ $COMP_CWORD -eq 1 ]] ; then
+		if [[ "$cur" == -* ]]; then
+			COMPREPLY=( $( compgen -W '--version' -- $cur ) )
+		else
+			COMPREPLY=( $( compgen -W "$commands" -- $cur ) )
+		fi
+	else
+		prev=${COMP_WORDS[COMP_CWORD-1]}
+		case $prev in
+			--config-dir)
+				_filedir -d
+				return 0;
+				;;
+			--fs-type)
+				COMPREPLY=( $( compgen -W 'fsfs bdb' -- $cur ) )
+				return 0;
+				;;
+		esac
+
+		command=${COMP_WORDS[1]}
+
+		if [[ "$cur" == -* ]]; then
+			# possible options for the command
+			case $command in
+				create)
+					options='--bdb-txn-nosync \
+						--bdb-log-keep --config-dir \
+						--fs-type'
+					;;
+				deltify)
+					options='-r --revision -q --quiet'
+					;;
+				dump)
+					options='-r --revision --incremental \
+						-q --quiet --deltas'
+					;;
+				hotcopy)
+					options='--clean-logs'
+					;;
+				load)
+					options='--ignore-uuid --force-uuid \
+						--parent-dir -q --quiet \
+						--use-pre-commit-hook \
+						--use-post-commit-hook'
+					;;
+				rmtxns)
+					options='-q --quiet'
+					;;
+				setlog)
+					options='-r --revision --bypass-hooks'
+					;;
+			esac
+
+			options="$options --help -h"
+			COMPREPLY=( $( compgen -W "$options" -- $cur ) )
+		else
+			if [[ "$command" == @(help|h|\?) ]]; then
+				COMPREPLY=( $( compgen -W "$commands" -- $cur ) )
+			else
+				_filedir
+			fi
+		fi
+	fi
+
+	return 0
+}
+complete -F _svnadmin $default svnadmin
+
+_svnlook()
+{
+	local cur prev commands options mode
+
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	commands='author cat changed date diff dirs-changed help ? h history \
+		info lock log propget pget pg proplist plist pl tree uuid \
+		youngest'
+
+	if [[ $COMP_CWORD -eq 1 ]] ; then
+		if [[ "$cur" == -* ]]; then
+			COMPREPLY=( $( compgen -W '--version' -- $cur ) )
+		else
+			COMPREPLY=( $( compgen -W "$commands" -- $cur ) )
+		fi
+	else
+		command=${COMP_WORDS[1]}
+
+		if [[ "$cur" == -* ]]; then
+			# possible options for the command
+			case $command in
+				@(author|cat|date|dirs-changed|info|log))
+					options='-r --revision -t \
+						--transaction'
+					;;
+				changed)
+					options='-r --revision -t \
+						--transaction --copy-info'
+					;;
+				diff)
+					options='-r --revision -t \
+						--transaction \
+						--no-diff-deleted \
+						--no-diff-added \
+						--diff-copy-from'
+					;;
+				history)
+					options='-r --revision --show-ids'
+					;;
+				prop@(get|list))
+					options='-r --revision -t \
+						--transaction --revprop'
+					;;
+				tree)
+					options='-r --revision -t \
+						--transaction --show-ids \
+						--full-paths'
+					;;
+			esac
+
+			options="$options --help -h"
+			COMPREPLY=( $( compgen -W "$options" -- $cur ) )
+		else
+			if [[ "$command" == @(help|h|\?) ]]; then
+				COMPREPLY=( $( compgen -W "$commands" -- $cur ) )
+			else
+				_filedir
+			fi
+		fi
+	fi
+
+	return 0
+}
+complete -F _svnlook $default svnlook
+}
+
+_filedir_xspec()
+{
+	local IFS cur xspec
+
+	IFS=$'\t\n'
+	COMPREPLY=()
+	cur=`_get_cword`
+
+	_expand || return 0
+
+	# get first exclusion compspec that matches this command
+	xspec=$( sed -ne $'/^complete .*[ \t]'${1##*/}$'\([ \t]\|$\)/{p;q;}' \
+		  $BASH_COMPLETION )
+	# prune to leave nothing but the -X spec
+	xspec=${xspec#*-X }
+	xspec=${xspec%% *}
+
+	local toks=( ) tmp
+
+	while read -r tmp; do
+		[[ -n $tmp ]] && toks[${#toks[@]}]=$tmp
+	done < <( compgen -d -- "$(quote_readline "$cur")" )
+
+	while read -r tmp; do
+		[[ -n $tmp ]] && toks[${#toks[@]}]=$tmp
+	done < <( eval compgen -f -X $xspec -- "\$(quote_readline "\$cur")" )
+
+	COMPREPLY=( "${toks[@]}" )
+}
+list=( $( sed -ne '/^# START exclude/,/^# FINISH exclude/p' \
+	  $BASH_COMPLETION | \
+	# read exclusion compspecs
+	(
+	while read line
+	do
+		# ignore compspecs that are commented out
+		if [ "${line#\#}" != "$line" ]; then continue; fi
+		line=${line%# START exclude*}
+		line=${line%# FINISH exclude*}
+		line=${line##*\'}
+		list=( "${list[@]}" $line )
+	done
+	echo "${list[@]}"
+	)
+     ) )
+# remove previous compspecs
+if [ ${#list[@]} -gt 0 ]; then
+    eval complete -r ${list[@]}
+    # install new compspecs
+    eval complete -F _filedir_xspec $filenames "${list[@]}"
+fi
+unset list
+
+# source completion directory definitions
+if [ -d $BASH_COMPLETION_DIR -a -r $BASH_COMPLETION_DIR -a \
+     -x $BASH_COMPLETION_DIR ]; then
+	for i in $BASH_COMPLETION_DIR/*; do
+		[[ ${i##*/} != @(*~|*.bak|*.swp|\#*\#|*.dpkg*|.rpm*) ]] &&
+			[ \( -f $i -o -h $i \) -a -r $i ] && . $i
+	done
+fi
+unset i
+
+# source user completion file
+[ $BASH_COMPLETION != ~/.bash_completion -a -r ~/.bash_completion ] \
+	&& . ~/.bash_completion
+unset -f have
+unset UNAME RELEASE default dirnames filenames have nospace bashdefault \
+      plusdirs
+
+set $BASH_COMPLETION_ORIGINAL_V_VALUE
+unset BASH_COMPLETION_ORIGINAL_V_VALUE
+
+###  Local Variables:
+###  mode: shell-script
+###  End:
diff --git a/usr/src/cmd/nsadmin/bash/bash_completion.d/dladm b/usr/src/cmd/nsadmin/bash/bash_completion.d/dladm
new file mode 100644
index 0000000000..179227b2a2
--- /dev/null
+++ b/usr/src/cmd/nsadmin/bash/bash_completion.d/dladm
@@ -0,0 +1,34 @@
+_dladm()
+{
+    local cur prev opts base
+    COMPREPLY=()
+    cur="${COMP_WORDS[COMP_CWORD]}"
+    prev="${COMP_WORDS[COMP_CWORD-1]}"
+
+    if [[ ${prev} == 'dladm' ]]; then
+        local cmds="rename-link show-link create-aggr delete-aggr add-aggr \
+            remove-aggr modify-aggr show-aggr scan-wifi connect-wifi \
+            disconnect-wifi show-wifi set-linkprop reset-linkprop \
+            show-linkprop show-ether create-secobj delete-secobj show-secobj \
+            create-vlan delete-vlan show-vlan create-iptun delete-iptun \
+            modify-iptun show-iptun delete-phys show-phys create-vnic \
+            delete-vnic show-vnic create-part delete-part show-part show-ib \
+            create-etherstub delete-etherstub show-etherstub create-bridge \
+            modify-bridge delete-bridge add-bridge remove-bridge show-bridge \
+            show-bridge show-usage"
+
+        COMPREPLY=( $(compgen -W "$cmds" -- ${cur}) )
+    # The -z takes a zone option, ignore everything else
+    elif [[ ${prev} =~ -.*z$ ]]; then
+        local zones=$(zoneadm list -c | grep -v '^global$')
+        COMPREPLY=( $(compgen -W "${zones}" -- ${cur}) )
+    elif [[ ${prev} =~ 'delete-vnic' ]]; then
+        local vnics=$(dladm show-vnic -p -o link)
+        COMPREPLY=( $(compgen -W "${vnics}" -- ${cur}) )
+    elif [[ ${prev} =~ 'delete-etherstub' ]]; then
+        local stubs=$(dladm show-etherstub -p)
+        COMPREPLY=( $(compgen -W "${stubs}" -- ${cur}) )
+    fi
+}
+
+complete -F _dladm dladm
diff --git a/usr/src/cmd/nsadmin/bash/bash_completion.d/machines b/usr/src/cmd/nsadmin/bash/bash_completion.d/machines
new file mode 100644
index 0000000000..05de1b75a4
--- /dev/null
+++ b/usr/src/cmd/nsadmin/bash/bash_completion.d/machines
@@ -0,0 +1,19 @@
+_machine()
+{
+    local cur prev opts base
+    COMPREPLY=()
+    cur="${COMP_WORDS[COMP_CWORD]}"
+    prev="${COMP_WORDS[COMP_CWORD-1]}"
+
+    if [[ ${prev} == 'machine-json' ]]; then
+        machines=$(zoneadm list -cp | grep -v ':global:' | cut -d':' -f2,5 | tr ':' '\n' | sort | uniq)
+        COMPREPLY=( $(compgen -W "${machines}" -- ${cur}) )
+    else
+        # Just expand files by default
+        COMPREPLY=( $(compgen -f -- ${cur}) )
+    fi
+
+    return 0
+}
+
+complete -F _machine machine-json
diff --git a/usr/src/cmd/nsadmin/bash/bash_completion.d/vms b/usr/src/cmd/nsadmin/bash/bash_completion.d/vms
new file mode 100644
index 0000000000..71bcac5994
--- /dev/null
+++ b/usr/src/cmd/nsadmin/bash/bash_completion.d/vms
@@ -0,0 +1,62 @@
+_vmadm()
+{
+    local cur prev opts base
+    COMPREPLY=()
+    cur="${COMP_WORDS[COMP_CWORD]}"
+    prev="${COMP_WORDS[COMP_CWORD-1]}"
+
+    up_patterns=$(printf " running *\$\n halting *\$\n")
+
+    if [[ ${prev} == 'vmadm' ]]; then
+        COMPREPLY=( $(compgen -W "boot destroy dump kill halt list reboot reset info nmi" -- ${cur}) )
+    else
+        case ${prev} in
+            boot)
+                local not_running=$(vmadm list -v | grep -v "^UUID" | \
+                    /usr/xpg4/bin/grep -v -e "${up_patterns}" | cut -d' ' -f1)
+                COMPREPLY=( $(compgen -W "${not_running}" -- ${cur}) )
+            ;;
+            info|kill)
+                local running=$(vmadm list -v | grep -v "^UUID" | \
+                    /usr/xpg4/bin/grep -e "${up_patterns}" | cut -d ' ' -f1)
+                COMPREPLY=( $(compgen -W "${running}" -- ${cur}) )
+            ;;
+            halt|reboot|reset|nmi|screenshot)
+                local running=$(vmadm list -v | grep -v "^UUID" | \
+                    grep " running *$" | cut -d ' ' -f1)
+                COMPREPLY=( $(compgen -W "${running}" -- ${cur}) )
+            ;;
+            dump|destroy)
+                local all=$(vmadm list)
+                COMPREPLY=( $(compgen -W "${all}" -- ${cur}) )
+            ;;
+            *)
+                # Just expand files by default
+                COMPREPLY=( $(compgen -f -- ${cur}) )
+            ;;
+        esac
+    fi
+
+    return 0
+}
+
+_vmcfg()
+{
+    local cur prev opts base
+    COMPREPLY=()
+    cur="${COMP_WORDS[COMP_CWORD]}"
+    prev="${COMP_WORDS[COMP_CWORD-1]}"
+
+    if [[ ${prev} == 'vmcfg' ]]; then
+        vms=$(vmadm list)
+        COMPREPLY=( $(compgen -W "${vms}" -- ${cur}) )
+    else
+        # Just expand files by default
+        COMPREPLY=( $(compgen -f -- ${cur}) )
+    fi
+
+    return 0
+}
+
+complete -F _vmadm vmadm
+complete -F _vmcfg vmcfg
diff --git a/usr/src/cmd/nsadmin/bash/bash_completion.d/zones b/usr/src/cmd/nsadmin/bash/bash_completion.d/zones
new file mode 100644
index 0000000000..2c68ba366e
--- /dev/null
+++ b/usr/src/cmd/nsadmin/bash/bash_completion.d/zones
@@ -0,0 +1,41 @@
+_zlogin()
+{
+    local cur prev opts base
+    COMPREPLY=()
+    cur="${COMP_WORDS[COMP_CWORD]}"
+    prev="${COMP_WORDS[COMP_CWORD-1]}"
+
+    # The -e and -l take non-zone arguments, otherwise complete zone
+    if [[ ${prev} != '-e' ]] && [[ ${prev} != '-l' ]]; then
+        local running=$(zoneadm list | grep -v '^global$')
+        COMPREPLY=( $(compgen -W "${running}" -- ${cur}) )
+    fi
+    return 0
+}
+
+_dash_z_zone()
+{
+    local cur prev opts base
+    COMPREPLY=()
+    cur="${COMP_WORDS[COMP_CWORD]}"
+    prev="${COMP_WORDS[COMP_CWORD-1]}"
+
+    # The -z takes a zone option, ignore everything else
+    if [[ ${prev} =~ -.*z$ ]]; then
+        local zones=$(zoneadm list -c | grep -v '^global$')
+        COMPREPLY=( $(compgen -W "${zones}" -- ${cur}) )
+    fi
+    return 0
+}
+
+complete -F _zlogin zlogin
+complete -F _dash_z_zone zoneadm
+complete -F _dash_z_zone zonecfg
+complete -F _dash_z_zone svcs
+complete -F _dash_z_zone svcadm
+complete -F _dash_z_zone svcprop
+complete -F _dash_z_zone pgrep
+complete -F _dash_z_zone pkill
+complete -F _dash_z_zone ps
+complete -F _dash_z_zone ptree
+complete -F _dash_z_zone wall
diff --git a/usr/src/cmd/nsadmin/bashrc.sh b/usr/src/cmd/nsadmin/bashrc.sh
deleted file mode 100644
index 938b0da67e..0000000000
--- a/usr/src/cmd/nsadmin/bashrc.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#
-# Define default prompt to <username>@<hostname>:<path><"($|#) ">
-# and print '#' for user "root" and '$' for normal users.
-#
-typeset +x PS1="\u@\h:\w\\$ "
diff --git a/usr/src/cmd/nsadmin/dot-bash_profile.sh b/usr/src/cmd/nsadmin/dot-bash_profile.sh
new file mode 100644
index 0000000000..dc732f6814
--- /dev/null
+++ b/usr/src/cmd/nsadmin/dot-bash_profile.sh
@@ -0,0 +1,12 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+#
+# Copyright (c) 2014, Joyent, Inc.
+#
+
+[ -f /root/.profile ] && source /root/.profile
+[ -f /root/.bashrc ] && source /root/.bashrc
diff --git a/usr/src/cmd/nsadmin/dot-bashrc.sh b/usr/src/cmd/nsadmin/dot-bashrc.sh
new file mode 100644
index 0000000000..0f06d70ece
--- /dev/null
+++ b/usr/src/cmd/nsadmin/dot-bashrc.sh
@@ -0,0 +1,57 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+#
+# Copyright (c) 2014, Joyent, Inc.
+#
+
+if [ "$PS1" ]; then
+    mt_tty=$(/usr/bin/tty 2>/dev/null)
+    if [[ $mt_tty =~ ^/dev/term/[abcd] ]]; then
+        # If we're on the serial console, we generally won't know how
+        # big our terminal is.  Attempt to ask it using control sequences
+        # and resize our pty accordingly.
+        mt_output=$(/usr/lib/measure_terminal 2>/dev/null)
+        if [[ $? -eq 0 ]]; then
+            eval "$mt_output"
+        else
+            # We could not read the size, but we should set a 'sane'
+            # default as the dimensions of the previous user's terminal
+            # persist on the tty device.
+            export LINES=25
+            export COLUMNS=80
+        fi
+        /usr/bin/stty rows ${LINES} columns ${COLUMNS} 2>/dev/null
+    fi
+    unset mt_output mt_tty
+    shopt -s checkwinsize
+    if [[ -f /.dcinfo ]]; then
+        . /.dcinfo
+        DC_NAME="${SDC_DATACENTER_NAME}"
+    fi
+    if [[ -n "${DC_NAME}" ]]; then
+       PS1="[\u@\h (${DC_NAME}) \w]\\$ "
+    else
+       PS1="[\u@\h \w]\\$ "
+    fi
+    alias ll='ls -lF'
+    alias ls='ls --color=auto'
+    [ -n "${SSH_CLIENT}" ] && export PROMPT_COMMAND='echo -ne "\033]0;${HOSTNAME} \007" && history -a'
+fi
+
+# Load bash completion
+[ -f /etc/bash/bash_completion ] && . /etc/bash/bash_completion
+
+svclog() {
+  if [[ -z "$PAGER" ]]; then
+    PAGER=less
+  fi
+  $PAGER `svcs -L $1`
+}
+
+svclogf() {
+  /usr/bin/tail -f `svcs -L $1`
+}
diff --git a/usr/src/cmd/nsadmin/dot-profile.sh b/usr/src/cmd/nsadmin/dot-profile.sh
index a45e47b58d..906d43bae5 100644
--- a/usr/src/cmd/nsadmin/dot-profile.sh
+++ b/usr/src/cmd/nsadmin/dot-profile.sh
@@ -1,14 +1,14 @@
 #
-# Uncommenting PATH below will place /usr/gnu/bin at front,
-# adds /usr/sbin and /sbin to the end.
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
 #
-# export PATH=/usr/gnu/bin:/usr/bin:/usr/sbin:/sbin
+
 #
-# Define default prompt to <username>@<hostname>:<path><"($|#) ">
-# and print '#' for user "root" and '$' for normal users.
+# Copyright (c) 2018, Joyent, Inc.
 #
-# override default prompt for bash
-# case "$0" in
-# -bash)
-#	export PS1="\u@\h:\w\\$ "
-# esac
+
+PATH=/usr/bin:/usr/sbin:/smartdc/bin:/opt/smartdc/bin:/opt/local/bin:/opt/local/sbin:/opt/tools/bin:/opt/tools/sbin:/opt/smartdc/agents/bin
+MANPATH=/usr/share/man:/smartdc/man:/opt/smartdc/man:/opt/local/man:/opt/tools/man
+PAGER=less
+export PATH MANPATH PAGER
diff --git a/usr/src/cmd/nsadmin/etc-profile.sh b/usr/src/cmd/nsadmin/etc-profile.sh
index 035e8a3025..b59a80791b 100644
--- a/usr/src/cmd/nsadmin/etc-profile.sh
+++ b/usr/src/cmd/nsadmin/etc-profile.sh
@@ -21,6 +21,7 @@
 # Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 # Copyright 2015 Nexenta Systems, Inc. All rights reserved.
+#
 
 # The profile that all logins get before using their own .profile.
 
@@ -37,29 +38,14 @@ then
 	export TERM
 fi
 
-#
-# use less(1) as the default pager for the man(1) command.
-#
-PAGER="/usr/bin/less -ins"
-export PAGER
-
 #	Login and -su shells get /etc/profile services.
 #	-rsh is given its environment in its .profile.
 
 case "$0" in
--bash)
-	# set prompt for bash
-	PS1="\u@\h:\w\\$ "
-	export PS1
-	;;
-esac
-
-case "$0" in
 -sh | -ksh | -ksh93 | -jsh | -bash | -zsh)
 
 	if [ ! -f .hushlogin ]
 	then
-		/usr/sbin/quota
 		#	Allow the user to break the Message-Of-The-Day only.
 		trap "trap '' 2"  2
 		/bin/cat -s /etc/motd
@@ -67,12 +53,12 @@ case "$0" in
 
 		/bin/mail -E
 		case $? in
-		0)
+		0) 
 			echo "You have new mail."
-			;;
-		2)
+		  	;;
+		2) 
 			echo "You have mail."
-			;;
+		   	;;
 		esac
 	fi
 esac
diff --git a/usr/src/cmd/nsadmin/etc-skel-bashrc.sh b/usr/src/cmd/nsadmin/etc-skel-bashrc.sh
new file mode 100644
index 0000000000..128f6b79d7
--- /dev/null
+++ b/usr/src/cmd/nsadmin/etc-skel-bashrc.sh
@@ -0,0 +1,7 @@
+#
+# Define default prompt to <username>@<hostname>:<path><"($|#) ">
+# and print '#' for user "root" and '$' for normal users.
+#
+PS1='${LOGNAME}@$(/usr/bin/hostname):$(
+    [[ "${LOGNAME}" == "root" ]] && printf "%s" "${PWD/${HOME}/~}# " ||
+    printf "%s" "${PWD/${HOME}/~}\$ ")'
diff --git a/usr/src/cmd/nsadmin/system b/usr/src/cmd/nsadmin/system
index 29da0b787c..905594de8a 100644
--- a/usr/src/cmd/nsadmin/system
+++ b/usr/src/cmd/nsadmin/system
@@ -23,6 +23,7 @@
 * SYSTEM SPECIFICATION FILE
 *
 
+*
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! NOTE !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 *
 * It is not recommended to edit this file directly but rather
@@ -34,6 +35,10 @@
 * recommendations on naming fragment files.
 *
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! NOTE !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+*
+* As SmartOS ships with /etc/ off a ramdisk, we don't support using the
+* /etc/system.d mechanism.
+*
 
 * moddir:
 *
@@ -108,3 +113,66 @@
 *
 *		set test_module:debug = 0x13
 
+set ibft_noprobe=1
+
+set noexec_user_stack=1
+set noexec_user_stack_log=1
+set rlim_fd_cur=65536
+
+* Ensure that c-states are disabled
+set idle_cpu_no_deep_c=1
+
+* 10 GbE Tuning
+set ip:ip_squeue_fanout=1
+
+*
+* Machines should take a crash dump and reboot when receiving an NMI
+*
+set pcplusmp:apic_panic_on_nmi=1
+set apix:apic_panic_on_nmi=1
+
+*
+* Don't use multi-threaded fast crash dump or a high compression level
+*
+set dump_plat_mincpu=0
+set dump_bzip2_level=1
+
+*
+* See OS-1361 for dealing with the timer woes.
+*
+set pcplusmp:apic_timer_preferred_mode=0
+set apix:apic_timer_preferred_mode=0
+
+*
+* Want additional crash dump metrics
+*
+set dump_metrics_on=1
+
+*
+* The traditional (and essentially entirely brain dead) cfgadm(1M)-centric
+* model of hotpluggin' appears to be basically unnecessary.  This tunable
+* enables the system to create device nodes for newly inserted devices
+* automatically.  See: usr/src/uts/common/io/sata/impl/sata.c:97
+*
+set sata:sata_auto_online=1
+
+*
+* We want to limit the time spent in any one I/O to 10 seconds for targets
+* that are not optical.  This is still a very long time; our queue depth is
+* typically 10 or less, and disks will usually fail a command after 2-3s.
+* So we'd have to have multiple reads of bad sectors queued up to have any
+* chance of timing out.  In practice, timeouts occur because of problems with
+* disk controllers or firmware, not media errors, and in those cases it will
+* not help at all to wait longer.
+*
+set sd:sd_io_time=10
+
+* Use hires tick to improve some scheduling latency issues
+set hires_tick=1
+
+*
+* The "buildstamp" module contains information about the git sources used to
+* build the operating system image.  Once loaded, the driver will refuse to
+* detach.  We load it early to ensure it is in a crash dump wherever possible.
+*
+forceload: drv/buildstamp
diff --git a/usr/src/cmd/nsadmin/zshrc b/usr/src/cmd/nsadmin/zshrc
new file mode 100644
index 0000000000..1e9c83e57f
--- /dev/null
+++ b/usr/src/cmd/nsadmin/zshrc
@@ -0,0 +1,31 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# ident	"@(#)zshrc	1.1	10/02/08 SMI"
+#
+
+# Turn on the "new" completion system.  See zshcompsys(1).
+autoload -Uz compinit
+compinit -i
diff --git a/usr/src/cmd/svc/milestone/Makefile b/usr/src/cmd/svc/milestone/Makefile
index 901727dc9f..576576ba2e 100644
--- a/usr/src/cmd/svc/milestone/Makefile
+++ b/usr/src/cmd/svc/milestone/Makefile
@@ -21,6 +21,8 @@
 #
 # Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
 #
+# Copyright 2019 Joyent, Inc.
+#
 
 include ../../Makefile.cmd
 
@@ -30,6 +32,7 @@ BUILTXML= \
 	console-login.xml
 
 FSSVCS= \
+	joyent-fs.xml \
 	local-fs.xml \
 	minimal-fs.xml \
 	root-fs.xml \
@@ -38,6 +41,7 @@ FSSVCS= \
 FSMANIFESTS= $(FSSVCS:%=$(ROOTSVCSYSTEMFILESYSTEM)/%)
 
 NETSVCS= \
+	network-early-admin.xml \
 	network-initial.xml \
 	network-install.xml \
 	network-iptun.xml \
@@ -75,8 +79,12 @@ SYSTEMSVCS= \
 	early-manifest-import.xml \
 	identity.xml \
 	manifest-import.xml \
+	mdata.xml \
 	process-security.xml \
 	rmtmpfiles.xml	\
+	smartdc-config.xml \
+	smartdc-init.xml \
+	smartdc-ur.xml \
 	vtdaemon.xml
 
 SYSTEMMANIFESTS = $(SYSTEMSVCS:%=$(ROOTSVCSYSTEM)/%)
@@ -103,6 +111,7 @@ SVCMETHOD=\
 	console-login \
 	devices-audio \
 	devices-local \
+	fs-joyent \
 	fs-local \
 	fs-minimal \
 	fs-root \
@@ -110,6 +119,9 @@ SVCMETHOD=\
 	identity-domain \
 	identity-node \
 	manifest-import \
+	mdata-execute \
+	mdata-fetch \
+	net-early-admin \
 	net-loc \
 	net-loopback \
 	net-init \
@@ -122,6 +134,11 @@ SVCMETHOD=\
 	net-routing-setup \
 	net-svc \
 	rmtmpfiles \
+	smartdc-config \
+	smartdc-init \
+	smartdc-ur \
+	sysidtool-net \
+	sysidtool-system \
 	vtdaemon
 
 $(ROOTSVCMETHOD) := FILEMODE = 0555
@@ -161,4 +178,4 @@ $(ROOTSVCSYSTEM)/svc/%: %
 $(ROOT)/lib/svc/share/%: %.share
 	$(INS.rename)
 
-clean lint _msg:
+clean _msg:
diff --git a/usr/src/cmd/svc/milestone/console-login b/usr/src/cmd/svc/milestone/console-login
index c7003b103b..8ddaaf29ac 100644
--- a/usr/src/cmd/svc/milestone/console-login
+++ b/usr/src/cmd/svc/milestone/console-login
@@ -23,6 +23,7 @@
 #
 # Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
+# Copyright 2015 Joyent, Inc.
 #
 # This method script manages all vt logins including system
 # console login.
@@ -38,18 +39,29 @@
 
 . /lib/svc/share/smf_include.sh
 
-if [ "$1" != "default" ]; then
-	if smf_dont_configure_vt; then
-		/usr/sbin/svcadm disable $SMF_FMRI
-		exit $SMF_EXIT_OK
-	fi
-fi
-
 getproparg() {
 	val=`svcprop -p $2 $SMF_FMRI`
 	[ -n "$val" ] && [ "$val" != "\"\"" ] && echo $1 $val
 }
 
+# The service configuration invokes this script with "%i", the name of the
+# instance, as the first argument.
+instance="$1"
+if [ -z "$instance" ]; then
+	exit $SMF_EXIT_ERR_CONFIG
+fi
+
+case "$instance" in
+vt*)
+	# This instance is for one of the virtual terminal devices.  Check to
+	# see if the vt subsystem is initialised:
+	if smf_dont_configure_vt; then
+		/usr/sbin/svcadm disable "$SMF_FMRI"
+		exit $SMF_EXIT_OK
+	fi
+	;;
+esac
+
 args="-g"
 
 val=`svcprop -p ttymon/device $SMF_FMRI`
@@ -61,6 +73,20 @@ if [ "$val" = "/dev/vt/1" ]; then
 	exit $SMF_EXIT_ERR_CONFIG
 fi
 
+# In SmartOS we use ttyb for metadata so we set to a non-existent device here
+# to disable the service and exit.
+if [[ ${val} == "/dev/term/b" && \
+    $(sysinfo | json "Product") == "SmartDC HVM" ]]; then
+
+    val=/dev/do_not_use_ttyb_in_a_vm
+fi
+
+if [[ ! -e $val ]]; then
+    # This device doesn't exist, can't run a tty on it.
+    /usr/sbin/svcadm disable $SMF_FMRI
+    exit $SMF_EXIT_OK
+fi
+
 args="$args -d $val"
 
 args="$args `getproparg -l ttymon/label`"
diff --git a/usr/src/cmd/svc/milestone/fs-joyent b/usr/src/cmd/svc/milestone/fs-joyent
new file mode 100755
index 0000000000..9082f22e46
--- /dev/null
+++ b/usr/src/cmd/svc/milestone/fs-joyent
@@ -0,0 +1,288 @@
+#!/bin/bash
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2018, Joyent, Inc.
+#
+
+set -o xtrace
+
+fatal()
+{
+    echo "Error: $1"
+    exit $SMF_EXIT_ERR_FATAL
+}
+
+. /lib/svc/share/smf_include.sh
+. /lib/svc/share/fs_include.sh
+. /lib/sdc/usb-key.sh
+
+# first of all, if we aren't the global zone this doesn't make any sense to run
+
+smf_is_globalzone || exit $SMF_EXIT_OK
+
+# We need the links to /dev/dsk. Rather than trying to play games with manually
+# invoking syseventd ask devfsadm to do some work.
+/usr/sbin/devfsadm -c disk
+
+function destroy_zpools
+{
+    for pool in $(zpool list -p -o name | grep -v NAME) ; do
+        zpool destroy -f ${pool}
+    done
+}
+
+function mount_zfs
+{
+    local dataset=$1
+    local mountpoint=$2
+    local output=
+
+    #
+    # Try to mount the ZFS dataset.  If the mountpoint is busy, wait five
+    # seconds and try again.  Fail if the mount attempt returns EBUSY three
+    # consecutive times.
+    #
+    for i in {1..3}; do
+        output=$(mount -F zfs ${dataset} ${mountpoint} 2>&1)
+        if [[ $? -eq 0 ]]; then
+            break
+        fi
+
+        if [ "${output}" == "mount failed: Device busy" ]; then
+            sleep 5
+        else
+            echo ${output} 1>&2
+            return
+        fi
+    done
+
+    # The mount attempt must have failed
+    echo ${output} 1>&2
+}
+
+/bin/bootparams | grep "^noimport=true" >/dev/null
+if [ $? -ne 0 ]; then
+    # If the zpool doesn't exist, then there's nothing to mount.
+
+    # Assume the system zpool is zones, but if a different system pool
+    # identifies itself (by virtue of the .system_pool file being present in the
+    # pool's root dataset), then use that system pool instead.
+    SYS_ZPOOL=zones
+
+    # Import specified zpools, or all zpools available
+    pools=$(/bin/bootparams | egrep "^zpools?=" | cut -d= -f2 | tr , ' ')
+    if [ -z ${pools} ]; then
+         pools=$(zpool import | grep "pool:" | awk '{print $2}')
+    fi
+
+    for pool in $pools; do
+        zpool import -f $pool
+	# Due to early, failed attempts to support the filesystem_limits
+	# feature we now need to ensure the dependent feature is enabled.
+	zpool set feature@extensible_dataset=enabled $pool
+        if [[ -f /$pool/.system_pool ]]; then
+            SYS_ZPOOL=$pool
+        fi
+    done
+
+    svccfg -s svc:/system/smartdc/init setprop \
+        config/zpool=${SYS_ZPOOL}
+    svccfg -s svc:/system/smartdc/init:default refresh
+
+    # If the destroy_zpools boot parameter is set, destroy all zpools
+    /bin/bootparams | grep "^destroy_zpools=true" >/dev/null
+    if [ $? -eq 0 ]; then
+        destroy_zpools
+    fi
+
+    # A machine is reset to its original unsetup state (i.e. a 'factory reset')
+    # when the smartdc:factoryreset ZFS user property is set on the var dataset.
+    reset=$(zfs get -H -o value smartdc:factoryreset ${SYS_ZPOOL}/var)
+    if [ "${reset}" == "yes" ]; then
+        destroy_zpools
+    fi
+
+    # Capture the zpool's status output in the method's log file for
+    # troubleshooting.
+    #
+    # Note: It is critical that we do not run 'status -v'. If there are errors
+    # in the zpool error log and the zpool is large (e.g. > 200TB), then the
+    # lookup for the error file names can take a very long time (several hours).
+    # This would block the system boot until it completed.
+    zpool status ${SYS_ZPOOL}
+    if [ $? -eq 0 ]; then
+
+        # Stash the SUNWdefault.xml file so we can update the
+        # persistent version after mounting zones/config.
+        cp /etc/zones/SUNWdefault.xml /tmp/
+
+        # Mount and configure all system datasets
+        mount_zfs ${SYS_ZPOOL}/var /var
+        mount_zfs ${SYS_ZPOOL}/config /etc/zones
+        mount_zfs ${SYS_ZPOOL}/opt /opt
+
+        # Update the the persistent SUNWdefault.xml file to match the
+        # contents on ramdisk now that zones/config is mounted.
+        cp /tmp/SUNWdefault.xml /etc/zones/
+        rm -f /tmp/SUNWdefault.xml
+
+        #
+        # We include a manifest of all files shipped in the platform image,
+        # along with an MD5 hash of their contents.  This was originally
+        # shipped as "/var/log/manifest", but once a machine is set up, "/var"
+        # now comes from the pool.  The upshot of this is that every SmartOS
+        # machine has the manifest from the platform at setup time stored in
+        # "/var/log/manifest".  Now that the manifest has moved to an
+        # accessible location, we should remove this file and replace it with a
+        # symbolic link.
+        #
+        if [[ -f '/var/log/manifest' && ! -L '/var/log/manifest' &&
+            ! -e '/var/log/manifest.original' ]]; then
+                mv '/var/log/manifest' '/var/log/manifest.original'
+                ln -s '../../usr/share/smartos/manifest' '/var/log/manifest'
+        fi
+
+        if [[ -z $(/bin/bootparams | grep '^smartos=true') ]]; then
+            mkdir -p /opt/smartdc/agents/smf
+            mount -O -F lofs /var/svc/manifest/site /opt/smartdc/agents/smf
+        fi
+
+        if [[ -n $(/bin/bootparams | grep '^headnode=true') || \
+            -n $(/bin/bootparams | grep '^smartos=true') ]]; then
+            mkdir /usbkey
+            mount_zfs ${SYS_ZPOOL}/usbkey /usbkey
+        fi
+
+        if [[ -n $(/bin/bootparams | grep '^smartos=true') ]]; then
+            mount -F lofs /usbkey/shadow /etc/shadow
+            mount -F lofs /usbkey/ssh /etc/ssh
+        fi
+
+        swap -a /dev/zvol/dsk/${SYS_ZPOOL}/swap || \
+            fatal "failed to configure swap device"
+
+        #
+        # Configure the dump device on top of a ZFS volume.  In addition to the
+        # usual dumpadm(1m) call, there are two prerequisites for using this
+        # volume as a dump device: (1) that zvol must be using the noparity
+        # checksum algorithem, and (2) the MULTI_VDEV_CRASH_DUMP ZFS feature
+        # must be enabled.  Prerequisite (1) is necessary since the exact
+        # on-disk value for ZIO_CHECKSUM_NOPARITY has changed, so to avoid a
+        # flag day on all systems, this service just sets that property again
+        # every time.
+        #
+        zfs set checksum=noparity ${SYS_ZPOOL}/dump || \
+            fatal "failed to set checksum=noparity on dump zvol"
+        zpool set feature@multi_vdev_crash_dump=enabled ${SYS_ZPOOL} || \
+            fatal "failed to enable multi_vdev_crash_dump ZFS feature"
+        dumpadm -y -d /dev/zvol/dsk/${SYS_ZPOOL}/dump || \
+            fatal "failed to configure dump device"
+
+        zfs list -H -o name ${SYS_ZPOOL}/cores/global >/dev/null 2>&1
+        if [ $? -ne 0 ]; then
+            # Booting for the first time on a CN whose cores dataset is setup
+            # in the 6.x style.  Convert to the new style.
+            zfs destroy -r ${SYS_ZPOOL}/cores
+            zfs create -o compression=gzip -o mountpoint=none ${SYS_ZPOOL}/cores
+            zfs create -o quota=10g -o mountpoint=/${SYS_ZPOOL}/global/cores \
+                ${SYS_ZPOOL}/cores/global
+        fi
+
+        ln -s /${SYS_ZPOOL}/global/cores /cores
+
+        [[ -f /${SYS_ZPOOL}/currbooted ]] && \
+            mv /${SYS_ZPOOL}/currbooted /${SYS_ZPOOL}/lastbooted
+        uname -v >/${SYS_ZPOOL}/currbooted
+    fi
+fi
+
+
+# The rest only applies to the headnode
+/bin/bootparams | grep "^headnode=true" >/dev/null || exit $SMF_EXIT_OK
+
+# If we rebooted during an upgrade, we're in deep trouble.
+if [ -d /var/upgrade_in_progress ]; then
+    echo "ERROR: An upgrade was in progress when the system rebooted." \
+        >/dev/console
+    echo "       The system is in an indeterminate state, unable to continue." \
+        >/dev/console
+    exit $SMF_EXIT_ERR_FATAL
+fi
+
+COPYINPOINT=`svcprop -p "joyentfs/usb_copy_path" ${SMF_FMRI}`
+DEBUG=`svcprop -p "joyentfs/debug" ${SMF_FMRI}`
+
+if [[ -d /mnt ]]; then
+    chown root:root /mnt
+    chmod 700 /mnt
+else
+    mkdir -m 700 /mnt
+fi
+
+function make_usb_copy_if_possible
+{
+    [[ -n "${SYS_ZPOOL}" ]] || fatal "don't know system zpool name"
+
+    zpool list -Ho name | grep "^${SYS_ZPOOL}\$"
+    if [[ $? != 0 ]]; then
+        echo "skipping USB copy setup: no ${SYS_ZPOOL} zpool" >/dev/console
+        # Still return OK, because this is the expected case for first headnode
+        # boot.
+        return 0
+    fi
+
+    USBDATASET=${SYS_ZPOOL}/usbkey
+    if ! zfs list -Ho name | grep "^${USBDATASET}\$" >/dev/null; then
+        echo "skipping USB copy setup: no zones/usbkey dataset" >/dev/console
+        # Still return OK, because as of HEAD-2343 a CN being converted to a HN
+        # will not yet have this dataset on its first boot as an HN.
+        return 0
+    fi
+
+    echo "" > /dev/console
+    echo "Moving files from USB boot device onto disk storage." > /dev/console
+    echo "This may take several minutes. Please note the time..." > /dev/console
+    echo "" > /dev/console
+    echo "" > /dev/console
+
+    mkdir ${COPYINPOINT}
+    mount_zfs ${USBDATASET} ${COPYINPOINT}
+
+    (cd ${USBMOUNTPOINT}; rsync -av --log-file=/dev/console --exclude private --exclude os * ${COPYINPOINT})
+    if [[ -d ${USBMOUNTPOINT}/os ]]; then
+        (cd ${USBMOUNTPOINT}/os ; \
+            for dir in $(ls -d *); do
+                # source comes from pcfs which we've got lowering the case
+                # of everything, but we normally use capital T and Z for
+                # buildstamp, so fix it here.
+                source_dir=${dir}
+                target_dir=$(echo ${dir} | tr "[:lower:]" "[:upper:]")
+                mkdir -p ${COPYINPOINT}/os
+                echo "Copying: ${source_dir}/ ${COPYINPOINT}/os/${target_dir}" > /dev/console
+                rsync -a ${source_dir}/ ${COPYINPOINT}/os/${target_dir}
+            done
+        )
+    fi
+
+    echo "" > /dev/console
+    echo "Done copying files from USB device" > /dev/console
+    return 0
+}
+
+USBMOUNTPOINT=$(mount_usb_key "")
+if [[ $? -ne 0 ]]; then
+    fatal "couldn't mount USB key"
+fi
+
+make_usb_copy_if_possible
+exit $?
diff --git a/usr/src/cmd/svc/milestone/fs-root b/usr/src/cmd/svc/milestone/fs-root
index 9652eaaf94..f9de44c831 100644
--- a/usr/src/cmd/svc/milestone/fs-root
+++ b/usr/src/cmd/svc/milestone/fs-root
@@ -22,6 +22,7 @@
 #
 # Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
 # Copyright 2015 Nexenta Systems, Inc. All rights reserved.
+# Copyright 2016 Joyent, Inc.
 #
 
 # Make sure that the libraries essential to this stage of booting can be found.
@@ -64,92 +65,27 @@ if smf_is_nonglobalzone; then
 	exit $SMF_EXIT_OK
 fi
 
-#
-# Root is already mounted (by the kernel), but still needs to be
-# checked, possibly remounted and entered into mnttab.  First
-# mount /usr if it is a separate file system.  If the file system
-# type is something other than zfs, mount it read-only.  This must
-# be done first to allow utilities such as fsck and setmnt to
-# reside on /usr minimizing the space required by the root file
-# system.
-#
-readvfstab "/usr" < $vfstab
-if [ -n "$mountp" ]; then
-	if [ "$fstype" = zfs ]; then
-		mountfs - /usr $fstype $mntopts - || exit $SMF_EXIT_ERR_FATAL
-	else
-		#
-		# Must use -o largefiles here to ensure the
-		# read-only mount does not fail as a result of
-		# having a large file present on /usr. This gives
-		# fsck a chance to fix up the largefiles flag
-		# before we remount /usr read-write.
-		#
-		if [ "x$mntopts" = x- ]; then
-			mntopts='ro,largefiles'
-		else
-			checkopt largefiles $mntopts
-			if [ "x$option" != xlargefiles ]; then
-				mntopts="largefiles,$mntopts"
-			fi
-
-			checkopt ro $mntopts
-			if [ "x$option" != xro ]; then
-				mntopts="ro,$mntopts"
-			fi
-
-			#
-			# Requesting logging on a read-only mount
-			# causes errors to be displayed, so remove
-			# "logging" from the list of options for now.
-			# The read-write mount performed later will
-			# specify the logging option if appropriate.
-			#
-
-			checkopt logging $mntopts
-			if [ "x$option" = xlogging ]; then
-				mntopts="$otherops"
-			fi
-		fi
-
-		mountfs -O /usr $fstype $mntopts - || exit $SMF_EXIT_ERR_FATAL
-	fi
-fi
+/sbin/mount -F ufs -o remount,rw,nologging /devices/ramdisk:a /
+/usr/sbin/lofiadm -X -a /usr.lgz
 
 #
-# if we are booted from zfs, the /usr mount probably won't be a
-# legacy mount.  Use the standard zfs mount command instead.
-
-readmnttab "/" < /etc/mnttab
-if [ "$fstype" = zfs ]; then
-	mountp=`/sbin/zfs get -H -o value mountpoint $special/usr 2>/dev/null`
-	#
-	# if mountp = /usr, there is a non-legacy mount of /usr
-	# in the boot environment being booted.
-	#
-	if [ "x$mountp" = "x/usr" ] ; then
-		/sbin/zfs mount $special/usr
-		if [ $? != 0 ] ; then
-				msg='zfs-mount failed'
-				echo $msg
-				echo "$SMF_FMRI:" $msg >/dev/msglog
-		 	exit $SMF_EXIT_ERR_FATAL
-		fi
+# Prior to mounting /usr, devfsadm is not yet available.  As such, we must
+# locate the lofi block device node in /devices rather than in /dev.  This
+# path has changed over time so we try both the old (pre-partition support)
+# and new paths.
+#
+lofi_devices_path='/devices/pseudo/lofi@1:disk'
+if [ ! -b "$lofi_devices_path" ]; then
+	lofi_devices_path='/devices/pseudo/lofi@0:1'
+	if [ ! -b "$lofi_devices_path" ]; then
+		echo 'could not locate lofi block device in /devices' >&2
+		exit $SMF_EXIT_ERR_FATAL
 	fi
 fi
 
-#
-# Also mount /boot now so that things like keymap.sh can access
-# boot properties through eeprom.  Readonly isn't required because
-# /boot (and other pcfs filesystems) aren't fsck'ed at boot yet.
-# Also, we don't account for caching /boot as it must be on a local
-# disk.  So what's in vfstab is fine as it stands; just look to see
-# if it's there and avoid the mount if not.
-#
-readvfstab "/boot" < $vfstab
-
-if [ -n "$mountp" ]; then
-	mountfs - /boot $fstype $mntopts - || exit $SMF_EXIT_ERR_FATAL
+if ! /sbin/mount -F ufs -o ro "$lofi_devices_path" /usr; then
+	echo "could not mount /usr from $lofi_devices_path" >&2
+	exit $SMF_EXIT_ERR_FATAL
 fi
 
 #
diff --git a/usr/src/cmd/svc/milestone/fs-usr b/usr/src/cmd/svc/milestone/fs-usr
index b80e95c1f7..3caac452a3 100644
--- a/usr/src/cmd/svc/milestone/fs-usr
+++ b/usr/src/cmd/svc/milestone/fs-usr
@@ -19,163 +19,22 @@
 #
 # CDDL HEADER END
 #
-
 #
 # Copyright (c) 1989, 2010, Oracle and/or its affiliates. All rights reserved.
 # Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T.
 # All rights reserved.
 # Copyright 2016 Nexenta Systems, Inc.
+# Copyright 2012, Joyent, Inc. All rights reserved.
 #
-
 . /lib/svc/share/smf_include.sh
-. /lib/svc/share/fs_include.sh
-
-UPDATEFILE=/etc/svc/volatile/boot_archive_needs_update
-
-#
-# Once root is read/write we can enable the dedicated dumpdevice if it exists
-# locally. This is an optimization as svc-dumpadm will attempt do this later.
-#
-dump_setup()
-{
-	[ -r /etc/dumpadm.conf ] && . /etc/dumpadm.conf
-
-	readswapdev $DUMPADM_DEVICE < $vfstab
-
-	#
-	# Make sure that the dump save area has been configured before
-	# proceeding. If the variable has not been defined or does not exist
-	# then bail out early. This will prevent us from configuring a
-	# dump save area before a hostname has been configured (i.e after
-	# sys-unconfig has been invoked).
-	#
-	[ -z "$DUMPADM_SAVDIR" ] && return
-
-	#
-	# If we have a dedicated dump device, then go ahead and configure it.
-	# 
-	if [ "x$special" != "x$DUMPADM_DEVICE" ]; then
-		if [ -x /usr/sbin/dumpadm -a -b $DUMPADM_DEVICE ]; then
-			/usr/sbin/dumpadm -u || exit $SMF_EXIT_ERR_CONFIG
-		fi
-	fi
-}
-
-#
-# Write a unique id into this kernel image; this will be included
-# in the dump header and panicbuf of any crashdump of this image.
-#
-if [ -x /usr/sbin/dumpadm ]; then
-	/usr/sbin/dumpadm -i
-fi
-
-rootiszfs=0
-# get the fstype of root
-readmnttab / </etc/mnttab
-if [ "$fstype" = zfs ] ; then
-	rootiszfs=1
-	dump_setup
-fi
-
-#
-# Add physical swap.
-#
-/sbin/swapadd -1
 
-#
-# Check and remount the / (root) file system.
-# For NFS mounts, force the llock option on.
-#
-if smf_is_globalzone && [ $rootiszfs = 0 ]; then
-	readvfstab / < $vfstab
-	checkfs $fsckdev $fstype $mountp || exit $SMF_EXIT_ERR_FATAL
-	checkopt "llock" $mntopts
-	mntopts='remount'
-
-	[ -n "$otherops" ] && mntopts="${mntopts},${otherops}"
-	[ "$fstype" = nfs ] && mntopts="${mntopts},llock"
-
-	mountfs -m $mountp $fstype $mntopts - || exit $SMF_EXIT_ERR_FATAL
-fi
-
-#
-# Check and remount the /usr file system (formerly mounted read-only).
-# Unless root is zfs, in which case we've already mounted /usr read-write
-#
-if [ "$rootiszfs" = 0 ] ; then
-	readvfstab /usr < $vfstab
-	if [ "$mountp" ]; then
-		checkopt ro $mntopts
-		if [ "x$option" != xro ]; then
-			checkfs $fsckdev $fstype $mountp ||
-			    exit $SMF_EXIT_ERR_FATAL
-			if [ "x$mntopts" != x- ]; then
-				mntopts="remount,$mntopts"
-			else
-				mntopts="remount"
-			fi
-
-			mountfs - /usr $fstype $mntopts - ||
-			    exit $SMF_EXIT_ERR_FATAL
-		fi
-	fi
-fi
-
-#
-# Check and mount the /usr/platform file system.  This should only be
-# present when a SunOS 5.5 (Solaris 2.5) or greater client is being
-# administered by a SunOS 5.4 or less host.
-#
-readvfstab /usr/platform < $vfstab
-if [ "$mountp" ]; then
-	checkfs $fsckdev $fstype $mountp || exit $SMF_EXIT_ERR_FATAL
-	mountfs - $mountp $fstype $mntopts - || exit $SMF_EXIT_ERR_FATAL
-fi
-
-#
-# Mount the fd file systems if mount point exists.
-#
-readvfstab /dev/fd < $vfstab
-if [ "$mountp" -a -d /dev/fd ]; then
-	mountfs - /dev/fd - - - || exit $SMF_EXIT_ERR_FATAL
-fi
+mount /dev/fd
 
-if [ -f "${UPDATEFILE}" ]; then
-	/usr/sbin/bootadm update-archive
-	if [ $? != 0 ]; then
-		cecho ""
-		cecho "WARNING: Automatic update of the boot archive failed."
-		cecho "Update the archives using 'bootadm update-archive'"
-		cecho "command and then reboot the system from the same device that"
-		cecho "was previously booted." 
-		cecho ""
-		exit $SMF_EXIT_ERR_FATAL
-	fi
-	rm -f $UPDATEFILE
-	bootcmd=`/usr/sbin/eeprom bootcmd | /usr/bin/sed -e 's#bootcmd=##g'`
-	if [ `uname -p` = "i386" ]; then
-		/usr/sbin/reboot -f dryrun
-		if [ $? = 0 ]; then
-			/usr/sbin/reboot -f -- "$bootcmd" 
-			exit $SMF_EXIT_OK
-		fi
-		boot_prop=`/usr/sbin/svccfg -s svc:/system/boot-config:default listprop config/auto-reboot-safe | \
-			/usr/bin/nawk '{ print $3}'`
-		if [ "$boot_prop" != "true" ]; then 
-			cecho ""
-			cecho "WARNING: Reboot required."
-			cecho "The system has updated the cache of files (boot archive) that is used"
-			cecho "during the early boot sequence. To avoid booting and running the system"
-			cecho "with the previously out-of-sync version of these files, reboot the"
-			cecho "system from the same device that was previously booted."
-			cecho ""
-			exit $SMF_EXIT_ERR_FATAL
-		else
-			/usr/sbin/reboot -p 
-			exit $SMF_EXIT_OK
-		fi 
-	fi
-	/usr/sbin/reboot -- "$bootcmd"
+if smf_is_globalzone; then
+    # svc.startd makes a backup of the repo on boot.  Since this is a
+    # live-image, the backup takes up an unnecessary 4MB in memory, so remove
+    # it now.
+    rm -f /etc/svc/repository-*
 fi
 
 exit $SMF_EXIT_OK
diff --git a/usr/src/cmd/svc/milestone/identity-node b/usr/src/cmd/svc/milestone/identity-node
index c9b20ba669..6b740f3dd1 100644
--- a/usr/src/cmd/svc/milestone/identity-node
+++ b/usr/src/cmd/svc/milestone/identity-node
@@ -27,18 +27,30 @@
 # Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
-# ident	"%Z%%M%	%I%	%E% SMI"
+# Copyright 2019 Joyent, Inc.
+#
 
 . /lib/svc/share/smf_include.sh
 . /lib/svc/share/net_include.sh
 
+set -o xtrace
+
 # Make sure that the libraries essential to this stage of booting can be found.
 LD_LIBRARY_PATH=/lib; export LD_LIBRARY_PATH
 
 #
-# If DHCP was used on a primary interface then set the hostname
-# that was returned. If no hostname was returned, set the name
-# to be "unknown". The hostname must be set to something, because
+# For the GZ, use one of the following values for hostname, in order:
+#   * DHCP hostname (if set on a primary interface)
+#   * hostname value from config file
+#   * hostname bootparam
+#   * if not a headnode:
+#     * admin MAC address
+#     * any other MAC address
+#
+# If none of the above could be found, default to "headnode" for headnodes, and
+# "unknown" for non-headnodes.
+#
+# The hostname must be set to something, because
 # tooltalk will hang unless the name can be locally resolved.
 # Sendmail also requires the name to be resolvable locally.
 # Later, in inetsvc, we create a name "unknown" and create a entry
@@ -51,44 +63,124 @@ LD_LIBRARY_PATH=/lib; export LD_LIBRARY_PATH
 # kernel if /etc/nodename does not exist, as is expected on an initial boot.
 #
 
+set_gz_hostname() {
+    hostname=${CONFIG_hostname}
+    if [ -z "$hostname" ] || [ "$hostname" == "unknown" ]; then
+        hostname=$SYSINFO_Bootparam_hostname
+    fi
+
+    if [ -n "$hostname" ] && [ "$hostname" != "unknown" ]; then
+        return
+    fi
+
+    # $headnode is set by load_sdc_config()
+    if [ "$headnode" == "true" ]; then
+        hostname="headnode"
+        return
+    fi
+
+    if [[ -n ${SYSINFO_NIC_admin} ]]; then
+        eval "admin_mac=\${SYSINFO_Network_Interface_${SYSINFO_NIC_admin}_MAC_Address}"
+        if [[ -n ${admin_mac} ]]; then
+            hostname=$(echo "${admin_mac}" | tr ':' '-')
+            return
+        fi
+    fi
+
+    fallback_mac=$(set | grep "^SYSINFO_Network_Interface_.*_MAC_Address" | head -n1 | cut -d'=' -f2)
+    if [[ -n ${fallback_mac} ]]; then
+        hostname=$(echo "${fallback_mac}" | tr ':' '-')
+        return
+    fi
+
+    hostname="unknown"
+}
+
+
 smf_netstrategy
 
 case "$_INIT_NET_STRATEGY" in
-	"dhcp") hostname=`/sbin/dhcpinfo Hostname` ;;
-	"rarp") hostname=`/sbin/hostconfig -h -p bootparams`
-		trap 'intr=1' 2 3
-		while [ -z "$hostname" -a ! -f /etc/.UNCONFIGURED -a \
-		    -z "$intr" ]; do
-			echo "re-trying host configuration..."
-			# Restrict this to IPv4 interfaces.
-			/sbin/ifconfig -adD4 auto-revarp up
-			hostname=`/sbin/hostconfig -h -p bootparams`
-		done
-		trap 2 3 ;;
-	"none") hostname="`shcat /etc/nodename 2>/dev/null`"
-       		if [ -z "$hostname" ]; then
-			if smf_is_globalzone; then
-				hostname=`/sbin/hostconfig -h -p bootparams`
-			else
-				hostname=`/sbin/uname -n`
-			fi
-		fi ;;
+    "dhcp") hostname=`/sbin/dhcpinfo Hostname` ;;
+    "rarp") hostname=`/sbin/hostconfig -h -p bootparams`
+        trap 'intr=1' 2 3
+        while [ -z "$hostname" -a ! -f /etc/.UNCONFIGURED -a \
+            -z "$intr" ]; do
+            echo "re-trying host configuration..."
+            # Restrict this to IPv4 interfaces.
+            /sbin/ifconfig -adD4 auto-revarp up
+            hostname=`/sbin/hostconfig -h -p bootparams`
+        done
+        trap 2 3 ;;
+    # /etc/nodename defaults to "unknown" on SmartOS
+    "none") hostname="`shcat /etc/nodename 2>/dev/null`"
+        if [ -z "$hostname" ]; then
+            if smf_is_globalzone; then
+                hostname=`/sbin/hostconfig -h -p bootparams`
+            else
+                hostname=`/sbin/uname -n`
+            fi
+        fi ;;
 esac
 
+# Load sysinfo variables with SYSINFO_ prefix and config variables with
+# CONFIG_ prefix.
+# Note: since we're still starting up, "soft" values like network IP and such could
+# not be set yet.
+
+if smf_is_globalzone; then
+    . /lib/sdc/config.sh
+
+    load_sdc_sysinfo
+
+    if boot_file_config_enabled; then
+        load_boot_file_config
+    else
+        load_sdc_config
+    fi
+fi
+
 #
 # If the netstrategy was unsuccessful and we haven't got a locally configured
 # name, default to "unknown"
 #
-if [ -z "$hostname" ]; then
-	hostname="`shcat /etc/nodename 2>/dev/null`"
-	if [ -z "$hostname" ]; then
-		hostname="unknown"
-	fi
+if [ -z "$hostname" ] || [ "$hostname" == "unknown" ]; then
+    hostname="`shcat /etc/nodename 2>/dev/null`"
+    if [ -z "$hostname" ] || [ "$hostname" == "unknown" ]; then
+        if smf_is_globalzone; then
+            set_gz_hostname
+        else
+            hostname="unknown"
+        fi
+    fi
+fi
+
+if smf_is_globalzone; then
+    echo "$hostname" > /etc/nodename
 fi
 
 /sbin/uname -S $hostname
 
-echo "Hostname: `/sbin/uname -n`" > /dev/msglog
+# Reloading sysinfo here serves two purposes:
+#   - getting the IP info (which should exist now)
+#   - updating the host info (which we just set)
+eval $(/usr/bin/sysinfo -f -p | sed -e "s/^/SYSINFO_/")
+
+# Try to add the /etc/hosts entry if we can find an IP
+if [[ -n ${SYSINFO_NIC_admin} ]]; then
+    eval "ipaddr=\${SYSINFO_Network_Interface_${SYSINFO_NIC_admin}_IPv4_Address}"
+fi
+if [[ -z ${ipaddr} ]]; then
+    ipaddr=$(set | grep "^SYSINFO_Network_Interface_.*_IPv4_Address" | head -n1 | cut -d'=' -f2)
+fi
+if [[ -n ${ipaddr} ]]; then
+    fullname=""
+
+    if [ -n "$CONFIG_dns_domain" ]; then
+        fullname=" ${hostname}.${CONFIG_dns_domain}"
+    fi
+
+    printf "${ipaddr}\t${hostname}${fullname}\n" >> /etc/hosts
+fi
 
 # Reset the library path now that we are past the critical stage
 unset LD_LIBRARY_PATH
diff --git a/usr/src/cmd/svc/milestone/joyent-fs.xml b/usr/src/cmd/svc/milestone/joyent-fs.xml
new file mode 100644
index 0000000000..3d004e8d33
--- /dev/null
+++ b/usr/src/cmd/svc/milestone/joyent-fs.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0"?>
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+<!--
+ Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+ Use is subject to license terms.
+
+ CDDL HEADER START
+
+ The contents of this file are subject to the terms of the
+ Common Development and Distribution License, Version 1.0 only
+ (the "License").  You may not use this file except in compliance
+ with the License.
+
+ You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ or http://www.opensolaris.org/os/licensing.
+ See the License for the specific language governing permissions
+ and limitations under the License.
+
+ When distributing Covered Code, include this CDDL HEADER in each
+ file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ If applicable, add the following below this CDDL HEADER, with the
+ fields enclosed by brackets "[]" replaced with your own identifying
+ information: Portions Copyright [yyyy] [name of copyright owner]
+
+ CDDL HEADER END
+-->
+
+<service_bundle type='manifest' name='SUNWcsr:filesystem-joyent'>
+
+<service
+	name='system/filesystem/smartdc'
+	type='service'
+	version='1'>
+
+	<create_default_instance enabled='true' />
+
+	<single_instance/>
+
+	<dependency
+		name='usr'
+		grouping='require_all'
+		restart_on='none'
+		type='service'>
+		<service_fmri value='svc:/system/filesystem/usr' />
+	</dependency>
+
+	<!--
+	  Start method timeout is infinite to handle potentially unbounded
+	  fsck times.
+        -->
+	<exec_method
+		type='method'
+		name='start'
+		exec='/lib/svc/method/fs-joyent'
+		timeout_seconds='0' />
+
+	<exec_method
+		type='method'
+		name='stop'
+		exec=':true'
+		timeout_seconds='0' />
+
+	<property_group name='startd' type='framework'>
+		<propval name='duration' type='astring' value='transient' />
+	</property_group>
+	<property_group name='joyentfs' type='application'>
+      <stability value='Evolving'/>
+      <propval name='debug' type='boolean' value='false'/>
+      <propval name='usb_copy_path' type='astring' value='/usbkey'/>
+      <propval name='usb_mountpoint' type='astring' value='usbkey'/>
+    </property_group>
+
+
+	<stability value='Unstable' />
+
+	<template>
+		<common_name>
+			<loctext xml:lang='C'>
+				Joyent file system mounts
+			</loctext>
+		</common_name>
+	</template>
+</service>
+
+</service_bundle>
diff --git a/usr/src/cmd/svc/milestone/make-console-login-xml b/usr/src/cmd/svc/milestone/make-console-login-xml
index a8e516fe9f..2b78164e78 100644
--- a/usr/src/cmd/svc/milestone/make-console-login-xml
+++ b/usr/src/cmd/svc/milestone/make-console-login-xml
@@ -24,6 +24,8 @@
 # Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
+# Copyright 2019 Joyent, Inc.
+#
 
 cat >console-login.xml <<EOF
 <?xml version="1.0"?>
@@ -31,6 +33,8 @@ cat >console-login.xml <<EOF
 	Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 	Use is subject to license terms.
 
+	Copyright 2015 Joyent, Inc.
+
 	NOTE:  This service manifest is not editable; its contents will
 	be overwritten by package or patch operations, including
 	operating system upgrade.  Make customizations in a different
@@ -125,14 +129,14 @@ cat >console-login.xml <<EOF
 	<property_group name='ttymon' type='application'>
 		<propval name='value_authorization' type='astring'
 			value='solaris.smf.value.vt' />
-		<propval name='device' type='astring' value='/dev/console' />
+		<propval name='device' type='astring' value='/dev/wscons' />
 		<propval name='label' type='astring' value='console' />
 		<propval name='timeout' type='count' value='0' />
 		<propval name='nohangup' type='boolean' value='true' />
 		<propval name='modules' type='astring'
 		    value='ldterm,ttcompat' />
 		<propval name='prompt' type='astring'
-		   value='\`uname -n\` console login:' />
+		   value='\`uname -n\` wscons login:' />
 		<propval name='terminal_type' type='astring'
 		     value='' />
 	</property_group>
@@ -140,8 +144,39 @@ cat >console-login.xml <<EOF
 
 <instance name='default' enabled='true'>
 </instance>
+EOF
+
+for tty in a b c d; do
+	cat >>console-login.xml <<EOF
 
+<instance name='tty$tty' enabled='true'>
+
+	    <dependency
+		    name='system-console'
+		    grouping='require_all'
+		    restart_on='none'
+		    type='service'>
+		    <service_fmri value='svc:/system/console-login:default' />
+	    </dependency>
+
+        <!-- these are passed to ttymon in the method script -->
+        <property_group name='ttymon' type='application'>
+		<propval name='value_authorization' type='astring'
+			value='solaris.smf.value.vt' />
+		<propval name='device' type='astring' value='/dev/term/$tty' />
+		<propval name='label' type='astring' value='115200' />
+		<propval name='timeout' type='count' value='0' />
+		<propval name='nohangup' type='boolean' value='true' />
+		<propval name='modules' type='astring'
+			value='ldterm,ttcompat' />
+		<propval name='prompt' type='astring'
+			value='\`uname -n\` tty$tty login:' />
+		<propval name='terminal_type' type='astring'
+			value='xterm' />
+	</property_group>
+</instance>
 EOF
+done
 
 # Note that this script file is normally parsed during build by sh(1).
 # When the parser encounters an EOF token (like the one above), it
@@ -328,7 +363,7 @@ Sets the initial value of the TERM environment variable
 				<visibility value='readwrite'/>
 				<cardinality min='1' max='1'/>
 			</prop_pattern>
-		</pg_pattern>	 
+		</pg_pattern>
 
 	</template>
 </service>
diff --git a/usr/src/cmd/svc/milestone/manifest-import b/usr/src/cmd/svc/milestone/manifest-import
index 81cd780583..43fb677b92 100644
--- a/usr/src/cmd/svc/milestone/manifest-import
+++ b/usr/src/cmd/svc/milestone/manifest-import
@@ -74,13 +74,17 @@ function svccfg_apply {
 }
 
 #
-# If the smf repository has file entries that are missing
+# If the smf/manifest table has file entries that are missing
 # then there is work to be done by the cleanup process.
 #
 function cleanup_needwork {
-	smfmfiles=`svcprop -p manifestfiles '*' 2>/dev/null |
-	    nawk -v early="$early" '$2 == "astring" &&
-	    (early != "true" || $3 ~ "^/lib/") { print $3 }'`
+	if [ "$early" == true ]; then
+		smfmfiles=`/usr/bin/svcprop smf/manifest | \
+		    awk '(/^lib_/ && /\/manifestfile /) {print $3}'`
+	else
+		smfmfiles=`/usr/bin/svcprop smf/manifest | \
+		    awk '/\/manifestfile / {print $3}'`
+	fi
 
 	nw=`/lib/svc/bin/mfstscan $smfmfiles 2>&1 1>/dev/null`
 	[ "$nw" ] && return 1
@@ -201,8 +205,13 @@ function import_manifests {
 
 	rm -f $logf
 
-	nonsite_dirs=`/usr/bin/find $basedir/* -name site \
-	    -prune -o -type d -print -prune`
+	if [ "${basedir}" == "/opt/custom/smf" ]; then
+		# Special case where we will just import from the root, not subdirs
+		nonsite_dirs=${basedir}
+	else
+		nonsite_dirs=`/usr/bin/find $basedir/* -name site \
+			-prune -o -type d -print -prune`
+	fi
 
 	if [ -n "$_MFST_DEBUG" ]; then
 		nonsite_manifests=`/lib/svc/bin/mfstscan $nonsite_dirs`
@@ -454,6 +463,10 @@ else
 	import_manifests "/lib/svc/manifest" true
 	import_manifests "/var/svc/manifest" true
 
+	if [ -d "/opt/custom/smf" ]; then
+		import_manifests "/opt/custom/smf" true
+	fi
+
 	#
 	# Apply profiles
 	#
@@ -472,9 +485,9 @@ fi
 # 6.  Final actions.
 #
 
-if $activity; then
-	/usr/sbin/svcadm _smf_backup "manifest_import" || true
-fi
+#if $activity; then
+#	/usr/sbin/svcadm _smf_backup "manifest_import" || true
+#fi
 
 #
 # If the filesystem is NOT read only then move the repo back to perm
diff --git a/usr/src/cmd/svc/milestone/mdata-execute b/usr/src/cmd/svc/milestone/mdata-execute
new file mode 100755
index 0000000000..fca08ffbc7
--- /dev/null
+++ b/usr/src/cmd/svc/milestone/mdata-execute
@@ -0,0 +1,53 @@
+#!/usr/bin/bash
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License").  You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at http://smartos.org/CDDL
+#
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file.
+#
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2012, Joyent, Inc. All rights reserved.
+#
+
+set -o xtrace
+
+. /lib/svc/share/smf_include.sh
+smf_is_globalzone && exit ${SMF_EXIT_OK}
+
+# If we got as far as running the user-script the 'provision' was a success
+# from here out a failure will leave the zone running.
+if [ -f /var/svc/provisioning ]; then
+    mv /var/svc/provision{ing,_success}
+fi
+
+if [[ -x /var/svc/mdata-operator-script ]]; then
+    /var/svc/mdata-operator-script
+    operator_script_exit=$?
+    if [[ ${operator_script_exit} -gt 0 ]]; then
+        echo "WARNING: operator-script failed: exited ${operator_script_exit}" \
+            >&2
+    fi
+fi
+
+user_script_exit=${SMF_EXIT_OK}
+if [ -x /var/svc/mdata-user-script ]; then
+    /var/svc/mdata-user-script
+    [ $? -gt 0 ] && user_script_exit=${SMF_EXIT_ERR_FATAL}
+fi
+
+exit ${user_script_exit}
diff --git a/usr/src/cmd/svc/milestone/mdata-fetch b/usr/src/cmd/svc/milestone/mdata-fetch
new file mode 100755
index 0000000000..cb7222f445
--- /dev/null
+++ b/usr/src/cmd/svc/milestone/mdata-fetch
@@ -0,0 +1,477 @@
+#!/usr/bin/bash
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License").  You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at http://smartos.org/CDDL
+#
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file.
+#
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2017, Joyent, Inc. All rights reserved.
+#
+
+export PS4='[\D{%FT%TZ}] ${BASH_SOURCE}:${LINENO}: ${FUNCNAME[0]:+${FUNCNAME[0]}(): }'
+export PATH=/usr/bin:/usr/sbin:$PATH
+
+set -o xtrace
+
+. /lib/svc/share/smf_include.sh
+smf_is_globalzone && exit ${SMF_EXIT_OK}
+
+if [ ! -x /usr/sbin/mdata-get ]; then
+  echo "Metadata mdata-get tool not found."
+  exit ${SMF_EXIT_ERR_FATAL}
+fi
+
+function fatal() {
+  if [[ -n $1 ]]; then
+      echo "FATAL: $*" >&2
+  fi
+  exit ${SMF_EXIT_ERR_FATAL}
+}
+
+# Test if an address looks like an IPv4 address.
+function isIPv4() {
+  [[ "$1" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]
+}
+
+# Test if an address looks like an IPv4 address + CIDR.
+function isIPv4AndCIDR() {
+  [[ "$1" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}$ ]]
+}
+
+# Test if an address looks like an IPv6 address.
+function isIPv6() {
+  [[ "$1" =~ ^[0-9a-f]*:[0-9a-f]*:[:0-9a-f]*$ ]]
+}
+
+# Test if an address looks like an IPv6 address + CIDR.
+function isIPv6AndCIDR() {
+  [[ "$1" =~ ^[0-9a-f]*:[0-9a-f]*:[:0-9a-f]*/[0-9]{1,3}$ ]]
+}
+
+# For old zones that were created prior to OS-2253 and bumping the mdata:fetch
+# start timeout, we need to fix this otherwise we could timeout waiting for the
+# socket.
+cur_timeout=$(svcprop -p start/timeout_seconds svc:/smartdc/mdata:fetch)
+if [[ -z ${cur_timeout} || ${cur_timeout} -lt 1800 ]]; then
+    # The current manifest has an old timeout value, fix in case we timeout
+    # here.  XXX we can still hit OS-2296 here where smf will forget that we
+    # set this.
+    svccfg -s svc:/smartdc/mdata:fetch 'setprop start/timeout_seconds = 1800'
+    svcadm refresh svc:/smartdc/mdata:fetch
+fi
+
+# This waits until /.zonecontrol/metadata.sock exists then exits 0
+/usr/vm/sbin/filewait /.zonecontrol/metadata.sock
+
+if [[ ! -e /.zonecontrol/metadata.sock ]]; then
+    # this is a bug since filewait should not have returned until file existed.
+    fatal "missing /.zonecontrol/metadata.sock, Unable to start mdata:fetch"
+fi
+
+# Update sysinfo to ensure values that come from metadata are populated.
+/usr/bin/sysinfo -fu
+
+echo "Retrieving metadata user-data"
+/usr/sbin/mdata-get user-data >/var/db/mdata-user-data.new
+case $? in
+  0)
+    echo "Metadata user-data successfuly retrieved."
+    mv /var/db/mdata-user-data{.new,}
+    ;;
+  1)
+    echo "Metadata user-data not defined."
+    rm -f /var/db/mdata-user-data{,.new}
+    ;;
+  *)
+    echo "Metadata couldn't be retrieved."
+    exit ${SMF_EXIT_ERR_FATAL}
+    ;;
+esac
+
+echo "Retrieving metadata user-script..."
+/usr/sbin/mdata-get user-script >/var/svc/mdata-user-script.new
+case $? in
+  0)
+    echo "Metadata user-script successfuly retrieved."
+    mv /var/svc/mdata-user-script{.new,}
+    chmod +x /var/svc/mdata-user-script
+    ;;
+  1)
+    echo "Metadata user-script not defined."
+    rm -f /var/svc/mdata-user-script{,.new}
+    ;;
+  *)
+    echo "Metadata couldn't be retrieved."
+    exit ${SMF_EXIT_ERR_FATAL}
+    ;;
+esac
+
+echo "Retrieving metadata operator-script..."
+/usr/sbin/mdata-get sdc:operator-script >/var/svc/mdata-operator-script.new
+case $? in
+  0)
+    echo "Metadata operator-script successfuly retrieved."
+    mv /var/svc/mdata-operator-script{.new,}
+    chmod +x /var/svc/mdata-operator-script
+    ;;
+  1)
+    echo "Metadata operator-script not defined."
+    rm -f /var/svc/mdata-operator-script{,.new}
+    ;;
+  *)
+    echo "Metadata couldn't be retrieved."
+    exit ${SMF_EXIT_ERR_FATAL}
+    ;;
+esac
+
+echo "Retrieving tmpfs value..."
+tmpfs=$(/usr/sbin/mdata-get sdc:tmpfs)
+if [[ $? == 0 && -n ${tmpfs} && -f /etc/vfstab ]]; then
+  check="swap        -   /tmp                tmpfs";
+
+  if [[ ${tmpfs} == "0" ]]; then
+    # When tmpfs is set 0, we remove any entry from /etc/vfstab but cannot
+    # adjust the "live" value as current /tmp will be in-use. On reboot the
+    # new value will take effect.
+
+    grep -v "^${check}" /etc/vfstab > /etc/vfstab.new \
+      && mv /etc/vfstab.new /etc/vfstab
+  else
+    new="swap        -   /tmp                tmpfs    -   yes    size=${tmpfs}m";
+    if ! /usr/bin/grep "^${new}" /etc/vfstab; then
+      if ! /usr/bin/grep "^${check}" /etc/vfstab; then
+        # no tmpfs line. add it.
+        echo "${new}" >> /etc/vfstab
+      else
+        # existing tmpfs line, but wrong value. fix it.
+        /usr/bin/sed -i "" -e "s|^swap.*/tmp.*tmpfs.*$|${new}|" /etc/vfstab
+        echo $?
+      fi
+
+      if mount | grep "^/tmp"; then
+        # Also fix current size, since /etc/vfstab didn't have our correct line
+        # but only if we have /tmp mounted at all. If not, we'll have to wait
+        # until the next reboot since /tmp will be in-use.
+        /usr/sbin/mount -F tmpfs -o remount,size=${tmpfs}m /tmp
+      fi
+
+    fi
+  fi
+fi
+
+#
+# If we have NFS volumes, we'll add them to vfstab, and enable the nfs/client
+# service so that will mount the volumes for us.
+#
+echo "Retrieving volume metadata..."
+
+volumes_added=0
+while IFS="|" read -r nfsvolume mountpoint name mode type; do
+
+  cat >&2 <<EOF
+*** VOLUME ***
+NFSVOLUME: ${nfsvolume}
+MOUNTPOINT: ${mountpoint}
+MODE: ${mode}
+NAME: ${name}
+TYPE: ${type}
+EOF
+
+  if [[ -n ${type} && ${type} != "tritonnfs" ]]; then
+      fatal "unsupported volume type: ${type}"
+  fi
+
+  # if we don't have volume and mountpoint, we can't add vfstab lines
+  if [[ -z ${nfsvolume} || -z ${mountpoint} ]]; then
+      fatal "invalid volume specification (need both volume & mountpoint)"
+  fi
+
+  if ! grep "^${nfsvolume}[ 	]" /etc/vfstab; then
+      if [[ -z ${mode} ]]; then
+          mode="rw"
+      fi
+
+      if [[ ${mode} != "rw" && ${mode} != "ro" ]]; then
+          fatal "invalid volume mode: '${mode}'"
+      fi
+
+      line=$(printf "%s - %s nfs - yes %s\n" "${nfsvolume}" "${mountpoint}" "${mode}")
+      volumes_added=$((${volumes_added}+1))
+
+      mkdir -p ${mountpoint}
+      echo "${line}" >> /etc/vfstab
+  fi
+done < <(/usr/sbin/mdata-get sdc:volumes \
+    | /usr/bin/json \
+        -d '|' \
+        -a nfsvolume mountpoint name mode type)
+
+if [[ ${volumes_added} -gt 0 ]]; then
+    for svc in \
+        svc:/network/nfs/nlockmgr:default \
+        svc:/network/nfs/status:default \
+        svc:/network/rpc/bind:default \
+        svc:/network/nfs/client:default \
+        ; do
+
+        svcadm enable ${svc} || fatal "Unable to enable ${svc}"
+     done
+fi
+
+# We use the special sdc:nics value here though this is not an interface for
+# use elsewhere.  If this is changed please also update agent.js in the metadata
+# agent.
+#
+# We run this every startup in case nics have changed since last boot. As
+# network/physical has an optional_all dependency on this service, we'll have
+# had our chance to write these files out before networking comes up. This
+# might eventually be replaced by network/physical grabbing data directly.
+echo "Retrieving nics data..."
+while IFS="|" read -r iface ip ips netmask primary gateway gateways; do
+
+  # if we don't have interface name, we don't know what files to write out.
+  if [[ -z ${iface} ]]; then
+    continue;
+  fi
+
+  # A VM created on an older platform may not have the "ips" or "gateways"
+  # properties, so we will need to grab the older "ip" and "gateway" versions
+  # instead.
+  [[ -z $ips ]] && ips=$ip
+  [[ -z $gateways ]] && gateways=$gateway
+
+  # We remove the hostname.netX file first, so we can append to a clean file
+  rm -f /etc/hostname.${iface}
+
+  # remove any existing DHCP or addrconf configuration, since we'll create one
+  # if it belongs later
+  rm -f /etc/dhcp.${iface}
+  rm -f /etc/addrconf.${iface}
+
+  OLDIFS=$IFS
+  IFS=$','
+  for ip in $ips; do
+    # so it shows up in the logs
+    echo "iface[${iface}] ip[${ip}] netmask[${netmask}]" \
+      "primary[${primary}] gateway[${gateway}]"
+
+    [[ -z ${ip} ]] && continue;
+
+    if [[ ${ip} == "dhcp" ]]; then
+      touch /etc/dhcp.${iface}
+      if hostname=`mdata-get sdc:hostname`; then
+          echo "inet ${hostname}" >> /etc/hostname.${iface}
+      fi
+    elif [[ ${ip} == "addrconf" ]]; then
+      touch /etc/addrconf.${iface}
+    elif isIPv4 ${ip} && [[ -n ${netmask} ]]; then
+      # We're using an older configuration where the routing prefix is
+      # specified using a mask instead of CIDR notation. We'll need to
+      # invoke ifconfig differently.
+      echo "${ip} netmask ${netmask} up" >> /etc/hostname.${iface}
+    elif isIPv4AndCIDR ${ip} \
+        || isIPv6AndCIDR ${ip} \
+        || isIPv6 ${ip}; then
+      # Either a routing prefix was specified, or, in the case of IPv6, we
+      # won't specify one and fall back on NDP to find it when we configure
+      # our interfaces.
+      echo "${ip} up" >> /etc/hostname.${iface}
+    fi
+  done
+
+  if [[ ${primary} == "true" ]]; then
+    rm -f /etc/defaultrouter
+    for gateway in $gateways; do
+      if [[ -n ${gateway} ]] && isIPv4 ${gateway}; then
+        echo "${gateway}" >> /etc/defaultrouter
+      fi
+    done
+  fi
+  IFS=$OLDIFS
+
+  # XXX we leave old hostname.netX files around and just replace when we have
+  # one next.
+done < <(/usr/sbin/mdata-get sdc:nics \
+    | /usr/bin/json \
+        -d '|' \
+        -e 'this.ips = this.ips ? this.ips.join(",") : ""' \
+        -e 'this.gateways = this.gateways ? this.gateways.join(",") : ""' \
+        -a interface ip ips netmask primary gateway gateways)
+
+# rebuild resolv.conf
+resolvers=$(mdata-get sdc:resolvers)
+resolvers_result=$?
+
+# Determine if resolv.conf is managed for us
+maintain_resolvers=$(mdata-get sdc:maintain_resolvers)
+maintain_result=$?
+if [[ ${maintain_result} != 0 ]]; then
+    echo "Error getting maintain_resolvers, code: ${maintain_result}"
+    maintain_resolvers="false"
+fi
+
+# If this is our first boot, write an initial set of resolvers
+if [[ -f /var/svc/provisioning ]]; then
+    echo "First boot: writing resolvers"
+    maintain_resolvers="true"
+fi
+
+if [[ ${resolvers_result} == 0 && ${maintain_resolvers} == "true" ]]; then
+
+    # if dns_domain is missing or broken, we still write out, just w/o search
+    search="search $(mdata-get sdc:dns_domain)"
+    if [[ $? != 0 ]]; then
+        search=
+    fi
+
+    if [[ ${resolvers} == "[]" ]]; then
+        nameservers=
+    else
+        nameservers=$(echo ${resolvers} | json -a | sed -e "s/^/nameserver /")
+    fi
+
+    rm -f /etc/.resolv.conf.tmp
+    if [[ -n ${search} ]]; then
+        echo "${search}" > /etc/.resolv.conf.tmp
+    fi
+    if [[ -n ${nameservers} ]]; then
+        echo "${nameservers}" >> /etc/.resolv.conf.tmp
+    fi
+
+    cp /etc/.resolv.conf.tmp /etc/resolv.conf \
+        && cat /etc/.resolv.conf.tmp >&2 \
+        && rm -f /etc/.resolv.conf.tmp
+else
+    if [[ ${resolvers_result} == 0 ]]; then
+        echo "Error getting resolvers, code: ${resolvers_result}"
+    fi
+
+    if [[ ${maintain_resolvers} == "true" ]]; then
+        echo "Not setting resolvers, maintain_resolvers=${maintain_resolvers}"
+    fi
+fi
+
+
+# Fetch routes
+
+# It is possible to specify the same route in several different ways using
+# route(1m). We therefore use route(1m) itself to manage adding, deleting
+# and determining duplicates.
+zone_routes_file=/etc/inet/static_routes
+vmadm_routes_file=/etc/inet/static_routes.vmadm
+tmpdir=$(mktemp -d /tmp/mdata.XXXXXX)
+
+if [ -z $tmpdir ]; then
+    echo "Error creating temporary directory."
+    exit ${SMF_EXIT_ERR_FATAL}
+fi
+
+# directory structure for the new copy of static_routes.vmadm (the one that
+# will replace the current static_routes.vmadm once all of the adds and
+# deletes have been applied):
+new_root=${tmpdir}/new-routes
+new_inet=${new_root}/etc/inet
+# directory structure for the previous copy of static_routes.vmadm (used to
+# determine routes that have been removed since the last time mdata-fetch
+# was run):
+old_root=${tmpdir}/old-routes
+old_inet=${old_root}/etc/inet
+# directory structure for the zone's persistent routes - those not created
+# by vmadm (used to determine if vmadm routes are duplicates):
+zone_root=${tmpdir}/zone-routes
+zone_inet=${zone_root}/etc/inet
+
+mkdir -p $new_inet
+mkdir -p ${old_root}/etc/inet
+mkdir -p ${zone_root}/etc/inet
+
+if [[ -f ${vmadm_routes_file} ]]; then
+    cp $vmadm_routes_file ${old_inet}/static_routes
+fi
+
+function route_in_per_zone_file()
+{
+    cp $zone_routes_file $zone_inet
+    output=$(route -pR $zone_root add $* 2>&1)
+    [[ $output =~ "entry exists" ]]
+}
+
+# If re-running this script after initial boot, network/physical and
+# network/routing-setup are already enabled, so apply routing adds and
+# deletes manually
+if [[ $(/usr/bin/svcs -H -o state network/routing-setup) == "online" ]]; then
+    routing_up="true"
+fi
+
+while IFS="|" read -r gateway dst linklocal; do
+    echo "route: gateway[${gateway}] dst[${dst}] linklocal[${linklocal}]"
+    route_type=""
+    if [[ ${linklocal} == "true" ]]; then
+        route_type="-interface "
+    fi
+    route_str="${route_type}${dst} ${gateway}"
+
+    if route_in_per_zone_file $route_str; then
+        echo "not adding duplicate route: ${route_str}"
+        # the zone has also defined this route; do nothing
+    else
+        echo "adding route to file: ${route_str}"
+        route -pR $new_root add $route_str
+        if [[ -n "${routing_up}" ]]; then
+            route add $route_str
+        fi
+    fi
+
+    route -pR $old_root delete $route_str
+done < <(/usr/sbin/mdata-get sdc:routes \
+    | /usr/bin/json -d '|' -a gateway dst linklocal)
+
+
+# Anything left in the old static_routes file is a delete. Don't delete the
+# route from the routing tables if there's a duplicate route in the zone's
+# static_routes file
+if [[ -f ${old_inet}/static_routes ]]; then
+    egrep -v "^(#|$)" ${old_inet}/static_routes | while read -r route_str; do
+        if [[ "${route_str}" == "" ]]; then
+            continue
+        fi
+
+        if route_in_per_zone_file "$route_str"; then
+            echo "not deleting duplicate route: ${route_str}"
+        else
+            if [[ -n "${routing_up}" ]]; then
+                route delete $route_str
+            fi
+        fi
+    done
+fi
+
+if [[ -f ${new_inet}/static_routes ]]; then
+    cp ${new_inet}/static_routes ${vmadm_routes_file}
+else
+    rm ${vmadm_routes_file}
+fi
+rm -rf $tmpdir
+
+
+# Unconditionally enable mdata:execute, so that the last provisioning step
+# is always taken (regardless of whether user-script exists or not)
+svcadm enable smartdc/mdata:execute
+
+exit ${SMF_EXIT_OK}
diff --git a/usr/src/cmd/svc/milestone/mdata.xml b/usr/src/cmd/svc/milestone/mdata.xml
new file mode 100644
index 0000000000..152a7cb485
--- /dev/null
+++ b/usr/src/cmd/svc/milestone/mdata.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0"?>
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+<service_bundle type="manifest" name="mdata">
+  <service name="smartdc/mdata" type="service" version="1">
+    <dependency name="filesystem" grouping="require_all" restart_on="error" type="service">
+      <service_fmri value="svc:/system/filesystem/minimal" />
+    </dependency>
+    <property_group name="startd" type="framework">
+      <propval name="duration" type="astring" value="transient" />
+      <propval name="ignore_error" type="astring" value="core,signal" />
+    </property_group>
+    <instance name="fetch" enabled="true">
+      <dependency name="boot-file" grouping="exclude_all" restart_on="refresh" type="path">
+        <service_fmri value="file://localhost/tmp/.FIRST_REBOOT_NOT_YET_COMPLETE"/>
+      </dependency>
+      <dependency name="rmtmpfiles" grouping="optional_all" restart_on="error" type="service">
+        <service_fmri value="svc:/system/rmtmpfiles" />
+      </dependency>
+      <exec_method type="method" name="start" exec="/lib/svc/method/mdata-fetch" timeout_seconds="1800" />
+      <exec_method type="method" name="stop" exec=":true" timeout_seconds="60" />
+    </instance>
+    <instance name="execute" enabled="false">
+      <dependency name="network" grouping="require_all" restart_on="error" type="service">
+        <service_fmri value="svc:/milestone/multi-user:default" />
+      </dependency>
+      <dependency name="mdata" grouping="require_all" restart_on="error" type="service">
+        <service_fmri value="svc:/smartdc/mdata:fetch" />
+      </dependency>
+      <exec_method type="method" name="start" exec="/lib/svc/method/mdata-execute" timeout_seconds="300" />
+      <exec_method type="method" name="stop" exec=":true" timeout_seconds="60" />
+    </instance>
+    <stability value="Evolving" />
+    <template>
+      <common_name>
+        <loctext xml:lang="C">Joyent SDC metadata handler</loctext>
+      </common_name>
+    </template>
+  </service>
+</service_bundle>
diff --git a/usr/src/cmd/svc/milestone/minimal-fs.xml b/usr/src/cmd/svc/milestone/minimal-fs.xml
index b7af22bfcd..844760baa1 100644
--- a/usr/src/cmd/svc/milestone/minimal-fs.xml
+++ b/usr/src/cmd/svc/milestone/minimal-fs.xml
@@ -44,11 +44,11 @@
 	<single_instance/>
 
 	<dependency
-		name='usr'
+		name='joyent'
 		grouping='require_all'
 		restart_on='none'
 		type='service'>
-		<service_fmri value='svc:/system/filesystem/usr' />
+		<service_fmri value='svc:/system/filesystem/smartdc' />
 	</dependency>
 
 	<dependency
diff --git a/usr/src/cmd/svc/milestone/net-early-admin b/usr/src/cmd/svc/milestone/net-early-admin
new file mode 100644
index 0000000000..abfd5fbdd7
--- /dev/null
+++ b/usr/src/cmd/svc/milestone/net-early-admin
@@ -0,0 +1,214 @@
+#!/bin/ksh93
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright 2019 Joyent, Inc.
+#
+
+# Traditionally, when a Triton compute node boots, the network is not
+# configured until after the local filesystems are mounted (in fact
+# network/physical:default depends upon /system/filesystem/smartdc).  Most
+# obviously, in the case of a head node or a standalone SmartOS install, the
+# network configuration is stored on the local zpool, so the network cannot
+# be configured until this happens.
+#
+# For Triton compute nodes with encrypted zpools, we must enable the admin
+# network before the local zpool filesytems are online -- we have to be able
+# to communicate to the head node services to obtain the pin to unlock the
+# local zpool.  For PXE booted Triton compute nodes, we therefore configure
+# the admin network sooner via the network/early-admin:default service.  When
+# network/physical:default runs, it will skip the configuration of the admin
+# network and configuring the remaining interfaces.
+#
+# If we are not a Triton compute node, we exit successfully almost immediately
+# without configuring the admin network.  When the network/physical:default
+# service runs, it will configure all the network interfaces as it traditionally
+# has
+
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+
+. /lib/svc/share/smf_include.sh
+. /lib/sdc/config.sh
+. /lib/sdc/network.sh
+
+PS4='+ [$LINENO] '
+
+set -o xtrace
+
+if ! smf_is_globalzone; then
+    echo "Non-global zone; no action required; exiting"
+    exit $SMT_EXIT_OK
+fi
+
+if ! boot_file_config_enabled; then
+    echo "Boot-time networking files not present; exiting"
+    exit $SMF_EXIT_OK
+fi
+
+function fatal
+{
+    # XXX: For SMF methods, does it matter/better to redirect to stderr?
+    echo "Error: $*" >&2
+    exit $SMF_EXIT_ERR_FATAL
+}
+
+if ! boot_file_config_valid; then
+    echo "ERROR: boot-time network config file incorrect" >&2
+    exit $SMF_EXIT_ERR_CONFIG
+fi
+
+unset aggrs
+unset tags
+typeset -A tagv
+typeset -A aggr_links aggr_mode
+typeset -A ip ip6 netmask gateway gateway6 mtu mac
+/usr/lib/sdc/net-boot-config | while IFS="=" read var value; do
+    if [[ "$var" =~ _nic$ ]]; then
+        name=${var%_nic}
+        tags+=("${name}")
+        tagv[$name]="$value"
+    elif [[ "$var" =~ _aggr$ ]]; then
+        name=${var%_aggr}
+        aggrs+=(${name})
+        aggr_links[$name]="${value//,/ }"
+    elif [[ "$var" =~ _lacp_mode$ ]]; then
+        name=${var%_lacp_mode}
+        aggr_mode[$name]="$value"
+    elif [[ "$var" =~ _mtu$ ]]; then
+        (( value < 1500 || value > 9000 )) &&
+            fatal "ERROR: $var MTU value \'$value\' is not in" \
+            "range [1500, 9000]"
+
+        name=${var%_mtu}
+        mtu[$name]="$value"
+    elif [[ "$var" =~ _ip$ ]]; then
+        name=${var%_ip}
+        ip[$name]="$value"
+    elif [[ "$var" =~ _ip6$ ]]; then
+        name=${var%_ip6}
+        ip6[$name]="$value"
+    elif [[ "$var" =~ _netmask$ ]]; then
+        name=${var%_netmask}
+        netmask[$name]="$value"
+    elif [[ "$var" =~ _gateway$ ]]; then
+        name=${var%_gateway}
+        gateway[$name]="$value"
+    elif [[ "$var" =~ _gateway6$ ]]; then
+        name=${var%_gateway6}
+        gateway6[$name]="$value"
+    elif [[ "$var" =~ _mac$ ]]; then
+        name=${var%_mac}
+        mac[$name]="$value"
+    elif [[ "$var" == "dns_resolvers" ]]; then
+        dns_resolvers=(${value//,/ })
+    fi
+
+    eval "CONFIG_$var"="$value"
+done
+
+# This must happen befor any other dladm commands (which includes log_if_state)
+# or else dladm commands can fail
+dladm init-phys
+
+log_if_state before
+
+typeset -A mac_to_link
+out=$(dladm show-phys -mpo link,address)
+(( $? == 0 )) || fatal "dladm show-phys failed"
+while IFS=: read link addr; do
+    mac=$(normalize_mac $addr)
+    mac_to_link["$mac"]="$link"
+done <<< "$out"
+
+ADMIN_NIC_TAG=${CONFIG_admin_tag:-"admin"}
+[[ -n "${tagv[$ADMIN_NIC_TAG]}" ]] || \
+    fatal "ERROR: admin nic tag '$ADMIN_NIC_TAG' not present"
+
+nic="${tagv[$ADMIN_NIC_TAG]}"
+
+if [[ -n "${aggr_links[$nic]}" ]]; then
+    mode=${aggr_mode[$nic]:-"off"}
+
+    for l in ${aggr_links[$nic]}; do
+        [[ -n "${mac_to_link[$l]}" ]] || fatal "MAC '$l' not present"
+        links+="${mac_to_link[$l]} "
+    done
+    links="${links% }"
+
+    echo "Creating aggr: $nic (mode=$mode, links=${links})"
+    dladm create-aggr -l ${links// / -l } -L $mode $nic
+
+    if [[ -n "${mtu[$nic]}" ]]; then
+        dladm set-linkprop -p mtu=${mtu[$nic]} $nic || \
+            fatal "ERROR: Failed to set mtu on aggr $nic to ${mtu[$nic]}"
+    fi
+elif valid_mac "$nic"; then
+    [[ -n "${mac_to_link[$nic]}" ]] || \
+        fatal "ERROR: admin mac address $nic not found on system"
+    nic=${mac_to_link[$nic]}
+else
+    fatal "ERROR: Invalid value of ${ADMIN_NIC_TAG}_nic ($nic)"
+fi
+
+driver=${nic%%[0-9]*}
+get_link_state $nic
+if [[ "$link_state" == "down" ]]; then
+    echo "admin nic '${nic}' is down: unplumbing"
+    /sbin/ifconfig $nic down unplumb
+    wait_for_nic_state $nic "unknown"
+fi
+
+# There's some sort of race condition in the bnx driver: if the plumb
+# command comes too soon after the unplumb, the interface can come up
+# in a state where it never fires interrupts for link state changes.
+if [[ "$driver" == "bnx" ]]; then
+    sleep 5
+fi
+
+/sbin/ifconfig $nic plumb mtu ${mtu[$ADMIN_NIC_TAG]}
+wait_for_nic_state $nic "up"
+
+if [[ -n "${ip[$ADMIN_NIC_TAG]}" ]]; then
+    /sbin/ifconfig $nic inet ${ip[$ADMIN_NIC_TAG]} \
+        netmask ${netmask[$ADMIN_NIC_TAG]:-"+"} up
+    [[ -n "${gateway[$ADMIN_NIC_TAG]}" ]] && \
+        /usr/sbin/route add default ${gateway[$ADMIN_NIC_TAG]}
+fi
+
+if [[ -n "${ip6[$ADMIN_NIC_TAG]}" ]]; then
+    /sbin/ifconfig $nic inet6 plumb mtu ${mtu[$ADMIN_NIC_TAG]}
+    [[ "${ip6[$ADMIN_NIC_TAG]}" != "addrconf" ]] && \
+        /sbin/ifconfig $nic inet6 addif ${ip6[$ADMIN_NIC_TAG]} preferred up
+    [[ -n "${gateway6[$ADMIN_NIC_TAG]}" ]] && \
+        /usr/sbin/route add -inet6 default ${gateway6[$ADMIN_NIC_TAG]}
+fi
+
+# Add just the routes reachable through the admin network -- usually these are
+# only present with rack aware networking (RAN)
+/usr/lib/sdc/net-boot-config --routes | while read dst gw; do
+    if ! ip_in_net $gw ${ip[$ADMIN_NIC_TAG]} ${netmask[$ADMIN_NIC_TAG]}; then
+        continue
+    fi
+    route add "$dst" "$gw"
+done
+
+if [[ -n "${CONFIG_dns_domain}" && -n ${dns_resolvers[0]} ]]; then
+    echo "search ${CONFIG_dns_domain}" > /etc/resolv.conf
+    for serv in ${dns_resolvers[@]}; do
+        echo "nameserver $serv" >> /etc/resolv.conf
+    done
+fi
+
+touch /etc/svc/volatile/.early_admin_setup
+
+log_if_state after
diff --git a/usr/src/cmd/svc/milestone/net-physical b/usr/src/cmd/svc/milestone/net-physical
index 89784dcbbc..90f6f7aff5 100644
--- a/usr/src/cmd/svc/milestone/net-physical
+++ b/usr/src/cmd/svc/milestone/net-physical
@@ -1,4 +1,4 @@
-#!/sbin/sh
+#!/usr/bin/ksh93
 #
 # CDDL HEADER START
 #
@@ -19,527 +19,839 @@
 #
 # CDDL HEADER END
 #
-#
 # Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
 # Copyright 2012 Milan Jurik. All rights reserved.
+# Copyright 2019 Joyent, Inc.
 #
 # Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T.
 # All rights reserved.
 #
 
 . /lib/svc/share/smf_include.sh
-. /lib/svc/share/net_include.sh
+. /lib/sdc/config.sh
+. /lib/sdc/network.sh
+
+set -o errexit
+set -o xtrace
 
 #
 # In a shared-IP zone we need this service to be up, but all of the work
-# it tries to do is irrelevant (and will actually lead to the service 
-# failing if we try to do it), so just bail out. 
+# it tries to do is irrelevant (and will actually lead to the service
+# failing if we try to do it), so just bail out.
 # In the global zone and exclusive-IP zones we proceed.
 #
-smf_configure_ip || exit $SMF_EXIT_OK
-
+smf_configure_ip || exit ${SMF_EXIT_OK}
 
 # Make sure that the libraries essential to this stage of booting can be found.
 LD_LIBRARY_PATH=/lib; export LD_LIBRARY_PATH
 
+# Time (in seconds) to wait for admin NIC to get DHCP address before continuing.
+ADMIN_DHCP_TIMEOUT=300
+ActiveAggrLinks=
+typeset -A ActiveAggrLinks
+
 smf_netstrategy
 
-if smf_is_globalzone; then
-	net_reconfigure || exit $SMF_EXIT_ERR_CONFIG
-
-	# Update PVID on interfaces configured with VLAN 1
-	update_pvid
-
-	# 
-	# Upgrade handling. The upgrade file consists of a series of dladm(1M)
-	# commands. Note that after we are done, we cannot rename the upgrade
-	# script file as the file system is still read-only at this point.
-	# Defer this to the manifest-import service.
-	#
-	upgrade_script=/var/svc/profile/upgrade_datalink
-	if [ -f "${upgrade_script}" ]; then 
-		. "${upgrade_script}"
-	fi
-
-	#
-	# Upgrade handling for ibd:
-	# After we are done with the upgrade handling, we can not set the
-	# ibd/ibd_upgraded property to "true" as the file system is
-	# read-only at this point. It will be done later by ibd-post-upgrade
-	# service.
-	#
-	if [ -x /sbin/ibd_upgrade ]; then
-		ibd_upgraded=`/bin/svcprop -c -p ibd/ibd_upgraded \
-		    $SMF_FMRI 2> /dev/null`
-		if [ "$ibd_upgraded" != "true" ]; then
-			/sbin/ibd_upgrade -v
-		fi
-	fi
-
-	#
-	# Bring up simnets, link aggregations and initialize security objects.
-	# Note that link property initialization is deferred until after
-	# IP interfaces are plumbed to ensure that the links will not
-	# be unloaded (and the property settings lost). We should bring
-	# up simnets prior to VLANs/Aggrs to enable creation of VLANs/Aggrs
-	# over simnets.
-	#
-	/sbin/dladm up-simnet
-	/sbin/dladm up-aggr
-	/sbin/dladm up-vlan
-	/sbin/dladm up-part
-	/sbin/dladm init-secobj
-	#
-	# Bring up VNICs
-	#
-	/sbin/dladm up-vnic
-	#
-	# Create flows via flowadm.
-	#
-	/sbin/flowadm init-flow
-fi
+function add_active_aggr_links
+{
+    set -o xtrace
+    typeset alink
 
-#
-# If the system was net booted by DHCP, hand DHCP management off to the
-# DHCP agent (ifconfig communicates to the DHCP agent through the
-# loopback interface).
-#
-if [ -n "$_INIT_NET_IF" -a "$_INIT_NET_STRATEGY" = "dhcp" ]; then
-	/sbin/dhcpagent -a
-fi
+    for alink in ${2//,/ }; do
+        ActiveAggrLinks[$alink]=$1
+    done
+}
 
-#
-# The network initialization is done early to support diskless and
-# dataless configurations.  For IPv4 interfaces that were configured by
-# the kernel (e.g.  those on diskless machines) and not configured by
-# DHCP, reset the netmask using the local "/etc/netmasks" file if one
-# exists, and then reset the broadcast address based on the netmask.
-#
-/sbin/ifconfig -auD4 netmask + broadcast +
+# Waits for up to 10 seconds for the link state to change to the given value
+function wait_for_admin_nic_state
+{
+    wait_for_nic_state "${SYSINFO_NIC_admin}" "$1"
+}
 
-is_iptun ()
+# Plumbs the admin interface, and attempts to work around poorly-behaved
+# drivers that can't handle plumb commands too quickly after one another
+function plumb_admin
 {
-	intf=$1
-	# Is this a persistent IP tunnel link?
-	/sbin/dladm show-iptun -P $intf > /dev/null 2>&1
-	if [ $? -eq 0 ]; then
-		return 0
-	fi
-	# Is this an implicit IP tunnel (i.e., ip.tun0)
-	ORIGIFS="$IFS"
-	IFS="$IFS."
-	set -- $intf
-	IFS="$ORIGIFS"
-	if [ $# -eq 2 -a \( "$1" = "ip" -o "$1" = "ip6" \) ]; then
-		#
-		# It looks like one, but another type of link might be
-		# using a name that looks like an implicit IP tunnel.
-		# If dladm show-link -P finds it, then it's not an IP
-		# tunnel.
-		#
-		/sbin/dladm show-link -Pp $intf > /dev/null 2>&1
-		if [ $? -eq 0 ]; then
-			return 1
-		else
-			return 0
-		fi
-	fi
-	return 1
+    set -o xtrace
+    driver=${SYSINFO_NIC_admin%%[0-9]*}
+    get_link_state ${SYSINFO_NIC_admin}
+    if [[ "$link_state" == "down" ]]; then
+        echo "admin nic '${SYSINFO_NIC_admin}' is down: unplumbing"
+        /sbin/ifconfig ${SYSINFO_NIC_admin} down unplumb
+        wait_for_admin_nic_state "unknown"
+    fi
+
+    # There's some sort of race condition in the bnx driver: if the plumb
+    # command comes too soon after the unplumb, the interface can come up
+    # in a state where it never fires interrupts for link state changes.
+    if [[ "$driver" == "bnx" ]]; then
+        sleep 5
+    fi
+    /sbin/ifconfig ${SYSINFO_NIC_admin} plumb mtu ${CONFIG_admin_mtu:-1500}
+    wait_for_admin_nic_state "up"
 }
 
-#
-# All the IPv4 and IPv6 interfaces are plumbed before doing any
-# interface configuration.  This prevents errors from plumb failures
-# getting mixed in with the configured interface lists that the script
-# outputs.
-#
+# Creates, plumbs and brings up a vnic with the specified inet parameters
+function vnic_up
+{
+    set -o xtrace
+
+    typeset link="$1"
+    typeset iface="$2"
+    typeset ip="$3"
+    typeset netmask="$4"
+    typeset vlan_id="$5"
+    typeset mac_addr="$6"
+    typeset dhcp_primary="$7"
+    typeset mtu="$8"
+    typeset details=
+    typeset vlan_opt=
+    typeset mac_addr_opt=
+    typeset prop_opt=
+
+    details="link='${link}', iface='${iface}', ip='${ip}'"
+    details="${details}, netmask='${netmask}, vlan_id='${vlan_id}'"
+
+    if [[ -z ${link} ]] || [[ -z ${iface} ]] || \
+       [[ -z ${ip} ]] || ([[ ${ip} != "dhcp" ]] && [[ -z ${netmask} ]]); then
+        echo "WARNING: not bringing up nic (insufficient configuration): " \
+             "$details"
+        return
+    fi
+
+    eval "vnic_already_up=\${vnic_${iface}_up}"
+    if [[ -n "${vnic_already_up}" ]]; then
+        echo "vnic already up: $details"
+        return
+    fi
+
+    if [[ -n ${mac_addr} ]] && [[ -n ${ActiveAggrLinks[${mac_addr}]} ]]; then
+        echo "WARNING: trying to assign MAC address \"${mac_addr}\" to vnic," \
+            " but it already belongs to link aggr " \
+            "\"${ActiveAggrLinks[${mac_addr}]}\""
+        return
+    fi
+
+    echo "Bringing up nic: $details"
+
+    if [[ -n ${vlan_id} ]] && [[ ${vlan_id} != 0 ]]; then
+        vlan_opt="-v ${vlan_id}"
+    fi
+
+    if [[ -n ${mac_addr} ]]; then
+        mac_addr_opt="-m ${mac_addr}"
+    fi
+
+    if [[ -n ${mtu} ]]; then
+        valid_mtu ${iface} ${mtu}
+        prop_opt="-p mtu=${mtu}"
+    fi
+
+    /usr/sbin/dladm create-vnic -t -l ${link} ${prop_opt} ${vlan_opt} \
+        ${mac_addr_opt} ${iface}
+    if [[ $? -ne 0 ]]; then
+        echo "Failed to create VNIC ${iface}"
+        exit $SMF_EXIT_ERR_FATAL
+    fi
+
+    /sbin/ifconfig ${iface} plumb
+    if [[ $? -ne 0 ]]; then
+        echo "Failed to plumb ${iface}"
+        exit $SMF_EXIT_ERR_FATAL
+    fi
+
+    if [[ ${ip} == "dhcp" ]]; then
+        # We ignore errors here because the most common one is that DHCP
+        # is already running.
+
+        if [[ -n ${dhcp_primary} ]]; then
+            /sbin/ifconfig ${iface} dhcp primary || /bin/true
+        else
+            /sbin/ifconfig ${iface} dhcp || /bin/true
+        fi
+    else
+        /sbin/ifconfig ${iface} inet ${ip} netmask ${netmask} up
+    fi
+    eval "vnic_${iface}_up=true"
+}
 
-#
-# First deal with /etc/hostname
-#
-# Get the list of IPv4 interfaces to configure by breaking
-# /etc/hostname.* into separate args by using "." as a shell separator
-# character.
-#
-interface_names="`echo /etc/hostname.*[0-9] 2>/dev/null`"
-if [ "$interface_names" != "/etc/hostname.*[0-9]" ]; then
-	ORIGIFS="$IFS"
-	IFS="$IFS."
-	set -- $interface_names
-	IFS="$ORIGIFS"
-	while [ $# -ge 2 ]; do
-		shift
-		intf_name=$1
-		while [ $# -gt 1 -a "$2" != "/etc/hostname" ]; do
-			intf_name="$intf_name.$2"
-			shift
-		done
-		shift
-
-		# skip IP tunnel interfaces plumbed by net-iptun.
-		if is_iptun $intf_name; then
-			continue
-		fi
-
-	        read one rest < /etc/hostname.$intf_name
-		if [ "$one" = ipmp ]; then
-			ipmp_list="$ipmp_list $intf_name"
-		else
-			inet_list="$inet_list $intf_name"
-		fi
-	done
-fi
+# Creates, plumbs and brings up a vnic with the specified inet6 parameters
+function vnic_up6
+{
+    set -o xtrace
+
+    typeset link="$1"
+    typeset iface="$2"
+    typeset ip="$3"
+    typeset vlan_id="$4"
+    typeset mac_addr="$5"
+    typeset mtu="$6"
+    typeset details=
+    typeset vlan_opt=
+    typeset mac_addr_opt=
+    typeset prop_opt=
+
+    details="link='${link}', iface='${iface}', ip6='${ip}'"
+    details="${details}, vlan_id='${vlan_id}'"
+
+    if [[ -z ${link} ]] || [[ -z ${iface} ]] || [[ -z ${ip} ]]; then
+        echo "WARNING: not bringing up nic (insufficient configuration): " \
+             "$details"
+        return
+    fi
+
+    if [[ -n ${mac_addr} ]] && [[ -n ${ActiveAggrLinks[${mac_addr}]} ]]; then
+        echo "WARNING: trying to assign MAC address \"${mac_addr}\" to vnic," \
+            " but it already belongs to link aggr " \
+            "\"${ActiveAggrLinks[${mac_addr}]}\""
+        return
+    fi
+
+    # only bring up nic if not already up
+    eval "vnic_already_up=\${vnic_${iface}_up}"
+    if [[ -z "${vnic_already_up}" ]]; then
+        echo "Bringing up nic: $details"
+
+        if [[ -n ${vlan_id} ]] && [[ ${vlan_id} != 0 ]]; then
+            vlan_opt="-v ${vlan_id}"
+        fi
+
+        if [[ -n ${mac_addr} ]]; then
+            mac_addr_opt="-m ${mac_addr}"
+        fi
+
+        if [[ -n ${mtu} ]]; then
+            valid_mtu ${iface} ${mtu}
+            prop_opt="-p mtu=${mtu}"
+        fi
+
+        /usr/sbin/dladm create-vnic -t -l ${link} ${prop_opt} ${vlan_opt} \
+            ${mac_addr_opt} ${iface}
+        if [[ $? -ne 0 ]]; then
+            echo "Failed to create VNIC ${iface}"
+            exit $SMF_EXIT_ERR_FATAL
+        fi
+    fi
+
+    /sbin/ifconfig ${iface} inet6 plumb
+    if [[ $? -ne 0 ]]; then
+        echo "Failed to plumb ${iface}"
+        exit $SMF_EXIT_ERR_FATAL
+    fi
+
+    if [[ -n ${ip} ]]; then
+        /sbin/ifconfig ${iface} inet6 up
+    fi
+    if [[ ${ip} != "addrconf" ]]; then
+        /sbin/ifconfig ${iface} inet6 \
+            addif ${ip} preferred up
+    fi
+    eval "vnic_${iface}_up=true"
+}
 
-#
-# Get the list of IPv6 interfaces to configure by breaking
-# /etc/hostname6.* into separate args by using "." as a shell separator
-# character.
-#
-interface_names="`echo /etc/hostname6.*[0-9] 2>/dev/null`"
-if [ "$interface_names" != "/etc/hostname6.*[0-9]" ]; then
-	ORIGIFS="$IFS"
-	IFS="$IFS."
-	set -- $interface_names
-	IFS="$ORIGIFS"
-	while [ $# -ge 2 ]; do
-		shift
-		intf_name=$1
-		while [ $# -gt 1 -a "$2" != "/etc/hostname6" ]; do
-			intf_name="$intf_name.$2"
-			shift
-		done
-		shift
-
-		# skip IP tunnel interfaces plumbed by net-iptun.
-		if is_iptun $intf_name; then
-			continue
-		fi
-
-	        read one rest < /etc/hostname6.$intf_name
-		if [ "$one" = ipmp ]; then
-			ipmp6_list="$ipmp6_list $intf_name"
-		else
-			inet6_list="$inet6_list $intf_name"
-		fi
-	done
-fi
+# If there are aggregations in sysinfo, set them up.
+function create_aggrs
+{
+    set -o xtrace
+    typeset links macs mode mtu
+    if [[ -z "${SYSINFO_Aggregations}" ]]; then
+        return 0
+    fi
+
+    aggrs=(${SYSINFO_Aggregations//,/ })
+    for aggr in "${aggrs[@]}"; do
+        eval "links=\${SYSINFO_Aggregation_${aggr}_Interfaces}"
+        eval "macs=\${SYSINFO_Aggregation_${aggr}_MACs}"
+        eval "mode=\${SYSINFO_Aggregation_${aggr}_LACP_mode}"
+        eval "mtu=\${CONFIG_${aggr}_mtu}"
+        [[ -z "$mode" ]] && mode="off"
+
+        echo "Creating aggr: ${aggr} (mode=${mode}, links=${links})"
+        dladm create-aggr -l ${links//,/ -l } -L ${mode} ${aggr}
+        if [[ $? -eq 0 ]]; then
+            add_active_aggr_links ${aggr} ${macs}
+        fi
+
+        if [[ -n "$mtu" ]]; then
+            dladm set-linkprop -p mtu=${mtu} ${aggr}
+            if [[ $? -ne 0 ]]; then
+                echo "Failed to set mtu on aggr ${aggr} to ${mtu}"
+                exit $SMF_EXIT_ERR_FATAL
+            fi
+        fi
+    done
+
+    # Creating the aggregations may affect the nic tags in sysinfo, so update:
+    /usr/bin/sysinfo -u
+    load_sdc_sysinfo
+}
 
 #
-# Create all of the IPv4 IPMP interfaces.
+# Try various config parameters to set the default route
 #
-if [ -n "$ipmp_list" ]; then
-	set -- $ipmp_list
-	while [ $# -gt 0 ]; do
-	    	if /sbin/ifconfig $1 ipmp; then
-			ipmp_created="$ipmp_created $1"
-		else
-			ipmp_failed="$ipmp_failed $1"
-		fi	
-		shift
-	done
-	[ -n "$ipmp_failed" ] && warn_failed_ifs "create IPv4 IPMP" \
-	    "$ipmp_failed"
-fi
+function set_default_route
+{
+    set -o xtrace
+    typeset default_gw
 
-#
-# Step through the IPv4 interface list and try to plumb every interface.
-# Generate list of plumbed and failed IPv4 interfaces.
-#
-if [ -n "$inet_list" ]; then
-	set -- $inet_list
-	while [ $# -gt 0 ]; do
-		/sbin/ifconfig $1 plumb
-		if /sbin/ifconfig $1 inet >/dev/null 2>&1; then
-			inet_plumbed="$inet_plumbed $1"
-		else
-			inet_failed="$inet_failed $1"
-		fi
-		shift
-	done
-	[ -n "$inet_failed" ] && warn_failed_ifs "plumb IPv4" "$inet_failed"
-fi
+    if [[ -n "${CONFIG_headnode_default_gateway}" ]]; then
+        default_gw="${CONFIG_headnode_default_gateway}"
 
-# Run autoconf to connect to a WLAN if the interface is a wireless one
-if [ -x /sbin/wificonfig -a -n "$inet_plumbed" ]; then
-	set -- $inet_plumbed
-	while [ $# -gt 0 ]; do
-			if [ -r /dev/wifi/$1 ]; then
-				/sbin/wificonfig -i $1 startconf >/dev/null
-			fi
-		shift
-	done
-fi
+    elif [[ -n ${CONFIG_admin_gateway} ]]; then
+        default_gw="${CONFIG_admin_gateway}"
 
-#
-# Step through the IPv6 interface list and plumb every interface.
-# Generate list of plumbed and failed IPv6 interfaces.  Each plumbed
-# interface will be brought up later, after processing any contents of
-# the /etc/hostname6.* file.
-#
-if [ -n "$inet6_list" ]; then
-	set -- $inet6_list
-	while [ $# -gt 0 ]; do
-		/sbin/ifconfig $1 inet6 plumb
-		if /sbin/ifconfig $1 inet6 >/dev/null 2>&1; then
-			inet6_plumbed="$inet6_plumbed $1"
-		else
-			inet6_failed="$inet6_failed $1"
-		fi
-		shift
-	done
-	[ -n "$inet6_failed" ] && warn_failed_ifs "plumb IPv6" "$inet6_failed"
-fi
+    elif [[ -n ${BOOT_admin_gateway} ]]; then
+        default_gw=${BOOT_admin_gateway}
 
-#
-# Create all of the IPv6 IPMP interfaces.
-#
-if [ -n "$ipmp6_list" ]; then
-	set -- $ipmp6_list
-	while [ $# -gt 0 ]; do
-	    	if /sbin/ifconfig $1 inet6 ipmp; then
-			ipmp6_created="$ipmp6_created $1"
-		else
-			ipmp6_failed="$ipmp6_failed $1"
- 		fi
-		shift
-	done
-	[ -n "$ipmp6_failed" ] && warn_failed_ifs "create IPv6 IPMP" \
-	    "$ipmp6_failed"
-fi
+    elif [[ -n ${CONFIG_external_gateway} ]]; then
+        default_gw=${CONFIG_external_gateway}
+    fi
 
-#
-# Finally configure interfaces set up with ipadm. Any /etc/hostname*.intf
-# files take precedence over ipadm defined configurations except when
-# we are in a non-global zone and Layer-3 protection of IP addresses is
-# enforced on the interface by the global zone.
-#
-for showif_output in `/sbin/ipadm show-if -p -o ifname,state,current`; do
-	intf=`echo $showif_output | /usr/bin/cut -f1 -d:`
-	state=`echo $showif_output | /usr/bin/cut -f2 -d:`
-	current=`echo $showif_output | /usr/bin/cut -f3 -d:`
-	if  [[ "$state" != "disabled" && $current != *Z* ]]; then
-		#
-		# skip if not a persistent interface, or if it should get IP
-		# configuration from the global zone ('Z' flag is set)
-		#
-		continue;
-	elif is_iptun $intf; then
-		# skip IP tunnel interfaces plumbed by net-iptun
-		continue;
-	elif [ -f /etc/hostname.$intf ] || [ -f /etc/hostname6.$intf ]; then
-		if [[ $current != *Z* ]]; then
-			echo "found /etc/hostname.$intf "\
-			    "or /etc/hostname6.$intf, "\
-			    "ignoring ipadm configuration" > /dev/msglog
-			continue;
-		else
-			echo "Ignoring /etc/hostname*.$intf" > /dev/msglog 
-			/sbin/ifconfig $intf unplumb > /dev/null 2>&1
-			/sbin/ifconfig $intf inet6 unplumb > /dev/null 2>&1
-		fi
-	fi
-
-	# Enable the interface managed by ipadm
-	/sbin/ipadm enable-if -t $intf
-done
+    if [[ -n ${default_gw} ]]; then
+        echo "${default_gw}" > /etc/defaultrouter
+    fi
 
-#
-# Process the /etc/hostname[6].* files for IPMP interfaces.  Processing these
-# before non-IPMP interfaces avoids accidental implicit IPMP group creation.
-#
-[ -n "$ipmp_created" ] && if_configure inet "IPMP" $ipmp_created
-[ -n "$ipmp6_created" ] && if_configure inet6 "IPMP" $ipmp6_created
+    if [[ -n ${CONFIG_admin_gateway6} ]]; then
+        default_gw6="${CONFIG_admin_gateway6}"
 
-#
-# Process the /etc/hostname[6].* files for non-IPMP interfaces.
-#
-[ -n "$inet_plumbed" ] && if_configure inet "" $inet_plumbed
-[ -n "$inet6_plumbed" ] && if_configure inet6 "" $inet6_plumbed
+    elif [[ -n ${BOOT_admin_gateway6} ]]; then
+        default_gw6=${BOOT_admin_gateway6}
+
+    elif [[ -n ${CONFIG_external_gateway6} ]]; then
+        default_gw6=${CONFIG_external_gateway6}
+    fi
+
+    if [[ -n ${default_gw6} ]]; then
+        # add static route
+        /usr/sbin/route add -inet6 default ${default_gw6}
+    fi
+}
 
 #
-# For the IPv4 and IPv6 interfaces that failed to plumb, find (or create)
-# IPMP meta-interfaces to host their data addresses.
+# Go through and set up the MTU for all of the various nic tags
 #
-[ -n "$inet_failed" ] && move_addresses inet
-[ -n "$inet6_failed" ] && move_addresses inet6
-
-# Run DHCP if requested. Skip boot-configured interface.
-interface_names="`echo /etc/dhcp.*[0-9] 2>/dev/null`"
-if [ "$interface_names" != '/etc/dhcp.*[0-9]' ]; then
-	#
-	# First find the primary interface. Default to the first
-	# interface if not specified. First primary interface found
-	# "wins". Use care not to "reconfigure" a net-booted interface
-	# configured using DHCP. Run through the list of interfaces
-	# again, this time trying DHCP.
-	#
-	i4d_fail=
-	firstif=
-	primary=
-	ORIGIFS="$IFS"
-	IFS="${IFS}."
-	set -- $interface_names
-
-	while [ $# -ge 2 ]; do
-		shift
-		[ -z "$firstif" ] && firstif=$1
-
-		for i in `shcat /etc/dhcp\.$1`; do
-			if [ "$i" = primary ]; then
-				primary=$1
-				break
-			fi
-		done
-
-		[ -n "$primary" ] && break
-		shift
-	done
-
-	[ -z "$primary" ] && primary="$firstif"
-	cmdline=`shcat /etc/dhcp\.${primary}`
-
-	if [ "$_INIT_NET_IF" != "$primary" ]; then
-		echo "starting DHCP on primary interface $primary"
-		/sbin/ifconfig $primary auto-dhcp primary $cmdline
-		# Exit code 4 means ifconfig timed out waiting for dhcpagent
-		[ $? != 0 ] && [ $? != 4 ] && i4d_fail="$i4d_fail $primary"
-	fi
-
-	set -- $interface_names
-
-	while [ $# -ge 2 ]; do
-		shift
-		cmdline=`shcat /etc/dhcp\.$1`
-		if [ "$1" != "$primary" -a \
-			"$1" != "$_INIT_NET_IF"  ]; then
-			echo "starting DHCP on interface $1"
-			/sbin/ifconfig $1 dhcp start wait 0 $cmdline
-			# Exit code can't be timeout when wait is 0
-			[ $? != 0 ] && i4d_fail="$i4d_fail $1"
-		fi
-		shift
-	done
-	IFS="$ORIGIFS"
-	unset ORIGIFS
-	[ -n "$i4d_fail" ] && warn_failed_ifs "configure IPv4 DHCP" "$i4d_fail"
-fi
+function setup_mtu
+{
+    set -o xtrace
+    typeset tag oldifs val mac link curmtu
+    typeset -A mtus
+    typeset -A tagmap
+
+    set -o xtrace
+    oldifs=$IFS
+    IFS=,
+    for tag in ${SYSINFO_Nic_Tags}; do
+        eval "val=\${CONFIG_${tag}_mtu}"
+        eval "mac=\${CONFIG_${tag}_nic}"
+        [[ -z "$val" ]] && continue
+
+        valid_mtu ${tag} $val
+
+        #
+        # Note, it doesn't matter what tag we use for a given mac
+        # address, because we'll always get the same link name later on.
+        #
+        if [[ -z "${tagmap[$mac]}" ]]; then
+            tagmap[$mac]=$tag
+        fi
+
+        if [[ -z "${mtus[$mac]}" ]]; then
+            mtus[$mac]=$val
+        elif [[ "${mtus[$mac]}" -lt $val ]]; then
+            mtus[$mac]=$val
+        fi
+    done
+    IFS=$oldifs
+
+    for mac in ${!mtus[@]}; do
+        tag=${tagmap[$mac]}
+        eval "link=\${SYSINFO_NIC_${tag}}"
+        if [[ -z "${link}" ]]; then
+            echo "/usbkey/config error: Missing link name for ${tag}"
+            exit $SMF_EXIT_ERR_FATAL
+        fi
+
+        #
+        # Check the current MTU of the device. To help out devices which
+        # don't support the setting of the MTU (here's looking at you
+        # bnx), if the MTU is identical to its default, don't do
+        # anything and save the poor folks stuck with bnx some grief.
+        #
+        curmtu=$(/usr/sbin/dladm show-linkprop -c -o value -p mtu ${link})
+        [[ $? -eq 0 ]] && [[ "$curmtu" -eq "${mtus[$mac]}" ]] && continue
+
+            if ! /usr/sbin/dladm set-linkprop -p mtu=${mtus[$mac]} ${link}; then
+                echo "Failed to set mtu to ${mtus[$mac]} for link ${link}"
+                exit $SMF_EXIT_ERR_FATAL
+            fi
+    done
+}
 
-# In order to avoid bringing up the interfaces that have
-# intentionally been left down, perform RARP only if the system
-# has no configured hostname in /etc/nodename
-hostname="`shcat /etc/nodename 2>/dev/null`"
-if [ "$_INIT_NET_STRATEGY" = "rarp" -o -z "$hostname" ]; then
-	/sbin/ifconfig -adD4 auto-revarp netmask + broadcast + up
+
+# Helper function for plumbing an interface for an address family once
+typeset -A plumbedifs
+function plumbif
+{
+    iface=$1
+    inet=$2
+    addrtype=$3
+    if [[ -z ${plumbedifs[${iface},${inet}]} ]]; then
+        plumbedifs[${iface},${inet}]="true"
+        /sbin/ifconfig ${iface} ${inet} plumb
+        if [[ ! ${addrtype} =~ "^vrrp" ]]; then
+            /sbin/ifconfig ${iface} ${inet} up
+        fi
+    fi
+}
+
+if smf_is_globalzone; then
+    EARLY_ADMIN=
+    [[ -f /etc/svc/volatile/.early_admin_setup ]] && EARLY_ADMIN=1
+    [[ -n "$EARLY_ADMIN" ]] || /usr/sbin/dladm init-phys
+
+    # The next command is for logging purposes only
+    log_if_state before
+
+    # Load sysinfo variables with SYSINFO_ prefix: we primarily care about
+    # the NIC_variables, which contain the actual interface name for a nic
+    # tag (it has mapped the foo_nic=<MAC address> variables to interface
+    # names for us).
+    load_sdc_sysinfo
+
+    if boot_file_config_enabled; then
+        # We have a boot-time networking file present - use its values rather
+        # than ones from the config file or bootparams
+        if ! boot_file_config_valid; then
+            echo "ERROR: boot-time network config file incorrect"
+            exit ${SMF_EXIT_ERR_CONFIG}
+        fi
+
+        load_boot_file_config
+
+        # NOTE: some of the routes boot_file_config_init tries to add may
+        # fail if they are admin network routes added by the
+        # network/early-admin service.  This is expected and not a problem.
+        boot_file_config_init
+    else
+        # Load config variables with CONFIG_ prefix,
+        # and sets the headnode variable
+        load_sdc_config
+        # Load boot params with BOOT_ prefix
+        load_sdc_bootparams
+    fi
+
+    # Set up etherstubs
+    for stub in $(echo "${CONFIG_etherstub}" | sed -e "s/,/ /g"); do
+        /usr/sbin/dladm create-etherstub -t $stub || echo "ERROR: could not create etherstub ${stub}."
+    done
+
+    # Create aggregations
+    create_aggrs
+
+    # Make any mtu adjustments that may be necessary
+    setup_mtu
+
+    # Setup admin NIC
+    ADMIN_NIC_TAG=${CONFIG_admin_tag:-"admin"}
+
+    # If there is no NIC with the admin tag, and the config has
+    # admin_nic_autoselect=true, designate the first NIC reported
+    # by dladm for admin use. This is useful in environments where
+    # the NICs are known to change beneath us.
+    if [[ "${BOOT_smartos}" == "true" ]] && \
+        [[ "${CONFIG_admin_nic_autoselect}" == "true" ]] && \
+        ! nictagadm exists $ADMIN_NIC_TAG ; then
+        autoselected_admin_nic=$(dladm show-phys -m -p -o address | head -n1)
+        if [[ -z ${autoselected_admin_nic} ]] ; then
+            echo "ERROR: no NICs found, unable to autoselect admin NIC."
+            exit ${SMF_EXIT_ERR_CONFIG}
+        fi
+
+        nictagadm add $ADMIN_NIC_TAG "${autoselected_admin_nic}"
+        if [[ $? -ne 0 ]] ; then
+            echo "ERROR: unable to add admin tag to NIC ${autoselected_admin_nic}"
+            exit ${SMF_EXIT_ERR_FATAL}
+        fi
+
+        SYSINFO_NIC_admin=$(dladm show-phys -m -p -o link | head -n1)
+        if [[ -n ${SYSINFO_NIC_admin} ]] ; then
+            echo "Autoselected ${SYSINFO_NIC_admin} for use as admin NIC."
+        fi
+
+        nictagadm list
+    elif [[ -v CONFIG_admin_tag ]]; then
+        #
+        # This handles the case when the 'admin_tag' property is set to
+        # override the default admin nic tag.
+        #
+        eval SYSINFO_NIC_admin='$'SYSINFO_NIC_${CONFIG_admin_tag}
+
+        eval CONFIG_admin_ip='$'CONFIG_${CONFIG_admin_tag}_ip
+        eval CONFIG_admin_ip6='$'CONFIG_${CONFIG_admin_tag}_ip6
+        eval CONFIG_admin_netmask='$'CONFIG_${CONFIG_admin_tag}_netmask
+        eval CONFIG_admin_mtu='$'CONFIG_${CONFIG_admin_tag}_mtu
+        eval CONFIG_admin_gateway='$'CONFIG_${CONFIG_admin_tag}_gateway
+        eval CONFIG_admin_gateway6='$'CONFIG_${CONFIG_admin_tag}_gateway6
+    fi
+
+    if [[ -z "${SYSINFO_NIC_admin}" ]]; then
+        echo "ERROR: admin NIC not found, unable to bring up admin network."
+        exit ${SMF_EXIT_ERR_CONFIG}
+    fi
+
+    [[ -n "$EARLY_ADMIN" ]] || plumb_admin
+
+    # If we performed early configuration of the admin network and
+    # the admin interface is on a link aggregation, the aggregation
+    # has already been configured.  Add it to the list of active aggrs
+    # so the checks in vnic_up[6] are aware of it.
+    if [[ -n "$EARLY_ADMIN" && "${SYSINFO_NIC_admin}" =~ aggr[0-9]+$ ]]; then
+        eval "macs=\${SYSINFO_Aggregation_${SYSINFO_NIC_admin}_MACs}"
+
+        add_active_aggr_links ${SYSINFO_NIC_admin} $macs
+    fi
+
+    # Prefer the config file for admin nic values, but use
+    # bootparams if present
+    admin_ip=${CONFIG_admin_ip}
+    if [[ -z "$admin_ip" ]]; then
+        admin_ip=${BOOT_admin_ip}
+    fi
+
+    admin_netmask=${CONFIG_admin_netmask}
+    if [[ -z "$admin_netmask" ]]; then
+        admin_netmask=${BOOT_admin_netmask}
+    fi
+
+    admin_ip6=${CONFIG_admin_ip6}
+    if [[ -z "$admin_ip6" ]]; then
+        admin_ip6=${BOOT_admin_ip6}
+    fi
+
+    if [[ $admin_ip == 'none' ]]; then
+        echo 'INFO: not configuring IP on admin interface (admin_ip=none)'
+    elif [[ -n "$EARLY_ADMIN" ]]; then
+        echo 'INFO: admin interface already configured (early setup)'
+        ADMIN_NIC_UP=true
+    elif [[ -n $admin_ip ]] && [[ -n $admin_netmask ]]; then
+        /sbin/ifconfig ${SYSINFO_NIC_admin} inet ${admin_ip} \
+            netmask ${admin_netmask} up
+        ADMIN_NIC_UP=true
+
+        # also setup resolv.conf if we can
+        if [[ -n ${CONFIG_dns_domain} ]] && [[ -n ${CONFIG_dns_resolvers} ]]; then
+            echo "search ${CONFIG_dns_domain}" > /etc/resolv.conf
+            if [[ -n ${CONFIG_binder_admin_ips} ]]; then
+               for serv in $(echo "${CONFIG_binder_admin_ips}" | sed -e "s/,/ /g"); do
+                   echo "nameserver ${serv}" >> /etc/resolv.conf
+               done
+            fi
+            for serv in $(echo "${CONFIG_dns_resolvers}" | sed -e "s/,/ /g"); do
+                echo "nameserver ${serv}" >> /etc/resolv.conf
+            done
+        fi
+    else
+        if [[ ${headnode} == "true" ]]; then
+            echo "ERROR: headnode but no admin_{ip,netmask} in config, not bringing up admin network."
+            # Set a flag, but try to plumb the other interfaces anyway
+            ADMIN_NIC_MISCONFIGURED=true
+        else
+            # We ignore errors here because the most common one is that DHCP is
+            # already running.
+            /sbin/ifconfig ${SYSINFO_NIC_admin} dhcp || /bin/true
+
+            # Wait for DHCP
+            timeout=${ADMIN_DHCP_TIMEOUT}
+            dhcp_admin_ip=$(/sbin/ifconfig ${SYSINFO_NIC_admin} | grep inet | awk '{ print $2 }')
+            while [[ (-z ${dhcp_admin_ip} || ${dhcp_admin_ip} == "0.0.0.0") && ${timeout} -gt 0 ]]; do
+                dhcp_admin_ip=$(/sbin/ifconfig ${SYSINFO_NIC_admin} | grep inet | awk '{ print $2 }')
+                timeout=$((${timeout} - 1))
+                sleep 1
+            done
+
+            ADMIN_NIC_UP=true
+        fi
+    fi
+
+    if [[ -n ${admin_ip6} && -z "$EARLY_ADMIN" ]]; then
+        # Plumb interface for inet6
+        ifconfig ${SYSINFO_NIC_admin} inet6 \
+            plumb mtu ${CONFIG_admin_mtu:-1500} up
+
+        # Autodiscovery IPv6 using SLAAC
+        # NOTE: in.ndpd will be started later, due to plumbing the interface.
+        #       this means autodiscovery also happens when configuring a
+        #       static address.
+        #
+        #       in.ndpd also sets a default route and this can't be disabled.
+
+        # Configure static IPv6
+        if [[ ${admin_ip6} != "addrconf" ]]; then
+            /sbin/ifconfig ${SYSINFO_NIC_admin} inet6 \
+                addif ${admin_ip6} preferred up
+        fi
+
+        ADMIN_NIC_UP=true
+
+        # don't setup resolv.conf, IPv6 addresses already work
+    fi
+
+    # If on Parallels or VirtualBox, create a bridge which
+    # allows traffic to flow correctly to the host-only network
+    if [[ "${ADMIN_NIC_UP}" == "true" ]] \
+        && [[ ${SYSINFO_Product} == "Parallels Virtual Platform" \
+              || ${SYSINFO_Product} == "VirtualBox" ]] \
+        && [[ -z $(/usr/sbin/dladm show-bridge -p vmwarebr) ]]; then
+        /usr/sbin/dladm create-bridge -l ${SYSINFO_NIC_admin} vmwarebr
+    fi
+
+    # Setup the external NIC. The installer may have already set up external0,
+    # so, if it exists, we're not going to try and set up the vnic again.
+    if [[ -n ${SYSINFO_NIC_external} ]] \
+        && ! dladm show-vnic external0 > /dev/null; then
+
+        if [[ -n "${CONFIG_external_ip}" ]]; then
+            vnic_up "${SYSINFO_NIC_external}" "external0" \
+                "${CONFIG_external_ip}" "${CONFIG_external_netmask}" \
+                "${CONFIG_external_vlan_id}" "${CONFIG_external_mac}" \
+                "primary" "${CONFIG_external_mtu}"
+        fi
+
+        if [[ -n "${CONFIG_external_ip6}" ]]; then
+            vnic_up6 "${SYSINFO_NIC_external}" "external0" \
+                "${CONFIG_external_ip6}" \
+                "${CONFIG_external_vlan_id}" "${CONFIG_external_mac}" \
+                "${CONFIG_external_mtu}"
+        fi
+    fi
+
+    set_default_route
+
+    # Setup extra nics, if specified in the config file
+    nic_tags="${SYSINFO_Nic_Tags}"
+    if [[ -n "${nic_tags}" ]]; then
+        tags=(${nic_tags//,/ })
+
+        if boot_file_config_enabled; then
+            bootparam_ip_keys=""
+            bootparam_ip6_keys=""
+            config_ip_keys=${CONFIG_bootfile_ip_keys//,/ }
+            config_ip6_keys=${CONFIG_bootfile_ip6_keys//,/ }
+        else
+            bootparam_ip_keys=$(sdc_bootparams_keys | grep -- "-ip$" || true)
+            bootparam_ip6_keys=$(sdc_bootparams_keys | grep -- "-ip6$" || true)
+            config_ip_keys=$(sdc_config_keys | grep "_ip$" || true)
+            config_ip6_keys=$(sdc_config_keys | grep "_ip6$" || true)
+        fi
+
+        for tag in "${tags[@]}"; do
+
+            eval "link=\${SYSINFO_NIC_${tag}}"
+            if [[ -z "${link}" ]]; then
+                echo "WARNING: No link found with tag '${tag}'"
+                continue
+            fi
+
+            for key in ${config_ip_keys}; do
+                if [[ ${key} == ${tag}[0-9]_ip ]] || [[ ${key} == ${tag}[0-9][0-9]_ip ]]; then
+                    iface=${key//_ip/}
+                    #echo "   iface=$iface"
+                    eval "ip=\${CONFIG_${iface}_ip}"
+                    eval "netmask=\${CONFIG_${iface}_netmask}"
+                    eval "vlan=\${CONFIG_${iface}_vlan_id}"
+                    eval "macaddr=\${CONFIG_${iface}_mac}"
+                    eval "mtu=\${CONFIG_${iface}_mtu}"
+
+                    echo vnic_up "${link}" "${iface}" "${ip}" "${netmask}" "${vlan}" "${macaddr}" "${mtu}"
+                    vnic_up "${link}" "${iface}" "${ip}" "${netmask}" \
+                        "${vlan}" "${macaddr}" "" "${mtu}"
+                fi
+            done
+
+            for key in ${bootparam_ip_keys}; do
+                if [[ ${key} == ${tag}[0-9]-ip ]] || [[ ${key} == ${tag}[0-9][0-9]-ip ]]; then
+                    iface=${key//-ip/}
+                    eval "ip=\${BOOT_${iface}_ip}"
+                    eval "netmask=\${BOOT_${iface}_netmask}"
+                    eval "vlan=\${BOOT_${iface}_vlan_id}"
+                    eval "macaddr=\${BOOT_${iface}_mac}"
+                    eval "mtu=\${CONFIG_${iface}_mtu}"
+                    echo vnic_up "${link}" "${iface}" "${ip}" "${netmask}" "${vlan}" "${macaddr}" "${mtu}"
+                    vnic_up "${link}" "${iface}" "${ip}" "${netmask}" \
+                        "${vlan}" "${macaddr}" "" "${mtu}"
+                fi
+            done
+
+            for key in ${config_ip6_keys}; do
+                if [[ ${key} == ${tag}[0-9]_ip6 ]] || [[ ${key} == ${tag}[0-9][0-9]_ip6 ]]; then
+                    iface=${key//_ip6/}
+                    #echo "   iface=$iface"
+                    eval "ip=\${CONFIG_${iface}_ip6}"
+                    eval "vlan=\${CONFIG_${iface}_vlan_id}"
+                    eval "macaddr=\${CONFIG_${iface}_mac}"
+                    eval "mtu=\${CONFIG_${iface}_mtu}"
+
+                    echo vnic_up6 "${link}" "${iface}" "${ip}" "${vlan}" "${macaddr}" "${mtu}"
+                    vnic_up6 "${link}" "${iface}" "${ip}" \
+                        "${vlan}" "${macaddr}" "${mtu}"
+                fi
+            done
+
+            for key in ${bootparam_ip6_keys}; do
+                if [[ ${key} == ${tag}[0-9]-ip6 ]] || [[ ${key} == ${tag}[0-9][0-9]-ip6 ]]; then
+                    iface=${key//-ip6/}
+                    eval "ip=\${BOOT_${iface}_ip6}"
+                    eval "vlan=\${BOOT_${iface}_vlan_id}"
+                    eval "macaddr=\${BOOT_${iface}_mac}"
+                    eval "mtu=\${CONFIG_${iface}_mtu}"
+                    echo vnic_up6 "${link}" "${iface}" "${ip}" "${vlan}" "${macaddr}" "${mtu}"
+                    vnic_up6 "${link}" "${iface}" "${ip}" \
+                        "${vlan}" "${macaddr}" "${mtu}"
+                fi
+            done
+
+        done
+    fi
+else
+    # Non-global zones
+
+    # Bring up statically assigned interfaces, and find the primary DHCP
+    # interface, if it exists
+    while IFS=: read -r iface addrtype; do
+        # Keep track of whether or not we've configured our first IPv4
+        # address on this interface
+        first_ipv4_configured=""
+        iface_configured=""
+
+        if [[ -f /etc/dhcp.${iface} ]]; then
+            plumbif ${iface} inet ${addrtype}
+            if [[ -z "${primary}" ]]; then
+                /sbin/ifconfig ${iface} auto-dhcp primary
+                primary=${iface}
+            else
+                /sbin/ifconfig ${iface} auto-dhcp
+            fi
+            first_ipv4_configured="true"
+            iface_configured="true"
+        fi
+
+        if [[ -f /etc/hostname.${iface} ]]; then
+            while read ifparams; do
+                # For IPv4, we need to set the address on the first logical
+                # interface. For IPv6, the address on the first interface is
+                # the link-local address, and can't be changed.
+                #
+                # Lines starting with inet indicate the hostname for that
+                # interface, and are used by dhcpagent. Skip over them.
+                if [[ -f /etc/dhcp.${iface} && "${ifparams}" == inet* ]]; then
+                    continue
+                elif [[ "${ifparams}" == {3}({1,3}(\d).){1,3}(\d)* ]]; then
+                    plumbif ${iface} inet ${addrtype}
+                    if [[ -z "${first_ipv4_configured}" ]]; then
+                        first_ipv4_configured="true"
+                        ifcommand="inet"
+                    else
+                        ifcommand="inet addif"
+                    fi
+                else
+                    plumbif ${iface} inet6 ${addrtype}
+                    ifcommand="inet6 addif"
+                fi
+
+                # vrrp interfaces can't be brought up with ifconfig: vrrpadm
+                # handles that instead
+                if [[ "${addrtype}" =~ "^vrrp" ]]; then
+                    /sbin/ifconfig ${iface} ${ifcommand} \
+                        `printf "%s" "${ifparams}" | sed -e 's/ up//'`
+                else
+                    /sbin/ifconfig ${iface} ${ifcommand} ${ifparams} up
+                fi
+
+                iface_configured="true"
+            done < /etc/hostname.${iface}
+        fi
+
+        if [[ -f /etc/addrconf.${iface} ]]; then
+            # Enable the NDP daemon, so that once this script finishes, we'll
+            # be able to pick up router advertisments and finish configuring
+            # the network interface. We then just need to plumb the interface,
+            # and let in.ndpd take care of configuring addresses.
+            svcadm enable svc:/network/routing/ndp:default
+            plumbif ${iface} inet6 ${addrtype}
+            iface_configured="true"
+        fi
+
+        # If we didn't configure the device at all, mark it for DHCP if we
+        # don't do DHCP on anyone else.
+        if [[ -z ${iface_configured} && -z "${first_iface}" ]]; then
+            first_iface=${iface}
+        fi
+    done < <(/usr/sbin/dladm show-vnic -p -o link,macaddrtype 2>/dev/null)
+
+    if [[ -z "${primary}" && -n "${first_iface}" ]]; then
+        first_iface_type=$(dladm show-vnic ${first_iface} -p -o macaddrtype)
+        plumbif ${first_iface} inet ${first_iface_type}
+        /sbin/ifconfig ${first_iface} auto-dhcp
+        primary=${first_iface}
+    fi
+
+    while IFS=: read -r iface addrtype; do
+        if [[ "${iface}" == "${primary}"
+              || -f /etc/hostname.${iface}
+              || -f /etc/dhcp.${iface}
+              || -f /etc/addrconf.${iface}
+              || "${addrtype}" =~ "^vrrp" ]]; then
+            continue
+        fi
+
+        plumbif ${iface} inet ${addrtype}
+        /sbin/ifconfig ${iface} auto-dhcp start wait 0
+    done < <(/usr/sbin/dladm show-vnic -p -o link,macaddrtype 2>/dev/null)
 fi
 
-#
-# If the /etc/defaultrouter file exists, process it now so that the next
-# stage of booting will have access to NFS.
-#
-if [ -f /etc/defaultrouter ]; then
-	while read router rubbish; do
-		case "$router" in
-			'#'* | '') ;;	#  Ignore comments, empty lines
-			*)	/sbin/route -n add default -gateway $router ;;
-		esac
-	done </etc/defaultrouter
+log_if_state after
+
+# Since we hopefully made networking changes here, update the sysinfo cache
+if smf_is_globalzone; then
+    /usr/bin/sysinfo -u
 fi
 
-#
-# If we get here and were not asked to plumb any IPv4 interfaces, look
-# for boot properties that direct us.
-#
-# - The "network-interface" property is required and indicates the
-#   interface name.
-# - The "xpv-hcp" property, if present, is used by the hypervisor
-#   tools to indicate how the specified interface should be configured.
-#   Permitted values are "dhcp" and "off", where "off" indicates static
-#   IP configuration.
-#
-# In the case where "xpv-hcp" is set to "dhcp", no further properties
-# are required or examined.
-#
-# In the case where "xpv-hcp" is not present or set to "off", the
-# "host-ip" and "subnet-mask" properties are used to configure
-# the specified interface.  The "router-ip" property, if present,
-# is used to add a default route.
-#
-nic="`/sbin/devprop network-interface`"
-if smf_is_globalzone && [ -z "$inet_list" ] && [ -n "$nic" ]; then
-	hcp="`/sbin/devprop xpv-hcp`"
-	case "$hcp" in
-	"dhcp")
-		/sbin/ifconfig $nic plumb 2>/dev/null
-		[ -n "`/sbin/ifconfig $nic 2>/dev/null`" ] && (
-			# The interface is successfully plumbed, so
-			# modify "inet_list" to force the exit code
-			# checks to work.
-			inet_list=$nic;
-			# Given that this is the only IPv4 interface,
-			# we assert that it is primary.
-			echo "starting DHCP on primary interface $primary";
-			/sbin/ifconfig $nic auto-dhcp primary;
-			# Exit code 4 means ifconfig timed out waiting
-			# for dhcpagent
-			[ $? != 0 ] && [ $? != 4 ] && \
-			    i4d_fail="$i4d_fail $nic";
-		)
-		;;
-
-	"off"|"")
-		/sbin/devprop host-ip subnet-mask router-ip | (
-			read ip;
-			read mask;
-			read router;
-			[ -n "$ip" ] && [ -n "$mask" ] && \
-				/sbin/ifconfig $nic plumb 2>/dev/null
-			[ -n "`/sbin/ifconfig $nic 2>/dev/null`" ] && (
-				# The interface is successfully
-				# plumbed, so modify "inet_list" to
-				# force the exit code checks to work.
-				inet_list=$nic;
-				/sbin/ifconfig $nic  inet $ip \
-				    netmask $mask broadcast + up 2>/dev/null;
-				[ -n "$router" ] && route add \
-				    default $router 2>/dev/null;
-			)
-		)
-		;;
-	esac
+# Enable symmetric routing: when there are multiple nics configured, always
+# take into account the interface a packet is being sent over when
+# selecting a route. This prevents packets being sent with another nic's
+# source IP.
+/usr/sbin/ndd -set /dev/ip ip_strict_src_multihoming 1
+
+# If the admin nic was missing config options, exit with a config error
+if [[ -n "${ADMIN_NIC_MISCONFIGURED}" ]]; then
+    exit ${SMF_EXIT_ERR_CONFIG}
 fi
 
-#
-# We tell smf this service is online if any of the following is true:
-# - no interfaces were configured for plumbing and no DHCP failures
-# - any non-loopback IPv4 interfaces are up and have a non-zero address
-# - there are any DHCP interfaces started
-# - any non-loopback IPv6 interfaces are up
-#
-# If we weren't asked to configure any interfaces, exit
-if [ -z "$inet_list" ] && [ -z "$inet6_list" ]; then
-	# Config error if DHCP was attempted without plumbed interfaces
-	[ -n "$i4d_fail" ] && exit $SMF_EXIT_ERR_CONFIG
-	exit $SMF_EXIT_OK
+if [[ $admin_ip == 'none' ]]; then
+    #
+    # We're done, even if there are not any usable IP addresses.
+    #
+    exit $SMF_EXIT_OK
 fi
 
 # Any non-loopback IPv4 interfaces with usable addresses up?
-if [ -n "`/sbin/ifconfig -a4u`" ]; then
-    	/sbin/ifconfig -a4u | while read intf addr rest; do
-		[ $intf = inet ] && [ $addr != 127.0.0.1 ] &&
-		[ $addr != 0.0.0.0 ] && exit $SMF_EXIT_OK
-	done && exit $SMF_EXIT_OK
+if [[ -n "`/sbin/ifconfig -a4u`" ]]; then
+    /sbin/ifconfig -a4u | while read intf addr rest; do
+        [[ ${intf} == "inet" ]] && [[ ${addr} != "127.0.0.1" ]] &&
+        [[ ${addr} != "0.0.0.0" ]] && exit ${SMF_EXIT_OK}
+    done && exit ${SMF_EXIT_OK}
 fi
 
 # Any DHCP interfaces started?
-[ -n "`/sbin/ifconfig -a4 dhcp status 2>/dev/null`" ] && exit $SMF_EXIT_OK
+[[ -n "`/sbin/ifconfig -a4 dhcp status 2>/dev/null`" ]] && exit ${SMF_EXIT_OK}
 
 # Any non-loopback IPv6 interfaces up?
-if [ -n "`/sbin/ifconfig -au6`" ]; then
-	/sbin/ifconfig -au6 | while read intf addr rest; do
-		[ $intf = inet6 ] && [ $addr != ::1/128 ] && exit $SMF_EXIT_OK
-	done && exit $SMF_EXIT_OK
+if [[ -n "`/sbin/ifconfig -au6`" ]]; then
+    /sbin/ifconfig -au6 | while read intf addr rest; do
+        [[ ${intf} = "inet6" ]] && [[ ${addr} != "::1/128" ]] && exit ${SMF_EXIT_OK}
+    done && exit ${SMF_EXIT_OK}
 fi
 
 # This service was supposed to configure something yet didn't.  Exit
 # with config error.
-exit $SMF_EXIT_ERR_CONFIG
+exit ${SMF_EXIT_ERR_CONFIG}
diff --git a/usr/src/cmd/svc/milestone/network-early-admin.xml b/usr/src/cmd/svc/milestone/network-early-admin.xml
new file mode 100644
index 0000000000..6566f31bff
--- /dev/null
+++ b/usr/src/cmd/svc/milestone/network-early-admin.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0"?>
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+<!--
+ Copyright 2019, Joyent, Inc.
+
+  This file and its contents are supplied under the terms of the
+  Common Development and Distribution License ("CDDL"), version 1.0.
+  You may only use this file in accordance with the terms of version
+  1.0 of the CDDL.
+
+  A full copy of the text of the CDDL should have accompanied this
+  source.  A copy of the CDDL is also available via the Internet at
+  http://www.illumos.org/license/CDDL.
+
+-->
+
+<service_bundle type='manifest' name='network-early-admin'>
+
+<service
+	name='network/early-admin'
+	type='service'
+	version='1'>
+
+	<!-- ifconfig needs loopback for IPC with dhcpagent -->
+	<dependency
+		name='network'
+		grouping='require_all'
+		restart_on='none'
+		type='service'>
+		<service_fmri value='svc:/network/loopback' />
+		<service_fmri value='svc:/network/datalink-management' />
+		<service_fmri value='svc:/network/ip-interface-management' />
+	</dependency>
+
+	<instance name='default' enabled='true'>
+
+	<exec_method
+		type='method'
+		name='start'
+		exec='/lib/svc/method/net-early-admin'
+		timeout_seconds='600' />
+
+	<exec_method
+		type='method'
+		name='stop'
+		exec=':true'
+		timeout_seconds='3' />
+
+	<property_group name='startd' type='framework'>
+		<propval name='duration' type='astring' value='transient' />
+	</property_group>
+
+	<template>
+		<common_name>
+			<loctext xml:lang='C'>
+				Triton admin network on compute nodes
+			</loctext>
+		</common_name>
+		<documentation>
+			<manpage title='ifconfig' section='1M'
+				manpath='/usr/share/man' />
+			<manpage title='dladm' section='1M'
+				manpath='/usr/share/man' />
+		</documentation>
+	</template>
+
+	</instance>
+
+	<stability value='Unstable' />
+
+</service>
+
+</service_bundle>
diff --git a/usr/src/cmd/svc/milestone/network-location.xml b/usr/src/cmd/svc/milestone/network-location.xml
index 709e9df8f3..5e23d92481 100644
--- a/usr/src/cmd/svc/milestone/network-location.xml
+++ b/usr/src/cmd/svc/milestone/network-location.xml
@@ -81,14 +81,6 @@
 	</dependency>
 
 	<dependency
-		name='location_netcfg'
-		grouping='require_all'
-		restart_on='none'
-		type='service'>
-		<service_fmri value='svc:/network/netcfg:default' />
-	</dependency>
-
-	<dependency
 		name='filesystem'
 		grouping='require_all'
 		restart_on='none'
@@ -106,7 +98,7 @@
 	-->
 	<dependency
 		name='manifest-import'
-		grouping='optional_all'
+		grouping='require_all'
 		restart_on='none'
 		type='service'>
 		<service_fmri value='svc:/system/manifest-import:default' />
diff --git a/usr/src/cmd/svc/milestone/network-physical.xml b/usr/src/cmd/svc/milestone/network-physical.xml
index d43bed06ec..62b89bbccc 100644
--- a/usr/src/cmd/svc/milestone/network-physical.xml
+++ b/usr/src/cmd/svc/milestone/network-physical.xml
@@ -4,6 +4,8 @@
  Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  Use is subject to license terms.
 
+ Copyright 2019 Joyent, Inc.
+
  CDDL HEADER START
 
  The contents of this file are subject to the terms of the
@@ -45,22 +47,34 @@
 		<service_fmri value='svc:/network/loopback' />
 	</dependency>
 
-	<instance name='default' enabled='true'>
+	<dependency
+		name='joyent'
+		grouping='require_all'
+		restart_on='none'
+		type='service'>
+		<service_fmri value='svc:/system/filesystem/smartdc' />
+	</dependency>
 
-	<!--
-		physical:default and physical:nwam are mutually exclusive.
-		Use a one-way dependency for now since two-way exclude_all
-		does not work; enforcement of single_instance in the future
-		will fix this.
-	-->
 	<dependency
-		name='physical_nwam'
-		grouping='exclude_all'
+		name='mdata-fetch'
+		grouping='optional_all'
 		restart_on='none'
 		type='service'>
-		<service_fmri value='svc:/network/physical:nwam' />
+		<service_fmri value='svc:/smartdc/mdata:fetch' />
 	</dependency>
 
+	<!-- Prevent this and network/early-admin from trying to configure the
+		admin interface at the same time -->
+	<dependency
+		name='early-admin'
+		grouping='optional_all'
+		restart_on='none'
+		type='service'>
+		<service_fmri value='svc:/network/early-admin:default' />
+	</dependency>
+
+	<instance name='default' enabled='true'>
+
 	<exec_method
 		type='method'
 		name='start'
@@ -91,82 +105,6 @@
 
 	</instance>
 
-	<instance name='nwam' enabled='false'>
-
-	<exec_method
-		type='method'
-		name='start'
-		exec='/lib/svc/method/net-nwam start'
-		timeout_seconds='120' >
-		<method_context>
-			<method_credential user='root' group='root'
-				supp_groups='netadm' privileges='zone' />
-		</method_context>
-	</exec_method>
-
-	<exec_method
-		type='method'
-		name='stop'
-		exec='/lib/svc/method/net-nwam stop'
-		timeout_seconds='60' >
-		<method_context>
-			<method_credential user='root' group='root'
-				supp_groups='netadm' privileges='zone' />
-		</method_context>
-	</exec_method>
-
-	<exec_method
-		type='method'
-		name='refresh'
-		exec='/lib/svc/method/net-nwam refresh'
-		timeout_seconds='60' >
-		<method_context>
-			<method_credential user='root' group='root'
-				supp_groups='netadm' privileges='zone' />
-		</method_context>
-	</exec_method>
-
-	<property_group name='general' type='framework'>
-		<!-- to start/stop NWAM services -->
-		<propval name='action_authorization' type='astring'
-			value='solaris.smf.manage.nwam' />
-		<propval name='value_authorization' type='astring'
-			value='solaris.smf.manage.nwam' />
-	</property_group>
-
-	<property_group name='nwamd' type='application'>
-		<stability value='Unstable' />
-		<propval name='debug' type='boolean' value='false' />
-		<propval name='autoconf' type='boolean' value='false' />
-		<propval name='ncu_wait_time' type='count' value='60' />
-		<propval name='condition_check_interval' type='count'
-			value='120' />
-		<propval name='scan_interval' type='count' value='120' />
-		<propval name='scan_level' type='astring' value='weak' />
-		<propval name='strict_bssid' type='boolean' value='false' />
-		<propval name='active_ncp' type='astring' value='Automatic' />
-		<propval name='value_authorization' type='astring'
-			value='solaris.smf.value.nwam' />
-	</property_group>
-
-	<template>
-		<common_name>
-			<loctext xml:lang='C'>
-				physical network interface autoconfiguration
-			</loctext>
-		</common_name>
-		<documentation>
-			<manpage title='nwamd' section='1M'
-				manpath='/usr/share/man' />
-			<doc_link
-			    name='Network Auto-Magic OpenSolaris Project Page'
-				uri='http://hub.opensolaris.org/bin/view/Project+nwam/'
-				/>
-		</documentation>
-	</template>
-
-	</instance>
-
 	<stability value='Unstable' />
 
 </service>
diff --git a/usr/src/cmd/svc/milestone/smartdc-config b/usr/src/cmd/svc/milestone/smartdc-config
new file mode 100755
index 0000000000..510c93add6
--- /dev/null
+++ b/usr/src/cmd/svc/milestone/smartdc-config
@@ -0,0 +1,211 @@
+#!/bin/bash
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright 2019 Joyent, Inc.
+#
+
+#
+# Despite its "smartdc/config" name, this service is used both for SmartOS and
+# Triton. It has two jobs:
+#
+# During an initial setup, this runs through the initial (possibly interactive)
+# configuration.
+#
+# During normal operation, it does some miscellaneous configuration based on
+# /usbkey/config (which, under Triton, will have already been updated from the
+# USB key by svc:/system/filesystem/smartdc:default).
+#
+
+set -o errexit
+set -o xtrace
+
+. /lib/svc/share/smf_include.sh
+. /lib/sdc/config.sh
+
+export PATH="/usr/sbin:/sbin:/usr/bin"
+
+set_root_password() {
+    enc_password=$1
+
+    sed -e "s|^root:[^\:]*:|root:${enc_password}:|" /etc/shadow > /etc/shadow.new \
+      && chmod 400 /etc/shadow.new \
+      && mv /etc/shadow.new /etc/shadow
+}
+
+case "$1" in
+'start')
+
+    # If we're a headnode, see if we have to do interactive configuration.
+    if /bin/bootparams | grep "^headnode=true" > /dev/null 2>&1; then
+        USB_PATH=/mnt/`svcprop -p "joyentfs/usb_mountpoint" svc:/system/filesystem/smartdc:default`
+
+        # Check for config and run interactive if it doesn't exist.
+        if [[ ! -f ${USB_PATH}/config ]]; then
+            if /bin/bootparams | grep "^noimport=true" >/dev/null 2>&1; then
+                # Skipping interactive config, bypass rest of script.
+                exit $SMF_EXIT_OK
+            fi
+
+            /smartdc/lib/sdc-on-tty -d /dev/console \
+                ${USB_PATH}/scripts/prompt-config.sh "${USB_PATH}"
+
+            # If user quit from interactive configuration then we're done.
+            [[ ! -f ${USB_PATH}/config ]] && exit $SMF_EXIT_OK
+        fi
+    elif /bin/bootparams | grep "^smartos=true" > /dev/null 2>&1; then
+        USB_PATH=/`svcprop -p "joyentfs/usb_copy_path" svc:/system/filesystem/smartdc:default`
+
+        # Check for config and run interactive if it doesn't exist.
+        if [[ ! -f ${USB_PATH}/config ]]; then
+            if /bin/bootparams | grep "^noimport=true" >/dev/null 2>&1; then
+                # Skipping interactive config, bypass rest of script.
+                exit $SMF_EXIT_OK
+            fi
+
+            /smartdc/lib/sdc-on-tty -d /dev/console \
+                /smartdc/lib/smartos_prompt_config.sh "${USB_PATH}"
+
+            # If user quit from interactive configuration then we're done.
+            [[ ! -f ${USB_PATH}/config ]] && exit $SMF_EXIT_OK
+        fi
+    fi
+
+    # This puts config vars in CONFIG_
+    load_sdc_config
+    load_sdc_sysinfo
+
+    # Write the info about this datacenter to /.dcinfo so we can use in the GZ
+    echo "SDC_DATACENTER_NAME='${CONFIG_datacenter_name}'" > /.dcinfo
+
+    if [[ -n "${SYSINFO_Bootparam_smartos}" && -f /usbkey/shadow ]]; then
+        echo "setting root password from /usbkey/shadow"
+    # Boot parameter takes precidence over config
+    elif [[ -n "${SYSINFO_Bootparam_root_shadow}" ]]; then
+        set_root_password "${SYSINFO_Bootparam_root_shadow}"
+        echo "Set root password boot parameters."
+    elif [[ -n "${CONFIG_root_shadow}" ]]; then
+        set_root_password "${CONFIG_root_shadow}"
+        echo "Set root password from config."
+    else
+        echo "No root shadow entry in the config, cannot set."
+    fi
+
+    # Set authorized_keys for root
+    if [[ -n "${CONFIG_root_authorized_keys_file}" ]] \
+        && [[ -n "${CONFIG_config_inc_dir}" ]] \
+        && [[ -d "${CONFIG_config_inc_dir}" ]] \
+        && [[ -f "${CONFIG_config_inc_dir}/${CONFIG_root_authorized_keys_file}" ]]; then
+
+        mkdir -p /root/.ssh
+        cp "${CONFIG_config_inc_dir}/${CONFIG_root_authorized_keys_file}" /root/.ssh/authorized_keys
+        chmod 0600 /root/.ssh/authorized_keys
+        chmod 0700 /root/.ssh
+    fi
+
+    if [[ -n "${CONFIG_ntp_conf_file}" ]] \
+        && [[ -n "${CONFIG_config_inc_dir}" ]] \
+        && [[ -d "${CONFIG_config_inc_dir}" ]] \
+        && [[ -f "${CONFIG_config_inc_dir}/${CONFIG_ntp_conf_file}" ]]; then
+        #
+        # We were given a valid NTP configuration file, so use it without
+        # modification:
+        #
+        cp "${CONFIG_config_inc_dir}/${CONFIG_ntp_conf_file}" \
+          /etc/inet/ntp.conf
+        echo "Copied NTP configuration."
+    else
+        #
+        # If we have an admin network defined, allow time service from this
+        # network:
+        #
+        ntp_aflag=
+        if [[ -n ${CONFIG_admin_network} && -n ${CONFIG_admin_netmask} ]]; then
+            if [[ "${CONFIG_admin_network}" != "..." ]]; then
+                ntp_aflag="-a ${CONFIG_admin_network}/${CONFIG_admin_netmask}"
+            fi
+        fi
+
+        #
+        # If we were given a list of servers, use it:
+        #
+        ntp_hosts="${CONFIG_ntp_hosts}"
+        if [[ -z "${ntp_hosts}" ]]; then
+            #
+            # Otherwise, use the default SmartOS vendor pool from the NTP
+            # Pool Project:
+            #
+            ntp_hosts='0.smartos.pool.ntp.org'
+        fi
+
+        #
+        # Generate NTP configuration:
+        #
+        if ! /smartdc/lib/ntp_config -f /etc/inet/ntp.conf \
+          -s "${ntp_hosts}" ${ntp_aflag}; then
+            echo "FATAL: could not configure NTP" >&2
+            exit ${SMF_EXIT_ERR_CONFIG}
+        fi
+        echo "Generated NTP configuration."
+    fi
+
+    # set the keymap. For dvorak for instance
+    if [[ -n ${CONFIG_default_keymap} ]]; then
+        /usr/bin/loadkeys ${CONFIG_default_keymap}
+    fi
+
+    #
+    # In SmartOS, disabling SMT via the boot option is a pain, so we support a
+    # config option in /usbkey/config, the official mechanism for permanent
+    # configuration.  We'd like to do this earlier but we have to wait for
+    # /usbkey to be mounted first. This does imply we've potentially handed out
+    # "too many" interrupts for the set of CPUs remaining online.
+    #
+    if [[ -n $(/bin/bootparams | grep '^smartos=true') ]]; then
+        if [[ "$CONFIG_smt_enabled" = "false" ]]; then
+            psradm -aS || exit $SMF_EXIT_ERR_FATAL
+        fi
+    fi
+
+    # Enable virtual terminals to support interactive installation
+    vtdaemon="svc:/system/vtdaemon"
+    svccfg -s ${vtdaemon} setprop options/hotkeys=true
+    svcadm refresh ${vtdaemon}
+    svcadm enable ${vtdaemon}
+    svcadm enable svc:/system/console-login:vt2
+    svcadm enable svc:/system/console-login:vt3
+    svcadm enable svc:/system/console-login:vt4
+    svcadm enable svc:/system/console-login:vt5
+    svcadm enable svc:/system/console-login:vt6
+
+    # force update of sysinfo (and dump to stdout so we have in the log)
+    sysinfo -f
+
+    ;;
+
+'stop')
+    ;;
+
+*)
+    echo "Usage: $0 { start | stop }"
+    exit $SMF_EXIT_ERR_FATAL
+    ;;
+esac
+exit $SMF_EXIT_OK
diff --git a/usr/src/cmd/svc/milestone/smartdc-config.xml b/usr/src/cmd/svc/milestone/smartdc-config.xml
new file mode 100644
index 0000000000..bf84d1991b
--- /dev/null
+++ b/usr/src/cmd/svc/milestone/smartdc-config.xml
@@ -0,0 +1,145 @@
+<?xml version="1.0"?>
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+<!--
+ Copyright 2011 Joyent, Inc.  All rights reserved.
+ Use is subject to license terms.
+
+ CDDL HEADER START
+
+ The contents of this file are subject to the terms of the
+ Common Development and Distribution License (the "License").
+ You may not use this file except in compliance with the License.
+
+ You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ or http://www.opensolaris.org/os/licensing.
+ See the License for the specific language governing permissions
+ and limitations under the License.
+
+ When distributing Covered Code, include this CDDL HEADER in each
+ file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ If applicable, add the following below this CDDL HEADER, with the
+ fields enclosed by brackets "[]" replaced with your own identifying
+ information: Portions Copyright [yyyy] [name of copyright owner]
+
+ CDDL HEADER END
+
+    NOTE:  This service manifest is not editable; its contents will
+    be overwritten by package or patch operations, including
+    operating system upgrade.  Make customizations in a different
+    file.
+-->
+
+<service_bundle type='manifest' name='smartdc:config'>
+
+<!--
+	This service applies inital configuration for the GZ in smartdc.
+-->
+<service
+	name='system/smartdc/config'
+	type='service'
+	version='1'>
+
+	<create_default_instance enabled='true' />
+
+	<single_instance />
+
+	<!--
+	dependency/dependent info
+	We need to wait for fs-joyent to be done so we can access the USB key
+	We need to run before sysconfig so interactive configuration can talk
+	on the console
+		(sysconfig)
+	We don't want anything else running which spews on console
+		(system/identy)
+	We don't want manifest import scribbling on the console while running
+		(manifest-import)
+	network/physical can't run without a config file
+		(network/physical)
+	-->
+	<dependency
+		name='filesystem-joyent'
+		type='service'
+		grouping='require_all'
+		restart_on='none'>
+		<service_fmri value='svc:/system/filesystem/smartdc' />
+	</dependency>
+
+	<!--
+	We don't want ssh starting if we haven't updated the passwords/keys
+	-->
+	<dependent
+		name='ssh_multi-user-server'
+		grouping='require_all'
+		restart_on='none'>
+		<service_fmri value='svc:/network/ssh' />
+	</dependent>
+
+	<!-- Make ntp wait so we can setup the config. -->
+	<dependent
+		name='ntp'
+		grouping='require_all'
+		restart_on='none'>
+		<service_fmri value='svc:/network/ntp' />
+	</dependent>
+
+	<dependent
+		name='headnode_config'
+		grouping='optional_all'
+		restart_on='none'>
+		<service_fmri value='svc:/milestone/sysconfig' />
+	</dependent>
+
+	<dependent
+		name='identity'
+		grouping='optional_all'
+		restart_on='none'>
+                <service_fmri value='svc:/system/identity:node' /> 
+        </dependent>   
+
+	<dependent
+		name='headnode_no_output'
+		grouping='optional_all'
+		restart_on='none'>
+		<service_fmri value='svc:/system/manifest-import' />
+	</dependent>
+
+	<dependent
+		name='network-physical'
+		grouping='optional_all'
+		restart_on='none'>
+		<service_fmri value='svc:/network/physical:default' />
+	</dependent>
+
+	<exec_method
+		type='method'
+		name='start'
+		exec='/lib/svc/method/smartdc-config %m'
+		timeout_seconds='0'>
+	</exec_method>
+
+	<exec_method
+		type='method'
+		name='stop'
+		exec='/lib/svc/method/smartdc-config %m'
+		timeout_seconds='60'>
+	</exec_method>
+
+	<property_group name='startd' type='framework'>
+		<propval name='duration' type='astring' value='transient' />
+	</property_group>
+
+	<stability value='Unstable' />
+
+	<template>
+		<common_name>
+			<loctext xml:lang='C'>
+			SmartDC live-image config management service
+			</loctext>
+		</common_name>
+		<documentation>
+			<manpage title='smartdc' section='5' manpath='/usr/share/man' />
+		</documentation>
+	</template>
+</service>
+
+</service_bundle>
diff --git a/usr/src/cmd/svc/milestone/smartdc-init b/usr/src/cmd/svc/milestone/smartdc-init
new file mode 100755
index 0000000000..1b2a550095
--- /dev/null
+++ b/usr/src/cmd/svc/milestone/smartdc-init
@@ -0,0 +1,246 @@
+#!/bin/bash
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2018, Joyent, Inc.
+#
+
+export PS4='[\D{%FT%TZ}] ${BASH_SOURCE}:${LINENO}: ${FUNCNAME[0]:+${FUNCNAME[0]}(): }'
+set -o xtrace
+
+. /lib/svc/share/smf_include.sh
+. /lib/sdc/config.sh
+
+# Make sure working directory is / to prevent unmounting problems.
+cd /
+PATH=/usr/sbin:/usr/bin; export PATH
+
+wait_and_clear()
+{
+    while [ true ]; do
+        # It seems like jobs -p can miscount if we don't run jobs first
+        jobs >/dev/null
+        local cnt=`jobs -p | wc -l`
+        [ $cnt -eq 0 ] && break
+        for s in `svcs -x | nawk '{
+            if ($1 ~ /^svc:/) nm=$1
+            if ($1 == "State:" && $2 == "maintenance") print nm
+        }'`
+        do
+            svcadm clear $s
+        done
+        sleep 1
+    done
+}
+
+# Sets the default firewall rules for a node (unless they're already set)
+set_default_fw_rules() {
+    local fw_default_v
+    if [[ -f /var/fw/.default_rules_setup ]]; then
+        read fw_default_v < /var/fw/.default_rules_setup
+    else
+        fw_default_v=0
+    fi
+
+    # Handle empty files from before we started versioning default rules
+    if [[ -z $fw_default_v ]]; then
+        fw_default_v=1
+    fi
+
+    if [[ $fw_default_v -lt 1 ]]; then
+        /usr/sbin/fwadm add -f - <<RULES
+{
+  "rules": [
+  {
+    "description": "allow all ICMPv4 types",
+    "rule": "FROM any TO all vms ALLOW icmp type all",
+    "enabled": true,
+    "global": true
+  }
+  ]
+}
+RULES
+        [[ $? -ne 0 ]] && return 1
+        echo 1 > /var/fw/.default_rules_setup
+    fi
+
+    if [[ $fw_default_v -lt 2 ]]; then
+        /usr/sbin/fwadm add -f - <<RULES
+{
+  "rules": [
+  {
+    "description": "allow all ICMPv6 types",
+    "rule": "FROM any TO all vms ALLOW icmp6 type all",
+    "enabled": true,
+    "global": true
+  }
+  ]
+}
+RULES
+        [[ $? -ne 0 ]] && return 1
+        echo 2 > /var/fw/.default_rules_setup
+    fi
+}
+
+configure_fwadm()
+{
+    if [[ ! -d /var/log/fw/logs ]]; then
+        mkdir -p /var/log/fw/logs
+        mv /var/log/fw/*-*.log /var/log/fw/logs
+    fi
+
+    # See also OS-2635
+    if [[ -f /var/log/fw/fw.log.0 ]]; then
+        for file in /var/log/fw/fw.log.[0-9]*; do
+            mv ${file} "/var/log/fw/fwadm_$(uname -n)_$(stat -c "%y" ${file} | cut -d'.' -f1 | tr ' ' 'T').log"
+        done
+    fi
+    if [[ -f /var/log/fw/fw.log ]]; then
+        mv /var/log/fw/fw.log /var/log/fw/fwadm.log
+    fi
+
+    if [[ ! -e /var/log/fw/fwadm.log ]]; then
+        touch /var/log/fw/fwadm.log
+    fi
+}
+
+configure_vmadm()
+{
+    # ensure /var/log/vm exists for VM.log logs
+    mkdir -p /var/log/vm/logs
+
+    # See also OS-2635
+    if [[ -f /var/log/vm/vm.log.0 ]]; then
+        for file in /var/log/vm/vm.log.[0-9]*; do
+            mv ${file} "/var/log/vm/vmadm_$(uname -n)_$(stat -c "%y" ${file} | cut -d'.' -f1 | tr ' ' 'T').log"
+        done
+    fi
+    if [[ -f /var/log/vm/vm.log ]]; then
+        mv /var/log/vm/vm.log /var/log/vm/vmadm.log
+    fi
+
+    # need to create this file so rotation works
+    if [[ ! -e /var/log/vm/vmadm.log ]]; then
+        touch /var/log/vm/vmadm.log
+    fi
+}
+
+update_root_password()
+{
+
+    enc_password=`nawk -F= '{
+        if ($1 == "root_shadow")
+                print substr($2, 2, length($2) - 2)
+    }' /opt/smartdc/config/node.config`
+
+    [[ -z "$enc_password" ]] && return 0
+
+    sed -e "s|^root:[^\:]*:|root:${enc_password}:|" /etc/shadow \
+      >/etc/shadow.new \
+      && chmod 400 /etc/shadow.new \
+      && mv /etc/shadow.new /etc/shadow
+}
+
+# Loads config file for the node. These are the config values from the headnode
+# plus authorized keys and anything else we want.
+# This function is only invoked on a compute node.
+install_config()
+{
+    # On standalone machines we don't do this update
+    [[ -n $(/usr/bin/bootparams | grep "^standalone=true") ]] && return 0
+
+    load_sdc_config
+
+    curl -k -o /tmp/node.config --silent \
+        "http://${CONFIG_assets_admin_ip}/extra/joysetup/node.config"
+
+    [[ ! -f /tmp/node.config ]] && return 0
+    grep datacenter_name /tmp/node.config >/dev/null 2>&1
+    if [ $? != 0 ]; then
+	# There is no valid config file served by the assets zone
+	rm -f /tmp/node.config
+	return 0
+    fi
+
+    # Install the file if the local copy is different
+    diff /tmp/node.config /opt/smartdc/config/node.config >/dev/null 2>&1
+    if [ $? != 0 ]; then
+	printf "Updating config file\n" >/dev/console
+	mkdir -p /opt/smartdc/config
+	mv /tmp/node.config /opt/smartdc/config
+        update_root_password
+    else
+	rm -f /tmp/node.config
+    fi
+}
+
+case "$1" in
+'start')
+
+    # Always setup socket filter no matter what happens next.
+    /sbin/soconfig -F datafilt datafilt prog '2:2:0,2:2:6,26:2:0,26:2:6'
+
+    USBMOUNT=
+
+    # If we're not importing the pools, we shouldn't try to setup as a headnode
+    # (since there'll be no zpool)
+    if /bin/bootparams | grep "^noimport=true" > /dev/null 2>&1; then
+        exit $SMF_EXIT_OK
+    fi
+
+    # If we're a headnode, we'll not have AMQP args on the cmdline, and we want
+    # to run an initial_script first anyway.
+    if /bin/bootparams | grep "^headnode=true" > /dev/null 2>&1; then
+        USBMOUNT=/mnt/`svcprop -p joyentfs/usb_mountpoint svc:/system/filesystem/smartdc:default`
+
+	# No config file (e.g. user quit during interactive configuration), so
+	# treat as if "noimport=true".
+	[[ ! -f $USBMOUNT/config ]] && exit $SMF_EXIT_OK
+
+        initial_script=${USBMOUNT}/$(grep "^initial_script=" $USBMOUNT/config.inc/generic 2>/dev/null | cut -d'=' -f2-)
+        if [ -n ${initial_script} ] && [ -e ${initial_script} ]; then
+            # Execute the script
+            ${initial_script}
+            result=$?
+            if [ ${result} -eq 2 ]; then
+                # we're rebooting, no need to start ur
+                echo "REBOOTING!" >> /dev/console
+                enable_ur="false"
+            elif [ ${result} -ne 0 ]; then
+                echo "WARNING: initial_script failed with exit code [${result}]."
+                exit $SMF_EXIT_ERR_FATAL
+            fi
+        fi
+    elif /bin/bootparams | grep "^smartos=true" > /dev/null 2>&1; then
+        set_default_fw_rules
+    else
+	install_config
+    fi
+
+    configure_fwadm
+    configure_vmadm
+
+    if /bin/bootparams | grep "^headnode=true" > /dev/null 2>&1; then
+        /usr/sbin/umount $USBMOUNT
+    fi
+
+    ;;
+
+'stop')
+    ;;
+
+*)
+    echo "Usage: $0 { start | stop }"
+    exit $SMF_EXIT_ERR_FATAL
+    ;;
+esac
+exit $SMF_EXIT_OK
diff --git a/usr/src/cmd/svc/milestone/smartdc-init.xml b/usr/src/cmd/svc/milestone/smartdc-init.xml
new file mode 100644
index 0000000000..266aac53df
--- /dev/null
+++ b/usr/src/cmd/svc/milestone/smartdc-init.xml
@@ -0,0 +1,124 @@
+<?xml version="1.0"?>
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+<!--
+ Copyright 2012 Joyent, Inc.  All rights reserved.
+ Use is subject to license terms.
+
+ CDDL HEADER START
+
+ The contents of this file are subject to the terms of the
+ Common Development and Distribution License (the "License").
+ You may not use this file except in compliance with the License.
+
+ You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ or http://www.opensolaris.org/os/licensing.
+ See the License for the specific language governing permissions
+ and limitations under the License.
+
+ When distributing Covered Code, include this CDDL HEADER in each
+ file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ If applicable, add the following below this CDDL HEADER, with the
+ fields enclosed by brackets "[]" replaced with your own identifying
+ information: Portions Copyright [yyyy] [name of copyright owner]
+
+ CDDL HEADER END
+
+    NOTE:  This service manifest is not editable; its contents will
+    be overwritten by package or patch operations, including
+    operating system upgrade.  Make customizations in a different
+    file.
+-->
+
+<service_bundle type='manifest' name='Joyent:joyent'>
+
+<!--
+	This service imports the zone's zpool on bootup, before zones try to
+	start.  It also sets up configuration data on that zpool, if necessary.
+-->
+<service
+	name='system/smartdc/init'
+	type='service'
+	version='1'>
+
+	<create_default_instance enabled='true' />
+
+	<single_instance />
+
+	<!--
+	dependency info
+	This depends on the system/zones svc which seems weird since that
+	svc runs late in boot because it depends on milestone/multi-user-server.
+	Our svc does the initial setup of the infrastructure zones on the
+	headnode so we need the system/zones svc to run first so that we can
+	install and boot the infrastructure zones.  The reason this seems
+	weird is that this svc also sets up the zpool when we first boot,
+	before we reboot to install the infrastructure zones, so it might seem
+	like it should run early in boot, but it can't because of the zone
+	issue described above.
+
+	The dependency on network/physical is needed since all of the earlier
+	svcs which have a dependency on network/physical are using optional_all.
+	That makes sense for those svcs since they can come up without a
+	network, but for SmartOS, by this point we require the network to be
+	there.
+	-->
+	<dependency
+		name='zones'
+		type='service'
+		grouping='require_all'
+		restart_on='none'>
+		<service_fmri value='svc:/system/zones' />
+	</dependency>
+
+        <dependency
+		name='net-physical'
+		type='service'
+		grouping='require_all'
+		restart_on='none'>
+		<service_fmri value='svc:/network/physical' />
+	</dependency>
+
+	<exec_method
+		type='method'
+		name='start'
+		exec='/lib/svc/method/smartdc-init %m'
+		timeout_seconds='0'>
+	</exec_method>
+
+	<exec_method
+		type='method'
+		name='stop'
+		exec='/lib/svc/method/smartdc-init %m'
+		timeout_seconds='60'>
+	</exec_method>
+
+	<property_group name='startd' type='framework'>
+		<propval name='duration' type='astring' value='transient' />
+	</property_group>
+
+	<!--
+		The zpool holding the zones (this must be imported).
+	-->
+	<property_group name='config' type='application'>
+		<propval name='zpool' type='astring' value='zones' />
+	</property_group>
+
+	<stability value='Unstable' />
+
+	<template>
+		<common_name>
+			<loctext xml:lang='C'>
+			Joyent live-image management service
+			</loctext>
+		</common_name>
+		<documentation>
+			<manpage title='zones' section='5' manpath='/usr/share/man' />
+			<manpage
+				title='zpool'
+				section='1M'
+				manpath='/usr/share/man' />
+		</documentation>
+	</template>
+</service>
+
+</service_bundle>
diff --git a/usr/src/cmd/svc/milestone/smartdc-ur b/usr/src/cmd/svc/milestone/smartdc-ur
new file mode 100755
index 0000000000..2c32482368
--- /dev/null
+++ b/usr/src/cmd/svc/milestone/smartdc-ur
@@ -0,0 +1,79 @@
+#!/bin/bash
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+#
+# Copyright 2010-2011 Joyent, Inc.  All rights reserved.
+# Use is subject to license terms.
+
+set -o xtrace
+
+. /lib/svc/share/smf_include.sh
+. /lib/sdc/config.sh
+
+PATH=/usr/sbin:/usr/bin; export PATH
+
+if [[ -n "$(/bin/bootparams | grep "^standalone=true")" ||
+  -n "$(/bin/bootparams | grep "^smartos=true")" ]]; then
+    # Standalone and SmartOS systems do not need ur
+    svcadm disable "${SMF_FMRI}"
+    exit $SMF_EXIT_OK
+fi
+
+case "$1" in
+'start')
+    #
+    # Grab AMQP parameters from the kernel command line or headnode config
+    #
+
+    load_sdc_config
+    load_sdc_sysinfo
+
+    if [[ -n ${SYSINFO_Bootparam_rabbitmq} ]]; then
+	rabbit=${SYSINFO_Bootparam_rabbitmq}
+    fi
+    if [[ -z ${rabbit} ]] && [[ -n ${CONFIG_rabbitmq} ]]; then
+        rabbit=${CONFIG_rabbitmq}
+    fi
+
+    if [[ -z $rabbit ]]; then
+	echo "unable to find AMQP parameters!"
+        exit $SMF_EXIT_ERR_FATAL
+    fi
+
+    export AMQP_LOGIN=$(echo $rabbit | cut -d: -f1)
+    export AMQP_PASSWORD=$(echo $rabbit | cut -d: -f2)
+    export AMQP_HOST=$(echo $rabbit | cut -d: -f3)
+    export AMQP_PORT=$(echo $rabbit | cut -d: -f4)
+    export NODE_PATH=/usr/node/node_modules
+
+    /usr/bin/ctrun -l child -o noorphan /smartdc/ur-agent/ur-agent 2>&1 &
+
+    ;;
+
+'stop')
+    ;;
+
+*)
+    echo "Usage: $0 { start | stop }"
+    exit $SMF_EXIT_ERR_FATAL
+    ;;
+esac
+exit $SMF_EXIT_OK
diff --git a/usr/src/cmd/svc/milestone/smartdc-ur.xml b/usr/src/cmd/svc/milestone/smartdc-ur.xml
new file mode 100644
index 0000000000..7ee78dcb02
--- /dev/null
+++ b/usr/src/cmd/svc/milestone/smartdc-ur.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0"?>
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+<!--
+    This Source Code Form is subject to the terms of the Mozilla Public
+    License, v. 2.0. If a copy of the MPL was not distributed with this
+    file, You can obtain one at http://mozilla.org/MPL/2.0/.
+-->
+
+<!--
+    Copyright (c) 2014, Joyent, Inc.
+-->
+
+<service_bundle type="manifest" name="ur">
+  <service name="smartdc/agent/ur" type="service" version="0.0.1">
+
+    <create_default_instance enabled="true"/>
+    <single_instance/>
+
+    <dependency name="smartdc-init" grouping="require_all" restart_on="error" type="service">
+      <service_fmri value="svc:/milestone/single-user"/>
+    </dependency>
+
+    <exec_method
+      type="method"
+      name="start"
+      exec="/lib/svc/method/smartdc-ur %m"
+      timeout_seconds="60">
+      <method_context>
+        <method_credential user="root" group="staff"/>
+      </method_context>
+    </exec_method>
+
+    <exec_method type="method" name="restart" exec=":kill" timeout_seconds="60">
+      <method_context>
+        <method_credential user="root" group="staff"/>
+      </method_context>
+    </exec_method>
+
+    <exec_method type="method" name="stop" exec=":kill" timeout_seconds="60">
+      <method_context>
+        <method_credential user="root" group="staff"/>
+      </method_context>
+    </exec_method>
+
+    <property_group name="startd" type="framework">
+      <propval name="ignore_error" type="astring" value="core,signal"/>
+    </property_group>
+
+    <property_group name="application" type="application">
+    </property_group>
+
+    <stability value="Evolving"/>
+
+    <template>
+      <common_name>
+        <loctext xml:lang="C">Ur Agent (node)</loctext>
+      </common_name>
+    </template>
+
+  </service>
+
+</service_bundle>
diff --git a/usr/src/cmd/svc/milestone/sysidtool-net b/usr/src/cmd/svc/milestone/sysidtool-net
new file mode 100755
index 0000000000..538d17bba1
--- /dev/null
+++ b/usr/src/cmd/svc/milestone/sysidtool-net
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+# This exists solely to support the service on older SmartOS zone images.
+
+exit 0
diff --git a/usr/src/cmd/svc/milestone/sysidtool-system b/usr/src/cmd/svc/milestone/sysidtool-system
new file mode 100755
index 0000000000..538d17bba1
--- /dev/null
+++ b/usr/src/cmd/svc/milestone/sysidtool-system
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+# This exists solely to support the service on older SmartOS zone images.
+
+exit 0
diff --git a/usr/src/cmd/svc/profile/Makefile b/usr/src/cmd/svc/profile/Makefile
index 32ec303879..8538e630f8 100644
--- a/usr/src/cmd/svc/profile/Makefile
+++ b/usr/src/cmd/svc/profile/Makefile
@@ -23,6 +23,7 @@
 # Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 # Copyright 2019 Peter Tribble.
+# Copyright 2019 Joyent, Inc.
 #
 
 include ../../Makefile.cmd
@@ -32,6 +33,7 @@ FILEMODE = 0444
 ROOTPROFILE = $(ROOT)/etc/svc/profile
 
 PROFILESRCS = \
+	generic.xml \
 	generic_open.xml \
 	generic_limited_net.xml \
 	inetd_generic.xml \
@@ -61,7 +63,7 @@ TEST =	/usr/bin/test
 LISTSVCS = listsvcs.pl
 
 install: all $(PROFILES)
-	$(RM) $(ROOTPROFILE)/platform.xml
+	$(CP) platform_none.xml $(ROOTPROFILE)/platform.xml
 	# SUNW,Sun-Fire-V890
 	$(RM) $(ROOTPROFILE)/platform_SUNW,Sun-Fire-V890.xml
 	$(LN) $(ROOTPROFILE)/platform_SUNW,Sun-Fire-880.xml \
@@ -95,7 +97,7 @@ $(CHECK_OPEN) $(CHECK_LMTD): \
 	@$(COMM) -23 $@.enabled $@.all | $(TEE) $@.notcovered
 	@$(TEST) ! -s $@.notcovered && $(TOUCH) $@
 
-lint _msg:
+_msg:
 
 clobber clean:
 	$(RM) $(CHECK_OPEN)* $(CHECK_LMTD)*
diff --git a/usr/src/cmd/svc/profile/generic.xml b/usr/src/cmd/svc/profile/generic.xml
new file mode 100644
index 0000000000..1920d1e8a6
--- /dev/null
+++ b/usr/src/cmd/svc/profile/generic.xml
@@ -0,0 +1,392 @@
+<?xml version='1.0'?>
+<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
+<!--
+    CDDL HEADER START
+
+    The contents of this file are subject to the terms of the
+    Common Development and Distribution License (the "License").
+    You may not use this file except in compliance with the License.
+
+    You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+    or http://www.opensolaris.org/os/licensing.
+    See the License for the specific language governing permissions
+    and limitations under the License.
+
+    When distributing Covered Code, include this CDDL HEADER in each
+    file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+    If applicable, add the following below this CDDL HEADER, with the
+    fields enclosed by brackets "[]" replaced with your own identifying
+    information: Portions Copyright [yyyy] [name of copyright owner]
+
+    CDDL HEADER END
+
+    Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
+    Use is subject to license terms.
+
+    The purpose of the limited_net profile is to provide a set of
+    active services that allow one to connect to the machine via ssh
+    (requires sshd). The services which are deactivated here are those
+    that are at odds with this goal. Those which are activated are
+    explicit requirements for the goal's satisfaction.
+
+    NOTE:  Service profiles delivered by this package are not editable,
+    and their contents will be overwritten by package or patch
+    operations, including operating system upgrade.  Make customizations
+    in a distinct file.  The paths, /etc/svc/profile/site.xml and
+    /var/svc/profile/site.xml, are distinguished locations for site-specific
+    service profile, treated otherwise equivalently to this file.
+-->
+<service_bundle type='profile' name='generic_limited_net'
+	 xmlns:xi='http://www.w3.org/2003/XInclude' >
+
+  <!--
+      svc.startd(1M) services
+  -->
+  <service name='system/cryptosvc' version='1' type='service'>
+    <instance name='default' enabled='true'/>
+  </service>
+  <service name='system/coreadm' version='1' type='service'>
+    <instance name='default' enabled='true'/>
+  </service>
+  <service name='system/metainit' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='system/cron' version='1' type='service'>
+    <instance name='default' enabled='true'/>
+  </service>
+  <service name='system/dbus' version='1' type='service'>
+    <instance name='default' enabled='true'/>
+  </service>
+  <service name='system/extended-accounting' version='1' type='service'>
+    <instance name='flow'    enabled='false'/>
+    <instance name='process' enabled='false'/>
+    <instance name='task'    enabled='false'/>
+    <instance name='net'    enabled='false'/>
+  </service>
+  <service name='system/identity' version='1' type='service'>
+    <instance name='domain' enabled='true'/>
+  </service>
+  <service name='system/intrd' version='1' type='service'>
+    <instance name='default' enabled='true'/>
+  </service>
+  <service name='system/keymap' version='1' type='service'>
+    <instance name='default' enabled='true'/>
+  </service>
+  <service name='system/picl' version='1' type='service'>
+    <instance name='default' enabled='true'/>
+  </service>
+  <service name='system/sac' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='system/scheduler' version='1' type='service'>
+    <instance name='default' enabled='true'/>
+  </service>
+  <service name='system/system-log' version='1' type='service'>
+    <instance name='default' enabled='true'/>
+  </service>
+  <service name='system/utmp' version='1' type='service'>
+    <instance name='default' enabled='true'/>
+  </service>
+  <service name='system/zones' version='1' type='service'>
+    <instance name='default' enabled='true'/>
+  </service>
+  <service name='system/rcap' version='1' type='service'>
+    <instance name='default' enabled='true'/>
+  </service>
+  <service name='network/rpc/bind' version='1' type='service'>
+    <instance name='default' enabled='true'/>
+  </service>
+  <service name='system/name-service-cache' version='1' type='service'>
+    <instance name='default' enabled='true'/>
+  </service>
+  <service name='network/netmask' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='network/nfs/status' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='network/nfs/nlockmgr' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='network/nfs/client' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='network/nfs/server' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='network/nfs/rquota' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='network/nfs/cbd' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='network/nfs/mapid' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='network/smb/client' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+
+  <service name='network/ssh' version='1' type='service'>
+    <instance name='default' enabled='true'/>
+  </service>
+  <service name='network/smtp' version='1' type='service'>
+    <instance name='sendmail' enabled='false'/>
+  </service>
+  <service name='network/sendmail-client' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='network/inetd' version='1' type='restarter'>
+    <instance name='default' enabled='true'/>
+  </service>
+  <service name='system/filesystem/autofs' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='system/filesystem/rmvolmgr' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='system/power' version='1' type='service'>
+    <instance name='default' enabled='true'/>
+  </service>
+
+  <service name='network/dns/multicast' version='1' type='service'>
+    <instance name='default' enabled='true'/>
+  </service>
+  <service name='network/dhcp-server' version='1' type='service'>
+    <instance name='default' enabled='false' />
+  </service>
+  <service name='network/ntp' version='1' type='service'>
+    <instance name='default' enabled='true' />
+  </service>
+  <service name='network/rarp' version='1' type='service'>
+    <instance name='default' enabled='false' />
+  </service>
+  <service name='network/slp' version='1' type='service'>
+    <instance name='default' enabled='false' />
+  </service>
+  <service name='network/security/kadmin' version='1' type='service'>
+    <instance name='default' enabled='false' />
+  </service>
+  <service name='network/security/krb5_prop' version='1' type='service'>
+    <instance name='default' enabled='false' />
+  </service>
+  <service name='network/security/krb5kdc' version='1' type='service'>
+    <instance name='default' enabled='false' />
+  </service>
+
+  <service name='application/management/net-snmp' version='1' type='service'>
+    <instance name='default' enabled='false' />
+  </service>
+  <service name='application/management/seaport' version='1' type='service'>
+    <instance name='default' enabled='false' />
+  </service>
+  <service name='application/management/snmpdx' version='1' type='service'>
+    <instance name='default' enabled='false' />
+  </service>
+  <service name='application/management/wbem' version='1' type='service'>
+    <instance name='default' enabled='false' />
+  </service>
+  <service name='application/print/ipp-listener' version='1' type='service'>
+    <instance name='default' enabled='false' />
+  </service>
+  <service name='application/print/ppd-cache-update' version='1' type='service'>
+    <instance name='default' enabled='false' />
+  </service>
+  <service name='application/print/rfc1179' version='1' type='service'>
+    <instance name='default' enabled='false' />
+  </service>
+  <service name='application/cups/in-lpd' version='1' type='service'>
+    <instance name='default' enabled='false' />
+  </service>
+  <service name='application/stosreg' version='1' type='service'>
+    <instance name='default' enabled='true' />
+  </service>
+
+  <!--
+	default inetd(1M) services
+  -->
+  <service name='network/finger' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='network/ftp' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='network/login' version='1' type='service'>
+    <instance name='rlogin'  enabled='false'/>
+    <instance name='klogin'  enabled='false'/>
+    <instance name='eklogin' enabled='false'/>
+  </service>
+  <service name='network/shell' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+    <instance name='kshell'  enabled='false'/>
+  </service>
+  <service name='network/telnet' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+
+  <!--
+	non-default inetd(1M) services
+  -->
+  <service name='network/uucp' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='network/chargen' version='1' type='service'>
+    <instance name='stream' enabled='false'/>
+    <instance name='dgram' enabled='false'/>
+  </service>
+  <service name='network/daytime' version='1' type='service'>
+    <instance name='stream' enabled='false'/>
+    <instance name='dgram' enabled='false'/>
+  </service>
+  <service name='network/discard' version='1' type='service'>
+    <instance name='stream' enabled='false'/>
+    <instance name='dgram' enabled='false'/>
+  </service>
+  <service name='network/echo' version='1' type='service'>
+    <instance name='stream' enabled='false'/>
+    <instance name='dgram' enabled='false'/>
+  </service>
+  <service name='network/time' version='1' type='service'>
+    <instance name='stream' enabled='false'/>
+    <instance name='dgram' enabled='false'/>
+  </service>
+  <service name='network/comsat' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='network/rexec' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='network/talk' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='network/stdiscover' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='network/stlisten' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+
+  <!--
+	default inetd(1M) RPC services enabled
+  -->
+  <service name='network/rpc/gss' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='network/rpc/mdcomm' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='network/rpc/smserver' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='network/security/ktkt_warn' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+
+  <!--
+	default inetd(1M) RPC services disabled
+  -->
+  <service name='network/rpc/rstat' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='network/rpc/rusers' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='network/rpc/meta' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='network/rpc/metamed' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='network/rpc/metamh' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+
+  <!--
+	non-default inetd(1M) RPC services disabled
+  -->
+  <service name='network/rpc/rex' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='network/rpc/spray' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+  <service name='network/rpc/wall' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+
+  <!--
+      Disable Avahi mDNS bridge service
+  -->
+  <service name='system/avahi-bridge-dsd' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+
+  <!--
+      Enable CDE/ToolTalk/GDM services.
+  -->
+  <service name='network/rpc/cde-ttdbserver' version='1' type='service'>
+    <instance name='tcp' enabled='false' />
+  </service>
+  <service name='application/graphical-login/gdm' version='1'
+    type='service'>
+    <instance name='default' enabled='false' />
+  </service>
+  <service name='network/rpc/cde-calendar-manager' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+
+  <!--
+      Disable X11 services.
+  -->
+  <service name='application/x11/xfs' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+
+  <!--
+      pkg.depotd service
+  -->
+  <service name='system/pkgserv' version='1' type='service'>
+    <instance name='default' enabled='false'/>
+  </service>
+
+  <!--
+      Enable VNC config service for xVM
+  -->
+  <service name='system/xvm/vnc-config' version='1' type='service'>
+     <instance name='default' enabled='false'/>
+  </service>
+
+  <service name='system/xvm/ipagent' version='1' type='service'>
+     <instance name='default' enabled='false'/>
+  </service>
+
+  <service name='application/print/service-selector' version='1' type='service'>
+     <instance name='default' enabled='false'/>
+  </service>
+
+  <service name='system/dumpadm' version='1' type='service'>
+     <instance name='default' enabled='true'/>
+  </service>
+
+  <service name='system/metasync' version='1' type='service'>
+     <instance name='default' enabled='false'/>
+  </service>
+
+  <service name='application/font/fc-cache' version='1' type='service'>
+     <instance name='default' enabled='false'/>
+  </service>
+
+  <service name='system/consolekit' version='1' type='service'>
+     <instance name='default' enabled='false'/>
+  </service>
+
+  <service name='application/opengl/ogl-select' version='1' type='service'>
+     <instance name='default' enabled='false'/>
+  </service>
+
+  <service name='system/hal' version='1' type='service'>
+     <instance name='default' enabled='false'/>
+  </service>
+
+
+</service_bundle>
diff --git a/usr/src/cmd/syslogd/syslog.conf b/usr/src/cmd/syslogd/syslog.conf
index 1ed7a40d39..a894b3ed90 100644
--- a/usr/src/cmd/syslogd/syslog.conf
+++ b/usr/src/cmd/syslogd/syslog.conf
@@ -54,3 +54,7 @@ user.err					/var/adm/messages
 user.alert					`root, operator'
 user.emerg					*
 )
+
+auth.info	/var/log/auth.log
+mail.info	/var/log/postfix.log
+#local0.info	/var/log/courier.log
diff --git a/usr/src/cmd/syslogd/system-log b/usr/src/cmd/syslogd/system-log
index b7608219fc..7f7ad92d96 100644
--- a/usr/src/cmd/syslogd/system-log
+++ b/usr/src/cmd/syslogd/system-log
@@ -21,10 +21,12 @@
 #
 # Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
+# Copyright 2016, Joyent, Inc.  All rights reserved.
 #
-# ident	"%Z%%M%	%I%	%E% SMI"
 
 OLD_CONF=/etc/default/syslogd
+DFLT_SUM="7c87d765805cc45a0dad9fb5c86cc4f2"
+CONF_SUM="$DFLT_SUM"
 
 . /lib/svc/share/smf_include.sh
 
@@ -52,14 +54,72 @@ convert()
 	rm -f ${OLD_CONF}.new
 }
 
-if [ ! -f /etc/syslog.conf ]; then
-	echo "/etc/syslog.conf is missing. Exiting."
-	exit $SMF_EXIT_ERR_CONFIG
+#
+# If the rsyslog.conf file doesn't exist and the syslog.conf file has not
+# been customized, generate the default rsyslog.conf.
+#
+generate_rsyslog_conf()
+{
+	if [ ! -f /etc/syslog.conf ]; then
+		return
+	fi
+
+	CONF_SUM=`nawk '{
+	    if (substr($1, 1, 1) != "#" && NF != 0) print $0
+	    }' /etc/syslog.conf | sum -x md5`
+
+	if [ "$CONF_SUM" != "$DFLT_SUM" ]; then
+		return
+	fi
+
+	cat <<-DONE >/etc/rsyslog.conf
+	#
+	# Sample rsyslog configuration file
+	#
+
+	$ModLoad immark
+	$ModLoad imsolaris
+	$ModLoad imtcp
+	$ModLoad imudp
+
+	*.err;kern.notice;auth.notice			/dev/sysmsg
+	*.err;kern.debug;daemon.notice;mail.crit	/var/adm/messages
+
+	*.alert;kern.err;daemon.err			operator
+	*.alert						root
+
+	*.emerg						*
+
+	mail.debug					/var/log/syslog
+
+	auth.info					/var/log/auth.log
+	mail.info					/var/log/postfix.log
+	DONE
+}
+
+if [ ! -f /etc/rsyslog.conf -a -x /usr/sbin/rsyslogd ]; then
+	generate_rsyslog_conf
 fi
 
-if [ ! -x /usr/sbin/syslogd ]; then
-	echo "Executable /usr/sbin/syslogd not found. Exiting"
-	exit $SMF_EXIT_ERR_CONFIG
+if [ -f /etc/rsyslog.conf ]; then
+	if [ ! -x /usr/sbin/rsyslogd ]; then
+		echo "Executable /usr/sbin/rsyslogd not found or not executable. Exiting."
+		exit $SMF_EXIT_ERR_CONFIG
+	fi
+else
+	#
+	# Fall back to old syslogd
+	#
+	echo "/etc/rsyslog.conf is missing. Using syslogd instead."
+	if [ ! -f /etc/syslog.conf ]; then
+		echo "/etc/syslog.conf is missing. Exiting."
+		exit $SMF_EXIT_ERR_CONFIG
+	fi
+
+	if [ ! -x /usr/sbin/syslogd ]; then
+		echo "Executable /usr/sbin/syslogd not found or not executable. Exiting."
+		exit $SMF_EXIT_ERR_CONFIG
+	fi
 fi
 
 if smf_is_globalzone; then
@@ -80,6 +140,27 @@ if [ ! -f /var/adm/messages ]; then
 	/usr/bin/cp /dev/null /var/adm/messages
 	/usr/bin/chmod 0644 /var/adm/messages
 fi
+
+if [ -f /etc/rsyslog.conf ]; then
+	#
+	# If we have a config file for the old syslogd, only run rsyslogd
+	# if there are no customizations in the old syslog.conf file.
+	#
+	if [ -f /etc/syslog.conf ]; then
+		CONF_SUM=`nawk '{
+		    if (substr($1, 1, 1) != "#" && NF != 0) print $0
+		    }' /etc/syslog.conf | sum -x md5`
+	fi
+
+	if [ "$CONF_SUM" == "$DFLT_SUM" ]; then
+		/usr/sbin/rsyslogd -c5 -n &
+		exit $SMF_EXIT_OK
+	fi
+fi
+
+#
+# Run the old syslogd
+#
 remote=`awk -F= '
 	/^LOG_FROM_REMOTE=[yY][Ee][Ss]/ {print "true"}
 	/^LOG_FROM_REMOTE=[Nn][Oo]/     {print "false"}' < ${OLD_CONF}`
@@ -96,3 +177,10 @@ case ${remote} in
 esac
 
 /usr/sbin/syslogd >/dev/msglog 2>&1 &
+
+if [ -f /etc/rsyslog.conf ]; then
+	logger -p daemon.err \
+	    "Not using rsyslogd because there is a custom /etc/syslog.conf file"
+fi
+
+exit $SMF_EXIT_OK
diff --git a/usr/src/cmd/zoneadm/svc-resource-mgmt b/usr/src/cmd/zoneadm/svc-resource-mgmt
index 762de4c0d8..57fd21c3d9 100644
--- a/usr/src/cmd/zoneadm/svc-resource-mgmt
+++ b/usr/src/cmd/zoneadm/svc-resource-mgmt
@@ -22,25 +22,19 @@
 #
 # Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
-
-# ident	"%Z%%M%	%I%	%E% SMI"
-#
+# Copyright 2012 Joyent, Inc.  All rights reserved.
 
 . /lib/svc/share/smf_include.sh
 
-[ ! -f /etc/zones/global.xml ] && exit $SMF_EXIT_OK	# No global zone
-							# resource mgmt.
-							# configuration
-
-[ ! -x /usr/sbin/zoneadm ] && exit $SMF_EXIT_OK # SUNWzoneu not installed
-
 # Make sure working directory is / to prevent unmounting problems.
 cd /
 PATH=/usr/sbin:/usr/bin; export PATH
 
+smf_is_globalzone || exit $SMF_EXIT_OK
+
 case "$1" in
 'start')
-	zoneadm -z global apply
+	prctl -r -n zone.cpu-shares -v 65535 -t priv -i zone global
 	if [ $? -ne 0 ]; then
                 exit $SMF_EXIT_ERR_FATAL
         fi
diff --git a/usr/src/cmd/zoneadm/svc-zones b/usr/src/cmd/zoneadm/svc-zones
index 30d54f5272..41f6b3325f 100644
--- a/usr/src/cmd/zoneadm/svc-zones
+++ b/usr/src/cmd/zoneadm/svc-zones
@@ -22,9 +22,128 @@
 #
 # Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
 # Copyright 2014 Nexenta Systems, Inc. All rights reserved.
+# Copyright (c) 2012, Joyent Inc. All rights reserved.
+
+set -o xtrace
 
 . /lib/svc/share/smf_include.sh
 
+ZPOOL=`svcprop -p config/zpool svc:/system/smartdc/init:default 2>/dev/null`
+ZPOOL=${ZPOOL:-zones}
+
+MAN_SRCDIR=/lib/svc/manifest
+MAN_DESTDIR=/$ZPOOL/manifests
+
+MAN_DIRS="\
+	application \
+	milestone \
+	network \
+	network/dns \
+	network/ipsec \
+	network/ldap \
+	network/loadbalancer \
+	network/nfs \
+	network/nis \
+	network/routing \
+	network/rpc \
+	network/security \
+	network/shares \
+	network/smb \
+	network/ssl \
+	site \
+	system \
+	system/device \
+	system/filesystem \
+	system/fm \
+	system/install \
+	system/security \
+	system/svc"
+
+cp_brand_manifests()
+{
+	brand=$1
+
+	# Create the dir hierarchy under the dest dir for SMF manifests.
+	mkdir -m755 $MAN_DESTDIR/$brand
+
+	for dir in $MAN_DIRS
+	do
+		mkdir -m755 $MAN_DESTDIR/$brand/$dir
+	done
+
+	#
+	# Process the SMF SVC configuration list to setup the brand-specific
+	# SMF svcs.
+	#
+	nawk -v base=$MAN_SRCDIR -v dest=$MAN_DESTDIR/$brand '{
+		# Ignore comments and empty lines.
+		if (substr($1, 1, 1) == "#" || length($1) == 0)
+			next
+
+		# entry format is: name status
+		proc_file($1, $2);
+	    }
+
+	    #
+	    # Copy the manifest from the global zone to the brand-specific
+	    # manifest area.  At the same time, update any manifests whose
+	    # status needs to be changed, based on what our configuration
+	    # file indicates.
+	    #
+	    function proc_file(fname, status)
+	    {
+		f = base "/" fname
+		of =  dest "/" fname
+
+		while (getline <f > 0) {
+			# Fix up the console svc to work with zones.
+			if (fname == "system/console-login.xml")
+				sub("wscons", "console")
+
+			if (($1 == "<instance" &&
+			    $2 == "name=\047default\047") ||
+			    $1 == "<create_default_instance") {
+				if (status == "enabled")
+					n=sub("\047false\047", "\047true\047")
+				else
+					n=sub("\047true\047", "\047false\047")
+
+				if (n > 0)
+					printf("update svc state: %s %s\n",
+					    fname, $0)
+			}
+
+			print $0 >of
+		}
+		close(f)
+		close(of)
+	}' /usr/lib/brand/$brand/manifests
+}
+
+#
+# If we're running off of a live-image, setup a zone-specific collection of
+# manifest files which are mounted in a zone's /lib/svc/manifest directory.
+#
+# Regenerate the manifest data each time this service starts, so that it's
+# always in sync with the running platform (and any fixes included there).
+#
+setup_manifests()
+{
+	echo "Initializing manifest dir."
+
+	rm -rf $MAN_DESTDIR
+	mkdir -m755 -p $MAN_DESTDIR
+
+	for i in /usr/lib/brand/*
+	do
+		brand=`basename $i`
+		[[ ! -f /usr/lib/brand/$brand/manifests ]] && continue
+		# joyent-minimal uses /zones/manifests/joyent too
+		[[ "$brand" == "joyent-minimal" ]] && continue
+		cp_brand_manifests $brand
+	done
+}
+
 #
 # Return a list of running, non-global zones for which a shutdown via
 # "/sbin/init 0" may work (typically only Solaris zones.)
@@ -32,7 +151,7 @@
 shutdown_zones()
 {
 	zoneadm list -p | nawk -F: '{
-		if (($5 != "lx") && ($2 != "global")) {
+		if ($2 != "global") {
 			print $2
 		}
 	}'
@@ -51,6 +170,16 @@ PATH=/usr/sbin:/usr/bin; export PATH
 
 case "$1" in
 'start')
+	#
+	# Generate the manifest, even if no zones, since zones could be
+	# provisioned later.
+	#
+	zfs list -H -o name $ZPOOL >/dev/null 2>&1 
+	[ $? -eq 0 ] && setup_manifests
+
+	# Create directory for zone sockets
+	mkdir -m755 -p /var/zonecontrol
+
 	egrep -vs '^#|^global:' /etc/zones/index || exit 0  # no local zones
 
 	#
@@ -68,6 +197,14 @@ case "$1" in
 			[ -z "$ZONES" ] && echo "Booting zones:\c"
 			ZONES=yes
 			echo " $zone\c"
+
+			#
+			# Make sure a site dir exists, it wasn't initially
+			# being created.
+			#
+			zonepath=`zonecfg -z $zone info zonepath | cut -d: -f2`
+			[ ! -d $zonepath/site ] && mkdir -m755 $zonepath/site
+
 			#
 			# zoneadmd puts itself into its own contract so
 			# this service will lose sight of it.  We don't
@@ -110,7 +247,7 @@ case "$1" in
 
 		for zone in $zonelist; do
 			echo " $zone\c"
-			zoneadm -z $zone shutdown &
+			zlogin -S $zone /sbin/init 0 < /dev/null >&0 2>&0 &
 			SHUTDOWN=1
 		done
 
diff --git a/usr/src/lib/brand/Makefile b/usr/src/lib/brand/Makefile
index bab69e385a..8b25716c27 100644
--- a/usr/src/lib/brand/Makefile
+++ b/usr/src/lib/brand/Makefile
@@ -20,33 +20,29 @@
 #
 #
 # Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
-# Copyright (c) 2018, Joyent, Inc.
+# Copyright 2019 Joyent, Inc.
 #
-# lib/brand/Makefile
-#
-# include global definitions
 include ../../Makefile.master
 
-#
-# Build everything in parallel; use .WAIT for dependencies
 .PARALLEL:
 
-i386_SUBDIRS= lx bhyve
+i386_SUBDIRS= bhyve kvm lx
 i386_MSGSUBDIRS= lx
 
-SUBDIRS= shared .WAIT sn1 solaris10 ipkg labeled $($(MACH)_SUBDIRS)
+SUBDIRS= shared .WAIT sn1 solaris10 ipkg labeled \
+    jcommon joyent joyent-minimal $($(MACH)_SUBDIRS)
+
 MSGSUBDIRS= solaris10 shared $($(MACH)_MSGSUBDIRS)
 
 all :=		TARGET= all
 install :=	TARGET= install
 clean :=	TARGET= clean
 clobber :=	TARGET= clobber
-lint :=		TARGET= lint
 _msg :=		TARGET= _msg
 
 .KEEP_STATE:
 
-all install clean clobber lint: $(SUBDIRS)
+all install clean clobber: $(SUBDIRS)
 
 _msg: $(MSGSUBDIRS)
 
diff --git a/usr/src/lib/brand/ipkg/zone/Makefile b/usr/src/lib/brand/ipkg/zone/Makefile
index a7324491c9..3f5183966b 100644
--- a/usr/src/lib/brand/ipkg/zone/Makefile
+++ b/usr/src/lib/brand/ipkg/zone/Makefile
@@ -23,8 +23,10 @@
 # Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
+# Copyright 2019 Joyent, Inc.
+#
 
-TEMPLATES=	SUNWdefault.xml SUNWblank.xml
+TEMPLATES=	SUNWblank.xml
 XMLDOCS=	config.xml platform.xml
 CLOBBERFILES=	$(ROOTXMLDOCS) $(ROOTTEMPLATES)
 
diff --git a/usr/src/lib/brand/jcommon/Makefile b/usr/src/lib/brand/jcommon/Makefile
new file mode 100644
index 0000000000..d6ca5fb229
--- /dev/null
+++ b/usr/src/lib/brand/jcommon/Makefile
@@ -0,0 +1,26 @@
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+# Copyright 2019 Joyent, Inc.
+#
+
+PROGS = cattach cdetach cinstall cuninstall libhooks.ksh \
+   poststate prestate query statechange
+BRAND = jcommon
+FILEMODE = 0444
+
+include ../Makefile.brand
+
+clean:
+
+clobber:
+	$(RM) $(ROOTPROGS)
+
+install: $(ROOTPROGS)
diff --git a/usr/src/lib/brand/jcommon/README.smf b/usr/src/lib/brand/jcommon/README.smf
new file mode 100644
index 0000000000..64cd3ade4f
--- /dev/null
+++ b/usr/src/lib/brand/jcommon/README.smf
@@ -0,0 +1,107 @@
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright 2015 Joyent, Inc.
+#
+
+There are a few rather brand specific issues related to how SMF works inside of
+them. This README describes how the different pieces interact and where they are
+defined. Note that this README only applies to the Joyent-style sparse zones. It
+does not apply to the KVM brand or the traditional ipkg and S10 branded zones.
+
+#
+# Per-brand manifests file
+#
+
+Each brand has a file called `manifests`. This file lists the set of manifests
+that the brand cares about being available to the zone. It is formatted as:
+
+<manifest_name> <enabled | disabled>
+
+Examples are:
+
+network/smb/client.xml		disabled
+network/ssh.xml			enabled
+
+The use of enabled or disabled determines the default disposition of the service
+when it is imported.
+
+This list is used in various places throughout the rest of the system for
+determining what shows up in the SMF repositories by default and what shows up
+in /lib/svc/manifest.
+
+#
+# Files in /lib/svc/manifest
+#
+
+/lib/svc/manifest is part of the sparse filesystem that gets placed into every
+zone. Unlike /usr, /lib/svc/manifest is brand specific. The zones service
+(svc:/system/zones:default) is responsible for creating the per-brand
+/lib/svc/manifest directories and they live in /zones/manifests/<brand-name>.
+This brand specific directory is lofs-mounted read-only into each zone.
+
+The presence of the enabled and disabled option in the brand's manifests file
+determine whether or not the service is enabled by default when imported. The
+xml file is changed to match the setting.
+
+#
+# Initial SMF repositories
+#
+
+SMF in the minimal brand works differently than it does in the normal Joyent
+Brand when it comes to specifying the initial services that are inside of the
+dataset and what files are in the SMF repository.
+
+SMF has the notion of a `seed repository`. This repository is the initial one
+that is used or copied for new zones. This repository contains various services
+already imported, whether or not they are enabled or disabled, and the various
+service properties.
+
+The traditional `joyent` brand gets this from the dataset itself. In other words,
+the database is already populated with the proper SMF state.
+
+In the `joyent-minimal` brand we handle this differently. We want to be able to
+reuse the datasets that exist but not be stuck with their rather large seed
+repositories that contain many things which are harmful in the minimal context,
+particularly manifest import (both the early and normal kind). To handle this
+the joyent-minimal brand defines a seed repository of its own that gets
+installed at zone creation time and replaces any existing repository.
+
+This seed repository is generated using the `svc.configd-native` and
+`svccfg-native` binaries. Every manifest listed in the brand's manifests file is
+included.
+
+Manifests available to the `joyent` brand not imported into the database are
+available for manual import in /lib/svc/manifest. With the minimal brand, only
+the bare minimum number of manifests should be imported.
+
+#
+# Using non-imported manifests
+#
+
+To use one of the manifests that exists but hasn't been imported is pretty easy.
+At some point in time after the initial creation of the zone (during the first
+boot setup script for example), you can import the service. For example, if you
+were going to import the cron service you would run:
+
+svccfg import /lib/svc/manifest/system/cron.xml
+
+Next, you need to potentially enable the service depending on the default
+disposition of the service. You enable the service by running:
+
+svcadm enable -s <service>
+
+Adding the `-s` flag causes the enabling to be synchronous. If you do not
+include the flag then it will poke svc.startd to enable the service and return.
+If the service is already enabled by default, then this is safe to run and it
+won't change anything. It is safer to just always enable or disable the service
+after importing it based on your needs.
diff --git a/usr/src/lib/brand/jcommon/cattach b/usr/src/lib/brand/jcommon/cattach
new file mode 100644
index 0000000000..4f2e65ad83
--- /dev/null
+++ b/usr/src/lib/brand/jcommon/cattach
@@ -0,0 +1,63 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+unset LD_LIBRARY_PATH
+PATH=/usr/bin:/usr/sbin
+export PATH
+
+. /usr/lib/brand/shared/common.ksh
+
+ZONENAME=""
+ZONEPATH=""
+# Default to 10GB diskset quota
+ZQUOTA=10
+
+while getopts "R:t:U:q:z:" opt
+do
+	case "$opt" in
+		R)	ZONEPATH="$OPTARG";;
+		q)	ZQUOTA="$OPTARG";;
+		z)	ZONENAME="$OPTARG";;
+		*)	printf "$m_usage\n"
+			exit $ZONE_SUBPROC_USAGE;;
+	esac
+done
+shift OPTIND-1
+
+if [[ -z $ZONEPATH || -z $ZONENAME ]]; then
+	print -u2 "Brand error: No zone path or name"
+	exit $ZONE_SUBPROC_USAGE
+fi
+
+# The dataset quota must be a number.
+case $ZQUOTA in *[!0-9]*)
+	print -u2 "Brand error: The quota $ZQUOTA is not a number"
+	exit $ZONE_SUBPROC_USAGE;;
+esac
+
+ZROOT=$ZONEPATH/root
+
+# Get the dataset of the parent directory of the zonepath.
+dname=${ZONEPATH%/*}
+bname=${ZONEPATH##*/}
+PDS_NAME=`mount | nawk -v p=$dname '{if ($1 == p) print $3}'`
+[ -z "$PDS_NAME" ] && \
+    print -u2 "Brand error: missing parent ZFS dataset for $dname"
+
+jcommon_attach_hook
+
+exit $ZONE_SUBPROC_OK
diff --git a/usr/src/lib/brand/jcommon/cdetach b/usr/src/lib/brand/jcommon/cdetach
new file mode 100644
index 0000000000..4b67b31fc5
--- /dev/null
+++ b/usr/src/lib/brand/jcommon/cdetach
@@ -0,0 +1,50 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+unset LD_LIBRARY_PATH
+PATH=/usr/bin:/usr/sbin
+export PATH
+
+. /usr/lib/brand/shared/common.ksh
+
+ZONENAME=""
+ZONEPATH=""
+
+while getopts "R:t:U:z:" opt
+do
+	case "$opt" in
+		R)	ZONEPATH="$OPTARG";;
+		z)	ZONENAME="$OPTARG";;
+		*)	printf "$m_usage\n"
+			exit $ZONE_SUBPROC_USAGE;;
+	esac
+done
+shift OPTIND-1
+
+if [[ -z $ZONEPATH || -z $ZONENAME ]]; then
+	print -u2 "Brand error: No zone path or name"
+	exit $ZONE_SUBPROC_USAGE
+fi
+
+#
+# We just need a brand hook so that we can bypass the mount checking
+# that zoneadm does.  This is needed because we have the cores dataset
+# mounted under {zonepath}/root.
+#
+cp /etc/zones/${ZONENAME}.xml ${ZONEPATH}/SUNWdetached.xml
+
+exit $ZONE_SUBPROC_OK
diff --git a/usr/src/lib/brand/jcommon/cinstall b/usr/src/lib/brand/jcommon/cinstall
new file mode 100644
index 0000000000..98b9322b5f
--- /dev/null
+++ b/usr/src/lib/brand/jcommon/cinstall
@@ -0,0 +1,183 @@
+#!/bin/ksh -p
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2016, Joyent, Inc. All rights reserved.
+# Use is subject to license terms.
+#
+
+unset LD_LIBRARY_PATH
+PATH=/usr/bin:/usr/sbin
+export PATH
+
+. /usr/lib/brand/shared/common.ksh
+
+REPROVISONING=""
+ZONENAME=""
+ZONEPATH=""
+# Default to 10GB diskset quota
+ZQUOTA=10
+ZVOL_NAME=`/usr/bin/uuid -v 4`
+
+#
+# The following are the list of features that a corresponding brand may
+# enable. If they wish to do so, then they must set the following flags
+# to values such that [[ -z $flag ]] is true. The following are the
+# currently supported flags:
+#
+# o jst_reprovision - Brand supports reprovision
+# o jst_tmplopt - Template image optional
+#
+
+function fixup_images
+{
+	# New imgadm renames the dataset's snapshot at import to @final for us
+	# and when it exists, we use that. However, when it does not exist we
+	# still use the old method of creating a zones/<uuid>@<uuid> snapshot
+	# so we can support old datasets.
+	exists=$(zfs list -Ho name ${PDS_NAME}/${TMPLZONE}@final 2>&1)
+	if [[ $? == 0 && ${exists} == "${PDS_NAME}/${TMPLZONE}@final" ]]; then
+		zfs clone -o devices=off -F ${QUOTA_ARG} ${PDS_NAME}/${TMPLZONE}@final \
+		    ${PDS_NAME}/${bname} || fatal "failed to clone zone dataset"
+	elif [[ ${exists} =~ "dataset does not exist" ]]; then
+		zfs snapshot ${PDS_NAME}/${TMPLZONE}@${bname}
+		zfs clone -o devices=off -F ${QUOTA_ARG} ${PDS_NAME}/${TMPLZONE}@${bname} \
+		    ${PDS_NAME}/${bname} || fatal "failed to clone zone dataset"
+	else
+		fatal "Unable to determine snapshot for ${PDS_NAME}/${TMPLZONE}"
+	fi
+}
+
+while getopts "rR:t:U:q:z:" opt
+do
+	case "$opt" in
+		r)
+			set -x
+			if [[ -z "$jst_reprovision" ]]; then
+				print -u2 "unsupported reprovision requested"
+				exit $ZONE_SUBPROC_USAGE
+			fi
+			REPROVISIONING="true"
+			;;
+		R)	ZONEPATH="$OPTARG";;
+		t)	TMPLZONE="$OPTARG";;
+			# UUID is only used in the postinstall script
+		U)	UUID="$OPTARG";;
+		q)	ZQUOTA="$OPTARG";;
+		z)	ZONENAME="$OPTARG";;
+		*)	printf "$m_usage\n"
+			exit $ZONE_SUBPROC_USAGE;;
+	esac
+done
+shift OPTIND-1
+
+#
+# IMPORTANT: all actions below need to consider reprovision. If the action
+# modifies files in the zoneroot itself, it should be run on reprovision
+# any other changes to the zone or dataset should not be done on reprovision.
+#
+
+if [[ -z ${REPROVISIONING} \
+    && -n $(zonecfg -z "${ZONENAME}" info attr name=transition \
+    | grep "value: receiving:") ]]; then
+
+	# Here we're doing an install for a received zone, the dataset should have
+	# already been created.
+	exit $ZONE_SUBPROC_OK
+fi
+
+if [[ -z $ZONEPATH || -z $ZONENAME ]]; then
+	print -u2 "Brand error: No zone path or name"
+	exit $ZONE_SUBPROC_USAGE
+fi
+
+if [[ -z ${REPROVISIONING} ]]; then
+	# The install may requires a template zone.
+	if [[ -z $TMPLZONE && -z "$jst_tmplopt" ]]; then
+		print -u2 "Brand error: a zone template is required"
+		exit $ZONE_SUBPROC_USAGE
+	fi
+
+	# The dataset quota must be a number.
+	case $ZQUOTA in *[!0-9]*)
+		print -u2 "Brand error: The quota $ZQUOTA is not a number"
+		exit $ZONE_SUBPROC_USAGE;;
+	esac
+fi
+
+ZROOT=$ZONEPATH/root
+
+if [[ -z ${REPROVISIONING} ]]; then
+	# Get the dataset of the parent directory of the zonepath.
+	dname=${ZONEPATH%/*}
+	bname=${ZONEPATH##*/}
+	PDS_NAME=`mount | nawk -v p=$dname '{if ($1 == p) print $3}'`
+	[ -z "$PDS_NAME" ] && \
+	    print -u2 "Brand error: missing parent ZFS dataset for $dname"
+
+	# We expect that zoneadm was invoked with '-x nodataset', so it won't have
+	# created the dataset.
+
+	QUOTA_ARG=
+	if [[ ${ZQUOTA} != "0" ]]; then
+		QUOTA_ARG="-o quota=${ZQUOTA}g"
+	fi
+
+	#
+	# Some zone brands (KVM) optionally have a top level dataset. If
+	# they don't have one, we need to set the quota on the data
+	# disk.  Otherwise, we set it on the normal top level dataset.
+	#
+	if [[ -z ${TMPLZONE} ]]; then
+		zfs set quota=${ZQUOTA}g ${PDS_NAME}/${bname}
+	else
+		fixup_images
+	fi
+
+fi
+
+# The rest should be run when REPROVISIONING is set as well.
+
+# Make sure zoneinit is setup to use -o xtrace, this handles old datasets where
+# is not yet enabled by default.
+if [[ -f ${ZROOT}/root/zoneinit && \
+	-z $(grep "^set -o xtrace" ${ZROOT}/root/zoneinit) ]]; then
+	sed -i "" -e "s/^#set -o xtrace/set -o xtrace/" ${ZROOT}/root/zoneinit
+fi
+
+if [ ! -d ${ZONEPATH}/config ]; then
+	mkdir -p ${ZONEPATH}/config
+	chmod 755 ${ZONEPATH}/config
+fi
+
+if [ ! -d ${ZROOT}/tmp ]; then
+	mkdir -p ${ZROOT}/tmp
+	chmod 1777 ${ZROOT}/tmp
+fi
+
+# make /var/svc for the 'provisioning file'
+if [ ! -d ${ZROOT}/var/svc ]; then
+	mkdir -p ${ZROOT}/var/svc
+	chmod 0755 ${ZROOT}/var/svc
+fi
+
+jcommon_attach_hook
+
+exit $ZONE_SUBPROC_OK
diff --git a/usr/src/lib/brand/jcommon/cuninstall b/usr/src/lib/brand/jcommon/cuninstall
new file mode 100644
index 0000000000..9be35bc7a9
--- /dev/null
+++ b/usr/src/lib/brand/jcommon/cuninstall
@@ -0,0 +1,74 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2016 Joyent, Inc.  All rights reserved.
+#
+
+unset LD_LIBRARY_PATH
+PATH=/usr/bin:/usr/sbin
+export PATH
+
+. /usr/lib/brand/shared/common.ksh
+
+ZONENAME=""
+ZONEPATH=""
+
+while getopts "FR:z:" opt
+do
+	case "$opt" in
+		F)	;;
+		R)	ZONEPATH="$OPTARG";;
+		z)	ZONENAME="$OPTARG";;
+		*)	printf "$m_usage\n"
+			exit $ZONE_SUBPROC_USAGE;;
+	esac
+done
+shift OPTIND-1
+
+if [[ -z $ZONEPATH || -z $ZONENAME ]]; then
+	print -u2 "Brand error: No zone path or name"
+	exit $ZONE_SUBPROC_USAGE
+fi
+
+# Get the dataset of the parent directory of the zonepath.
+dname=${ZONEPATH%/*}
+bname=${ZONEPATH##*/}
+PDS_NAME=`mount | nawk -v p=$dname '{if ($1 == p) print $3}'`
+if [[ -z "$PDS_NAME" ]]; then
+	print -u2 "Brand error: missing parent ZFS dataset for $dname"
+	exit $ZONE_SUBPROC_USAGE
+fi
+
+# check if the origin is not an @final dataset, if not, we'll destroy it
+ORIGIN=`zfs get -H -ovalue origin $PDS_NAME/$bname | grep -v "@final$"`
+
+zfs destroy -rF $PDS_NAME/cores/$bname
+zfs destroy -rF $PDS_NAME/$bname
+if [[ $? != 0 ]]; then
+    echo "processes in zone: "
+    fuser ${ZONEPATH}
+    # Since we are destroying the zone, we don't want to leave a zoneroot behind
+    # just because something couldn't be umounted. So we'll also force the
+    # umount with the 'f' option here.
+    zfs destroy -rfF $PDS_NAME/$bname
+fi
+
+[[ -n ${ORIGIN} && ${ORIGIN} != "-" ]] && zfs destroy -F $ORIGIN
+
+rm -rf $ZONEPATH
+rm -rf /var/zonecontrol/${ZONENAME}
+
+jcommon_uninstall_hook
+
+exit $ZONE_SUBPROC_OK
diff --git a/usr/src/lib/brand/jcommon/libhooks.ksh b/usr/src/lib/brand/jcommon/libhooks.ksh
new file mode 100644
index 0000000000..346356519c
--- /dev/null
+++ b/usr/src/lib/brand/jcommon/libhooks.ksh
@@ -0,0 +1,96 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+#
+# This file contains various hooks that are used by nore than a single
+# brand. This file should be included by the brand-specific files.
+#
+
+jattach_kvm_final_setup()
+{
+	ZRAM=$(zonecfg -z ${ZONENAME} info attr name=ram | \
+		grep "value: " | cut -d ':' -f2 | tr -d ' ')
+
+	if [[ -z ${ZRAM} ]]; then
+		echo "Unable to find RAM value for KVM VM"
+		exit $ZONE_SUBPROC_FATAL
+	fi
+
+	# 100G unless the VM has 80G or more DRAM, in which case: DRAM + 20G.
+	CORE_QUOTA=102400
+	if [[ ${ZRAM} -gt 81920 ]]; then
+		CORE_QUOTA=$((${ZRAM} + 20480))
+	fi
+
+	# The cores quota exists to control run-away zones. As such we make it
+	# such that it will protect the system from a single run-away, but
+	# still allow us to get most cores.
+	rm -rf $ZONEPATH/cores
+	zfs create -o quota=${CORE_QUOTA}m -o mountpoint=/${PDS_NAME}/$bname/cores \
+	    ${PDS_NAME}/cores/$bname
+}
+
+jattach_zone_final_setup()
+{
+	if [[ -z ${REPROVISIONING} ]]; then
+		# The cores quota exists to control run-away zones. As such we make it
+		# such that it will protect the system from a single run-away, but
+		# still allow us to get most cores. 100G seems good enough based on
+		# samples from JPC.
+		rm -rf $ZONEPATH/cores
+		CORE_QUOTA=102400
+		zfs create -o quota=${CORE_QUOTA}m -o mountpoint=/${PDS_NAME}/$bname/cores \
+		    ${PDS_NAME}/cores/$bname
+
+		chmod 700 $ZONEPATH
+	fi
+
+	egrep -s "netcfg:" $ZROOT/etc/passwd
+	if (( $? != 0 )); then
+		echo "netcfg:x:17:65:Network Configuration Admin:/:" \
+		    >> $ZROOT/etc/passwd
+		echo "netcfg:*LK*:::::::" >> $ZROOT/etc/shadow
+	fi
+	egrep -s "netadm:" $ZROOT/etc/group
+	(( $? != 0 )) && echo "netadm::65:" >> $ZROOT/etc/group
+
+	# /etc/svc/profile needs to be a directory with some contents which we
+	# can get from the template.  The early manifest import svc
+	# (lib/svc/method/manifest-import) copies some symlinks from the
+	# template's var/svc/profile dir and we need to make sure those are
+	# pointing at the right files and not left dangling.
+	ZPROFILE=$ZROOT/etc/svc/profile
+	if [ ! -d $ZPROFILE ]; then
+		mkdir $ZPROFILE
+		cp -p $ZROOT/var/svc/profile/generic_limited_net.xml $ZPROFILE
+		cp -p $ZROOT/var/svc/profile/inetd_generic.xml $ZPROFILE
+		cp -p $ZROOT/var/svc/profile/ns_dns.xml $ZPROFILE
+		cp -p $ZROOT/var/svc/profile/platform_none.xml $ZPROFILE
+	fi
+
+	touch $ZROOT/var/log/courier.log
+}
+
+function juninstall_delegated_dataset
+{
+	# Now destroy any delegated datasets. Redirect to /dev/null in case they
+	# were already destroyed when we removed the zonepath dataset.
+	DD=`zonecfg -z $ZONENAME info dataset | nawk '{if ($1 == "name:") print $2}'`
+	for i in $DD; do
+		zfs destroy -rF $i >/dev/null 2>&1
+	done
+}
diff --git a/usr/src/lib/brand/jcommon/poststate b/usr/src/lib/brand/jcommon/poststate
new file mode 100644
index 0000000000..4e4b1207ed
--- /dev/null
+++ b/usr/src/lib/brand/jcommon/poststate
@@ -0,0 +1,34 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+unset LD_LIBRARY_PATH
+PATH=/usr/bin:/usr/sbin
+export PATH
+
+if [[ -n $_ZONEADMD_brand_debug ]]; then
+	logfile=/var/log/zone_bh.$1
+	date >>$logfile
+	echo "zone $1 post-state-change $3 $4" >>$logfile
+	ksh -x /usr/lib/brand/$ps_brand/statechange "post" $@ 2>>$logfile
+	res=$?
+	echo "zone $1 post-state-change result $res" >>$logfile
+else
+	/usr/lib/brand/$ps_brand/statechange "post" $@
+	res=$?
+fi
+
+exit $res
diff --git a/usr/src/lib/brand/jcommon/prestate b/usr/src/lib/brand/jcommon/prestate
new file mode 100644
index 0000000000..a61af89752
--- /dev/null
+++ b/usr/src/lib/brand/jcommon/prestate
@@ -0,0 +1,34 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+unset LD_LIBRARY_PATH
+PATH=/usr/bin:/usr/sbin
+export PATH
+
+if [[ -n $_ZONEADMD_brand_debug ]]; then
+	logfile=/var/log/zone_bh.$1
+	date >>$logfile
+	echo "zone $1 pre-state-change $3 $4" >>$logfile
+	ksh -x /usr/lib/brand/$ps_brand/statechange "pre" $@ 2>>$logfile
+	res=$?
+	echo "zone $1 pre-state-change result $res" >>$logfile
+else
+	/usr/lib/brand/$ps_brand/statechange "pre" $@
+	res=$?
+fi
+
+exit $res
diff --git a/usr/src/lib/brand/jcommon/query b/usr/src/lib/brand/jcommon/query
new file mode 100755
index 0000000000..70ea39d8e2
--- /dev/null
+++ b/usr/src/lib/brand/jcommon/query
@@ -0,0 +1,52 @@
+#!/bin/ksh -p
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+#
+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+#
+
+PATH=/usr/bin:/usr/sbin
+export PATH
+
+. /usr/lib/brand/shared/common.ksh
+
+zonename=$1
+zonepath=$2
+cmd=$3
+
+if [ $3 == "env" ]; then
+	#
+	# zoneadmd reads one (arbitrary length) line of input from the query
+	# hook.  If there is more than one environment variable to pass back,
+	# delimit each one with tabs.  zoneadmd will split the line at the tabs
+	# and set each key/value pair in its environment.
+	#
+	# Currently, only _ZONEADMD_ZPOOL is used to set the %P substitution
+	# for the brand configuration.
+	#
+	entry=$(svccfg -s smartdc/init listprop '*/zpool')
+	if [ -n "$entry" ]; then
+		val=${entry##* * }
+		[ -n "$val" ] && echo "_ZONEADMD_ZPOOL=/${val}\c"
+	fi
+fi
+
+exit $ZONE_SUBPROC_OK
diff --git a/usr/src/lib/brand/jcommon/statechange b/usr/src/lib/brand/jcommon/statechange
new file mode 100644
index 0000000000..58eae5ab5a
--- /dev/null
+++ b/usr/src/lib/brand/jcommon/statechange
@@ -0,0 +1,906 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2018 Joyent, Inc.  All rights reserved.
+#
+
+unset LD_LIBRARY_PATH
+PATH=/usr/bin:/usr/sbin
+export PATH
+
+. /lib/sdc/config.sh
+
+# subcommand:
+# pre
+# post
+
+# state
+# ZONE_STATE_CONFIGURED		0 (script will never see this)
+# ZONE_STATE_INCOMPLETE		1 (script will never see this)
+# ZONE_STATE_INSTALLED		2
+# ZONE_STATE_READY		3
+# ZONE_STATE_RUNNING		4
+# ZONE_STATE_SHUTTING_DOWN	5
+# ZONE_STATE_DOWN		6
+# ZONE_STATE_MOUNTED		7
+
+# cmd
+#
+# ready				0
+# boot				1
+# forceboot			2
+# reboot			3
+# halt				4
+# uninstalling			5
+# mount				6
+# forcemount			7
+# unmount			8
+
+subcommand=$1
+ZONENAME=$2
+ZONEPATH=$3
+state=$4
+cmd=$5
+
+VNDADM=/usr/sbin/vndadm
+SNAPSHOT_DIR=root/checkpoints
+OVERLAY_RULES=/var/run/smartdc/networking/overlay_rules.json
+DEFAULT_MTU=1500
+
+#
+# The following are the list of features that a corresponding brand may
+# enable. If they wish to do so, then they must set the following flags
+# to values such that [[ -z $flag ]] is true. The following are the
+# currently supported flags:
+#
+# o jst_vrrp - Enables vrrp
+# o jst_ufpromisc - Supports unfiltered promiscuous mode
+# o jst_createvnd - Create vnd devices
+# o jst_simplefs - Only setup lastbooted in the FS
+# o jst_showsnap - Show snapshots in the FS
+#
+# In addition, the brand must also specify the following parameters:
+#
+# o jst_mdatapath - The path the metadata socket is expected in the zone
+#
+
+get_boolean_nic_property()
+{
+	bool_val=$(eval echo \$_ZONECFG_net_${1}_${2})
+	if [[ "${bool_val}" == "1" ]] || [[ "${bool_val}" == "true" ]]; then
+		echo "true"
+	else
+		echo "false"
+	fi
+}
+
+nm2prefix()
+{
+	prefix=0
+	numparts=0
+	OLDIFS=$IFS
+	IFS=.
+	for digit in $1 ; do
+		(( numparts+=1 ))
+		case $digit in
+		255)
+			(( prefix+=8 ))
+			;;
+		254)
+			(( prefix+=7 ))
+			;;
+		252)
+			(( prefix+=6 ))
+			;;
+		248)
+			(( prefix+=5 ))
+			;;
+		240)
+			(( prefix+=4 ))
+			;;
+		224)
+			(( prefix+=3 ))
+			;;
+		192)
+			(( prefix+=2 ))
+			;;
+		128)
+			(( prefix+=1 ))
+			;;
+		0);;
+		*)
+			echo "Invalid digit in netmask: $digit" 1>&2;
+			IFS=$OLDIFS
+			return 1;;
+		esac
+	done
+	if [[ $numparts -ne 4 ]]; then
+		echo "Too many parts in the IP address" 1>&2;
+		IFS=$OLDIFS
+		return 1
+	fi
+	IFS=$OLDIFS
+	echo "$prefix"
+}
+
+#
+# Set up the vnic(s) for the zone.
+#
+setup_net()
+{
+	typeset tmp overlay tag id rule
+	for nic in $_ZONECFG_net_resources
+	do
+		# Get simplified versions of the network config. variables.
+		address=$(eval echo \$_ZONECFG_net_${nic}_address)
+		# If address set, must be a shared stack zone
+		[[ -n $address ]] && exit 0
+
+		global_nic=$(eval echo \$_ZONECFG_net_${nic}_global_nic)
+		# If no global-nic, must be a dedicated physical NIC instead
+		# of a vnic
+		[[ -z $global_nic ]] && continue
+
+		dhcp_server=$(get_boolean_nic_property ${nic} dhcp_server)
+		mac_addr=$(eval echo \$_ZONECFG_net_${nic}_mac_addr)
+		vlan_id=$(eval echo \$_ZONECFG_net_${nic}_vlan_id)
+		blocked_outgoing_ports=$(eval \
+		    echo \$_ZONECFG_net_${nic}_blocked_outgoing_ports)
+		zone_ips=$(eval echo \$_ZONECFG_net_${nic}_ips)
+		zone_ip=$(eval echo \$_ZONECFG_net_${nic}_ip)
+		zone_netmask=$(eval echo \$_ZONECFG_net_${nic}_netmask)
+		allow_dhcp_spoof=$(get_boolean_nic_property ${nic} allow_dhcp_spoofing)
+		allow_ip_spoof=$(get_boolean_nic_property ${nic} allow_ip_spoofing)
+		allow_mac_spoof=$(get_boolean_nic_property ${nic} allow_mac_spoofing)
+		allow_restricted_traffic=$(get_boolean_nic_property ${nic} \
+		    allow_restricted_traffic)
+		allow_unfiltered_promisc=$(get_boolean_nic_property ${nic} \
+		    allow_unfiltered_promisc)
+		allowed_ips=$(eval echo \$_ZONECFG_net_${nic}_allowed_ips)
+		allowed_dhcp_cids=$(eval echo \$_ZONECFG_net_${nic}_allowed_dhcp_cids)
+		vrid=$(eval echo \$_ZONECFG_net_${nic}_vrrp_vrid)
+		vrrp_primary_ip=$(eval \
+		    echo \$_ZONECFG_net_${nic}_vrrp_primary_ip)
+		mtu=$(eval echo \$_ZONECFG_net_${nic}_mtu)
+		isoverlay=
+
+		# If we don't have our zone_ips, it may be because the configuration
+		# was made on an older platform. In that case, use the "ip" and
+		# "netmask" properties for this NIC, and save it as "ips".
+		if [[ -z $zone_ips && -n $zone_ip ]]; then
+			[[ -n $zone_netmask ]] &&
+			    zone_ip=$zone_ip/`nm2prefix $zone_netmask`
+
+			zone_ips=$zone_ip
+		fi
+
+
+
+		orig_global=$global_nic
+
+		#
+		# The nic tag for a device (the zonecfg global_nic) can come in
+		# one of a few forms. It may:
+		#
+		# 1) Be a traditional tag which refers to a physical device or
+		#    aggregation to create a VNIC over. The source of this
+		#    mapping is sysinfo.
+		#
+		# 2) It can be the name of an etherstub. The source of these is
+		#    from dladm show-etherstub
+		#
+		# 3) It can take the form of an overlay device rule. An overlay
+		#    device rule is an invalid DLPI device and invalid nic tag.
+		#    It has the form of <name>/<number>. For example,
+		#    sdc_sdn/23. That refers to the overlay rule sdc_sdn. If we
+		#    have an overlay rule, we may need to dynamically create the
+		#    overlay device if it doesn't exist.
+		#
+		# To handle these cases, we first check if it's an overlay
+		# device, and then if not, check the other cases.
+		#
+
+		tmp=$(echo $orig_global | sed -E 's_[a-zA-Z_0-9]+/[0-9]+__')
+		if [[ -n "$tmp" ]]; then
+
+			#
+			# We only need sysinfo if we get here, and we only need to load it
+			# once.  Loading is about the same cost as looking up a single
+			# value.
+			#
+			if [[ -z $SYSINFO_LOADED ]]; then
+				load_sdc_sysinfo
+				SYSINFO_LOADED="LOADED"
+			fi
+			global_nic=$(eval echo \$SYSINFO_NIC_${orig_global})
+
+			# If the global nic is specified as a device or etherstub name
+			# rather than a tag.
+			if [[ -z $global_nic ]]; then
+				echo "$(dladm show-phys -p -o LINK) $(dladm show-etherstub -p -o LINK)" \
+				| egrep "(^| )${orig_global}( |$)" > /dev/null
+				(( $? == 0 )) && global_nic=${orig_global}
+			fi
+		else
+			isoverlay="true"
+			tag=${orig_global%/*}
+			num=${orig_global#*/}
+			global_nic="$tag$num"
+			rule=$(json -f $OVERLAY_RULES $tag)
+			if [[ $? -ne 0 || -z "$rule" ]]; then
+				logger -p daemon.err "zone $ZONENAME had tag " \
+				    "$tag which indicates an overlay rule, " \
+				    "no corresponding overlay rule found."
+				exit 1
+			fi
+		fi
+
+		# For backwards compatibility with the other parts of the
+		# system, check if this zone already has this vnic setup.
+		# If so, move on to the next vnic.
+		dladm show-vnic -p -o LINK -z $ZONENAME $nic >/dev/null 2>&1
+		(( $? == 0 )) && continue
+
+		if [[ -z $global_nic ]]; then
+			echo "undefined VNIC $nic " \
+			    "(global NIC $orig_global)"
+			logger -p daemon.err "zone $ZONENAME " \
+			    "undefined VNIC $nic (global NIC $orig_global)"
+			exit 1
+		fi
+
+		#
+		# If we have an overlay device, do we need to create it, or does
+		# it already exist?
+		#
+		if [[ -n "$isoverlay" ]]; then
+			if ! dladm show-overlay $global_nic 2>/dev/null; then
+				dladm create-overlay $rule -v $num $global_nic
+				if [[ $? -ne 0 ]]; then
+				    # If creation fails, ALSO check
+				    # for existence again, in case
+				    # someone beat us to it.
+				    if ! dladm show-overlay $global_nic \
+					 2> /dev/null; then
+					logger -p daemon.err "zone $ZONENAME " \
+					    "failed to create overlay device " \
+					     "$global_nic with command " \
+					     "'dladm create-overlay $rule -v " \
+					     "$num $global_nic"
+					exit 1
+				    fi
+				fi
+			fi
+		fi
+
+
+		#
+		# Create the vnic.
+		#
+
+		opt_str="-p "
+
+		#
+		# Traditionally we created VNICs without ever specifying
+		# the MTU. In the world before we supported any kind of
+		# jumbo frames, this is fine, because it would always
+		# match the physical which was 1500 by default for
+		# almost all of our devices. However, when we added
+		# support for mtu in nictagadm and changing it in boot
+		# up, we didn't properly assert the default MTU. This
+		# has led to VMs potentially getting the wrong MTU and
+		# ending up using jumbo frames when the network is
+		# expecting 1500 byte frames. Marx Brothers-esque comedy
+		# and despair ensues.
+		#
+		# Thus we always assert that if no MTU is specified by
+		# the VM, then we go back to the traditional 'default'
+		# value which is 1500.
+		#
+		if [[ -z "$mtu" ]]; then
+			mtu=$DEFAULT_MTU
+		fi
+
+		opt_str="$opt_str mtu=$mtu,"
+
+		#
+		# Always append the zone as the last property. This is
+		# to work around the fact that once we associate it with
+		# a zone, the zone will have a hold on the device and
+		# we'll not be able to delete it if a create fails due
+		# to a bad property (say an invalid MTU). Note if we
+		# have other properties, it is their responsibility to
+		# put a trailing comma on it.
+		#
+		opt_str="${opt_str}zone=$ZONENAME"
+
+		if [[ -n "$jst_vrrp" && -n $vrid ]]; then
+			# MAC addresses for VRRP vnics are determined by the VRID
+			mac_addr="vrrp"
+			opt_str="$opt_str -V $vrid -A inet"
+		fi
+
+		[[ -n $mac_addr ]] && opt_str="$opt_str -m $mac_addr"
+
+		[[ -n $vlan_id && $vlan_id != 0 ]] && \
+		    opt_str="$opt_str -v $vlan_id"
+
+
+		#
+		# Creating a VNIC in a zone is a multi-step process internally.
+		# This means there is a short window where the VNIC exists in
+		# the global zone and that could lead to a race condition if
+		# two zones boot at the same time with the same VNIC name.  Use
+		# a temp. name to create the VNIC then rename it to have the
+		# correct name.
+		#
+		tname=tmp$$0
+		dout=`dladm create-vnic -t -l $global_nic $opt_str $tname 2>&1`
+		if (( $? != 0 )); then
+			printf "error creating VNIC %s (global NIC %s)\n" \
+			   "$nic" "$orig_global"
+			printf "msg: %s\n" "$dout"
+			printf "Failed cmd: dladm create-vnic %s" \
+			    "-t -l $global_nic $opt_str $tname"
+			logger -p daemon.err "zone $ZONENAME error creating " \
+			    "VNIC $nic (global NIC $orig_global $global_nic)"
+			logger -p daemon.err "msg: $dout"
+			logger -p daemon.err "Failed cmd: dladm create-vnic " \
+			    "-t -l $global_nic $opt_str $tname"
+
+			# Show more info if dup MAC addr.
+			echo $dout | egrep -s "MAC address is already in use"
+			if (( $? == 0 )); then
+				entry=`dladm show-vnic -olink,macaddress,zone \
+				    | nawk -v addr=$mac_addr '{
+					if ($2 == addr)
+						print $0
+				    }'`
+				if [[ -n $entry ]]; then
+					print -f "LINK\tMACADDRESS\tZONE\n"
+					print -f "%s\n" "$entry"
+				fi
+			fi
+			exit 1
+		fi
+		dladm rename-link -z $ZONENAME $tname $nic
+		if (( $? != 0 )); then
+			echo "error renaming VNIC $tname $nic"
+			logger -p daemon.err "zone $ZONENAME error renaming " \
+			    "VNIC $tname $nic"
+			exit 1
+		fi
+
+		if [[ -z $mac_addr ]]; then
+			# There was no assigned mac address
+
+			# Get newly assigned mac address.
+			mac_addr=$(dladm show-vnic -z $ZONENAME -p -o \
+			    MACADDRESS ${nic})
+
+			# Save newly assigned mac address
+			[[ -n $mac_addr ]] && zonecfg -z $ZONENAME \
+			    "select net physical=$nic; " \
+			    "set mac-addr=$mac_addr; end; exit"
+		fi
+
+		# Set up antispoof options
+
+		if [[ $dhcp_server == "true" ]] || [[ $allow_dhcp_spoof == "true" ]]; then
+			enable_dhcp="true"
+			# This needs to be off for dhcp server zones
+			allow_ip_spoof="true"
+		else
+			enable_dhcp="false"
+		fi
+
+		comma=""
+		spoof_opts=""
+		if [[ $allow_mac_spoof != "true" ]]; then
+			spoof_opts="${spoof_opts}${comma}mac-nospoof"
+			comma=","
+		fi
+		if [[ $allow_ip_spoof != "true" ]]; then
+			spoof_opts="${spoof_opts}${comma}ip-nospoof"
+			comma=","
+		fi
+		if [[ $allow_restricted_traffic != "true" ]]; then
+			spoof_opts="${spoof_opts}${comma}restricted"
+			comma=","
+		fi
+		if [[ ${enable_dhcp} == "false" ]]; then
+			spoof_opts="${spoof_opts}${comma}dhcp-nospoof"
+			comma=","
+		fi
+
+		if [[ -n ${spoof_opts} ]]; then
+			dladm set-linkprop -t -z $ZONENAME -p \
+			"protection=${spoof_opts}" ${nic}
+			if (( $? != 0 )); then
+				echo "error setting VNIC protection $nic $spoof_opts"
+				    logger -p daemon.err "zone $ZONENAME error setting " \
+				    "VNIC protection $nic $spoof_opts"
+			exit 1
+			fi
+		fi
+
+		# If we aren't using IP spoofing, we'll need to set the allowed-ips
+		# property on the NIC so that the zone will be able to ifconfig the
+		# proper addresses.
+		if [[ $allow_ip_spoof != "true" ]]; then
+			unset allowed_ip_map
+			typeset -A allowed_ip_map
+
+			dynamic_methods=""
+			separator=""
+			OLDIFS=$IFS
+			IFS=,
+
+			for zone_ip in $zone_ips; do
+				# For each static IP available, add it to the list.
+				if [[ $zone_ip == "dhcp" ]]; then
+					dynamic_methods+="${separator}dhcpv4"
+					separator=","
+				elif [[ $zone_ip == "addrconf" ]]; then
+					dynamic_methods+="${separator}addrconf"
+					separator=","
+				else
+					clean_ip=`printf "%s" "${zone_ip}" | sed 's|^\([^/]*\)/.*|\1|'`
+					allowed_ip_map[${clean_ip}]=true
+				fi
+			done
+
+			# If any additional IPs have been specified (for example, older
+			# VMs set up for IPv6 before vmadm gained support), add them to
+			# the list.
+			for allowed_ip in $allowed_ips; do
+				allowed_ip_map[${allowed_ip}]=true
+			done
+			IFS=$OLDIFS
+
+			# If we're using VRRP and have the IP, add it to the list.
+			if [[ -n "$jst_vrrp" && -n $vrrp_primary_ip ]]; then
+				allowed_ip_map[${vrrp_primary_ip}]=true
+			fi
+
+			allowed_ip_list=""
+
+			separator=""
+			for allowed_ip in ${!allowed_ip_map[@]}; do
+				allowed_ip_list+="${separator}${allowed_ip}"
+				separator=","
+			done
+
+			# Set the allowed-ips property on the NIC
+			if [[ -n ${allowed_ip_list} ]] &&
+			    ! dladm set-linkprop -t -z $ZONENAME \
+			    -p "allowed-ips=${allowed_ip_list}" ${nic}; then
+				log_and_exit \
+				    "error setting VNIC allowed-ips $nic $allowed_ip_list"
+			fi
+
+			# Set the dynamic-methods property on the NIC
+			if [[ -n ${dynamic_methods} ]] &&
+			    ! dladm set-linkprop -t -z $ZONENAME \
+			    -p "dynamic-methods=${dynamic_methods}" ${nic}; then
+				log_and_exit \
+				    "error setting VNIC dynamic-methods $nic $dynamic_methods"
+			fi
+		fi
+
+		if [[ "$enable_dhcp" != "true" ]] && [[ -n "$allowed_dhcp_cids" ]] &&
+		    ! dladm set-linkprop -p "allowed-dhcp-cids=${allowed_dhcp_cids}" \
+		    -t -z $ZONENAME $nic; then
+			log_and_exit \
+			    "error setting VNIC allowed-dhcp-cids $nic $allowed_dhcp_cids"
+		fi
+
+		if [[ "$enable_dhcp" != "true" ]] && [[ -z "$allowed_dhcp_cids" ]] &&
+		    [[ "$zone_ips" == *dhcp* || "$zone_ips" == *addrconf* ]] &&
+		    ! dladm set-linkprop -p "allow-all-dhcp-cids=true" \
+		    -t -z $ZONENAME $nic; then
+			log_and_exit "error setting VNIC allow-all-dhcp-cids $nic"
+		fi
+
+		if [[ -n "$jst_ufpromisc" && ${allow_unfiltered_promisc} == "true" ]]; then
+			dladm set-linkprop -t -z $ZONENAME -p "promisc-filtered=off" ${nic}
+		fi
+
+		if [[ -n $blocked_outgoing_ports ]]; then
+			OLDIFS=$IFS
+			IFS=,
+			for port in $blocked_outgoing_ports; do
+				# br='block remote'.  Flow names should be < 31
+				# chars in length so that they get unique
+				# kstats.
+				# Use the VNIC mac addr. to generate a unique
+				# name.
+				mac_addr=`dladm show-vnic -z $ZONENAME -p \
+				    -o MACADDRESS $nic | tr ':' '_'`
+				flowadm add-flow -t -l $nic -z $ZONENAME \
+				    -a transport=tcp,remote_port=$port \
+				    -p maxbw=0 f${mac_addr}_br_${port}
+				if (( $? != 0 )); then
+					echo "error adding flow " \
+					    "$nic f${mac_addr}_br_${port}"
+					logger -p daemon.err "zone $ZONENAME " \
+					    "error adding flow " \
+					    "$nic f${mac_addr}_br_${port}"
+					exit 1
+				fi
+			done
+			IFS=$OLDIFS
+		fi
+
+		if [[ -n "$jst_createvnd" ]]; then
+			#
+			# At this point we should go ahead and set up
+			# the vnd interface for this datalink.
+			#
+			$VNDADM create -z $ZONENAME $nic
+			if [[ $? -ne 0 ]]; then
+				echo "failed to create vnd device"
+				exit 1
+			fi
+		fi
+	done
+}
+
+#
+# Log a message, then exit
+#
+log_and_exit()
+{
+	echo "$1"
+	logger -p daemon.err "zone $ZONENAME $1"
+	exit 1
+}
+
+#
+# Set up the firewall for the zone.
+#
+setup_fw()
+{
+	ipf_conf=$ZONEPATH/config/ipf.conf
+	ipf6_conf=$ZONEPATH/config/ipf6.conf
+	if [ -e $ipf_conf ]; then
+		echo "starting firewall ($ipf_conf)"
+		/usr/sbin/ipf -GE $ZONENAME
+		if (( $? != 0 )); then
+			log_and_exit "error enabling ipfilter"
+		fi
+
+		/usr/sbin/ipf -GFa $ZONENAME
+		if (( $? != 0 )); then
+			log_and_exit "error flushing ipfilter (IPv4)"
+		fi
+
+		/usr/sbin/ipf -6GFa $ZONENAME
+		if (( $? != 0 )); then
+			log_and_exit "error flushing ipfilter (IPv6)"
+		fi
+
+		/usr/sbin/ipf -Gf $ipf_conf $ZONENAME
+		if (( $? != 0 )); then
+			log_and_exit "error loading ipfilter config for IPv4"
+		fi
+
+		if [[ -e $ipf6_conf ]] &&
+		    ! /usr/sbin/ipf -6Gf $ipf6_conf $ZONENAME; then
+			log_and_exit "error loading ipfilter config for IPv6"
+		fi
+
+		/usr/sbin/ipf -Gy $ZONENAME
+		if (( $? != 0 )); then
+			log_and_exit "error syncing ipfilter interfaces"
+		fi
+	fi
+}
+
+#
+# We're readying the zone.  Make sure the per-zone writable
+# directories exist so that we can lofs mount them.  We do this here,
+# instead of in the install script, since this list has evolved and
+# there are already zones out there in the installed state.
+#
+setup_fs()
+{
+	# create directory for metadata socket
+	mkdir -m755 -p /var/zonecontrol/${ZONENAME}
+
+	uname -v > $ZONEPATH/lastbooted
+	[[ -n "$jst_simplefs" ]] && return
+
+	[ ! -d $ZONEPATH/site ] && mkdir -m755 $ZONEPATH/site
+	[ ! -d $ZONEPATH/local ] && mkdir -m755 $ZONEPATH/local
+	[ ! -d $ZONEPATH/$SNAPSHOT_DIR ] && mkdir -m755 $ZONEPATH/$SNAPSHOT_DIR
+	if [ ! -d $ZONEPATH/ccs ]; then
+		mkdir -m755 $ZONEPATH/ccs
+		(cd /usr/ccs; tar cbf 512 - *) | \
+		    (cd $ZONEPATH/ccs; tar xbf 512 -)
+	fi
+
+}
+
+setup_snapshots()
+{
+	#
+	# Because the top-level directory of each ZFS snapshot contains some
+	# internal information, mount the /root directory of each snapshot
+	# separately.
+	#
+	for snap in $(ls -1 $ZONEPATH/.zfs/snapshot); do
+		snapdir=$ZONEPATH/$SNAPSHOT_DIR/$(echo ${snap} | sed -e "s/^vmsnap-//")
+		mkdir -p ${snapdir}
+		mount -F lofs -o ro,setuid,nodevices \
+		    $ZONEPATH/.zfs/snapshot/${snap}/root ${snapdir}
+	done
+}
+
+#
+# If the zone has a CPU cap, calculate the CPU baseline and set it so we can
+# track when we're bursting.  There are many ways that the baseline can be
+# calculated based on the other settings in the zones (e.g. a simple way would
+# be as a precentage of the cap).
+#
+# For SmartMachines, our CPU baseline is calculated off of the system's
+# provisionable memory and the memory cap of the zone. We assume that 83% of
+# the system's memory is usable by zones (the rest is for the OS) and we assume
+# that the zone memory cap is set so that we're proportional to how many zones
+# we can provision on the system (i.e. we don't overprovision memory).  Using
+# these assumptions, we calculate the proportion of CPU for the zone based on
+# its proportion of memory. Thus, the zone's CPU baseline is calculated using:
+#     ((zone capped memsize in MB) * 100) / (MB/core).
+# Uncapped zones have no baseline (i.e. infrastructure zones).
+#
+# Remember that the cpu-cap rctl and the baseline are expressed in units of
+# a percent of a CPU, so 100 is 1 full CPU.
+#
+setup_cpu_baseline()
+{
+	# A brand can override the setup of bursting.
+	[ -n "$NO_BURSTING" ] && return
+
+	# If there is already a baseline, don't set one heuristically
+	curr_base=`prctl -P -n zone.cpu-baseline -i zone $ZONENAME | nawk '{
+		if ($2 == "privileged") print $3
+	    }'`
+	[ -n "$curr_base" ] && return
+
+	# Get current cap and convert from zonecfg format into rctl format
+	cap=`zonecfg -z $ZONENAME info capped-cpu | nawk '{
+	    if ($1 == "[ncpus:") print (substr($2, 1, length($2) - 1) * 100)
+	}'`
+	[ -z "$cap" ] && return
+
+	# Get zone's memory cap in MB times 100
+	zmem=`zonecfg -z $ZONENAME info capped-memory | nawk '{
+	    if ($1 == "[physical:") {
+	        val = substr($2, 1, length($2) - 2)
+	        units = substr($2, length($2) - 1, 1)
+
+	        # convert GB to MB
+	        if (units == "G")
+	            val *= 1024
+	        print (val * 100)
+	    }
+	}'`
+	[ -z "$zmem" ] && return
+
+	# Get system's total memory in MB
+	smem=`prtconf -m`
+	# provisionable memory is 83% of total memory (bash can't do floats)
+	prov_mem=$((($smem * 83) / 100))
+	nprocs=`psrinfo -v | \
+	    nawk '/virtual processor/ {cnt++} END {print cnt}'`
+
+	mb_per_core=$(($prov_mem / $nprocs))
+
+	baseline=$(($zmem / $mb_per_core))
+	[[ $baseline == 0 ]] && baseline=1
+	[[ $baseline -gt $cap ]] && baseline=$cap
+
+	prctl -n zone.cpu-baseline -v $baseline -t priv -i zone $ZONENAME
+}
+
+cleanup_snapshots()
+{
+	#
+	# Each ZFS snapshot is mounted separately, so find all mounted
+	# snapshots for this zone, and unmount them.
+	#
+	snaps=$(ls -1 $ZONEPATH/$SNAPSHOT_DIR)
+
+	for snap in ${snaps}; do
+		snapdir=$ZONEPATH/$SNAPSHOT_DIR/$(echo ${snap} | sed -e "s/^vmsnap-//")
+		umount ${snapdir}
+		rmdir ${snapdir}
+	done
+}
+
+#
+# We're halting the zone, perform network cleanup.
+#
+cleanup_net()
+{
+	# Cleanup any flows that were setup.
+	for nic in $_ZONECFG_net_resources
+	do
+		flowadm remove-flow -t -z $ZONENAME -l $nic
+		if (( $? != 0 )); then
+			echo "error removing flows for $nic"
+			logger -p daemon.err "zone $ZONENAME " \
+			    "error removing flows for $nic"
+		fi
+	done
+}
+
+id_gz_sockholder()
+{
+	echo "searching for GZ process holding socket $1"
+	logger -p daemon.err "zone $ZONENAME " \
+	    "searching for GZ process holding socket $1"
+
+	pid=`(cd /proc;
+	for i in *;
+	do
+		pfiles $i 2>/dev/null | egrep -s "AF_UNIX $1";
+		[ $? == 0 ] && echo "$i";
+	done)`
+
+	[ -z "$pid" ] && return
+
+	echo "Error: GZ process $pid holding socket $1 blocking shutdown"
+	logger -p daemon.err "Error: zone $ZONENAME:" \
+	    "GZ process $pid holding socket $1 blocking shutdown"
+}
+
+# zonadmd unable to unmount the given path, try to cleanup so unmount can
+# succeed.
+cleanup_mount()
+{
+	echo "attempting to cleanup mount $1"
+	logger -p daemon.err "zone $ZONENAME attempting to cleanup mount $1"
+
+	fnd_procs=0
+	for i in `fuser -c $1 2>/dev/null`
+	do
+		fnd_procs=1
+
+		pty=`ps -otty -p $i | \
+		    nawk '{if ($1 != "TT" && $1 != "?") print $0}'`
+
+		if [ -n "$pty" ]; then
+			echo "shell process $i blocking zone" \
+			    "$ZONENAME shutdown, killing the process" | wall
+			echo "killing GZ user shell $i under $1"
+			logger -p daemon.err "zone $ZONENAME:" \
+			    "killing GZ user shell $i under $1"
+			kill -9 $i
+		else
+			echo "Error: GZ process $i under $1 blocking shutdown"
+			logger -p daemon.err "Error: zone $ZONENAME:" \
+			    "GZ process $i under $1 blocking shutdown"
+
+			local args="pargs: `pargs $i`"
+			echo "$args"
+			logger -p daemon.err "$args"
+
+			local tree="ptree: `ptree $i`"
+			echo "$tree"
+			logger -p daemon.err "$tree"
+		fi
+	done
+
+	if [ $fnd_procs -eq 1 ]; then
+		# Exit out to give the zoneadmd umount a chance to suceed now.
+		# Zoneadmd will give us another shot if it still can't umount.
+		sleep 1
+		exit 0
+	fi
+
+	# Processes which are injected into a zone and then open a file as a
+	# socket end-point will show in pfiles with the path relative to the
+	# zone's root. For example, a zone with its root at /zones/foo/root and
+	# an open socket as /zones/foo/root/var/run/x will show up in a pfiles
+	# search as /var/run/x. This is a problem since we have no way to
+	# narrow down which process is the culprit.
+	#
+	# Because the socket doesn't have enough information for us to tie to
+	# the specific GZ process, we hardcode to id things we know will open
+	# sockets into the zone:
+	#    $jst_mdatapath/metadata.sock
+	#    /var/run/.smartdc-amon.sock
+
+	ZVR=$ZONEPATH/root/var/run
+	[ -S $ZVR/smartdc/metadata.sock ] &&
+	    id_gz_sockholder $jst_mdatapath/metadata.sock
+
+	[ -S $ZVR/.smartdc-amon.sock ] &&
+	    id_gz_sockholder /var/run/.smartdc-amon.sock
+}
+
+function fix_forced_attrs {
+	typeset attr
+
+	for attr in ${!FORCED_ATTRS[@]}; do
+		typeset nval=${FORCED_ATTRS["$attr"]}
+		typeset -n envvar=_ZONECFG_attr_${attr//-/_}
+		typeset cval=$envvar
+
+		if [[ $cval == $nval ]]; then
+			# In most cases, $nval and $cval will be the same and
+			# nothing needs to be done. This includes the case where
+			# $nval and $cval are "".
+			continue
+		elif [[ -z $nval ]]; then
+			logger -p daemon.error "[zone $ZONENAME]" \
+			    "Illegal value for attr '$attr': '$cval'." \
+			    "Removing attr '$attr'"
+			zonecfg -z "$ZONENAME" "remove -F attr name=$attr"
+
+			unset ${!envvar}
+		else
+			logger -p daemon.error "[zone $ZONENAME]" \
+			    "Illegal value for attr '$attr': '$cval'." \
+			    "Setting to '$nval'"
+			zonecfg -z "$ZONENAME" "remove -F attr name=$attr;" \
+			    "add attr; set type=string;" \
+			    "set name=$attr; set value=\"$nval\"; end;"
+
+			export ${!envvar}="$nval"
+		fi
+	done
+}
+
+#
+# Main
+#
+
+case $subcommand in
+pre)
+	case $cmd in
+	0)	# pre-ready
+		fix_forced_attrs
+		setup_fs
+		;;
+	4)	# pre-halt
+		[[ -n "$jst_showsnap" ]] && cleanup_snapshots
+		cleanup_net
+		;;
+	esac
+	;;
+post)
+	case $cmd in
+	0)	# post-ready
+		[[ -n "$jst_showsnap" ]] && setup_snapshots
+		setup_net
+		setup_fw
+		;;
+	1)	# post-boot
+		# We can't set a rctl until we have a process in the zone to
+		# grab
+		setup_cpu_baseline
+		;;
+	8)	# post-unmount
+		# Zone halt is hung unmounting, try to recover
+		if [[ $state == 6 ]]; then
+			cleanup_mount "$6"
+		fi
+		;;
+	esac
+	;;
+esac
+
+exit 0
diff --git a/usr/src/lib/brand/joyent-minimal/Makefile b/usr/src/lib/brand/joyent-minimal/Makefile
new file mode 100644
index 0000000000..0823a1f94e
--- /dev/null
+++ b/usr/src/lib/brand/joyent-minimal/Makefile
@@ -0,0 +1,31 @@
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+# Copyright 2019 Joyent, Inc.
+#
+
+default: all
+
+# Build everything in parallel; use .WAIT for dependencies
+.PARALLEL:
+
+SUBDIRS =	zone
+
+all :=		TARGET= all
+install :=	TARGET= install
+clean :=	TARGET= clean
+clobber :=	TARGET= clobber
+
+all install clean clobber: $(SUBDIRS)
+
+$(SUBDIRS): FRC
+	@cd $@; pwd; $(MAKE) $(TARGET)
+
+FRC:
diff --git a/usr/src/lib/brand/joyent-minimal/zone/Makefile b/usr/src/lib/brand/joyent-minimal/zone/Makefile
new file mode 100644
index 0000000000..a0fbc14d5c
--- /dev/null
+++ b/usr/src/lib/brand/joyent-minimal/zone/Makefile
@@ -0,0 +1,37 @@
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+# Copyright 2019 Joyent, Inc.
+#
+
+BRAND = joyent-minimal
+
+include $(SRC)/lib/brand/Makefile.brand
+
+PROGS =	jattach jdetach jinstall juninstall poststate prestate statechange
+XMLDOCS = config.xml platform.xml
+TXTS = manifests
+
+CLOBBERFILES = $(ROOTXMLDOCS) $(ROOTTXTS) $(ROOTPROGS)
+
+# These shouldn't be necessary, but for some reason the same thing in
+# ../../Makefile.brand is not being picked up.
+$(ROOTPROGS) := FILEMODE = 755
+$(ROOTTXTS) := FILEMODE = 444
+$(ROOTXMLDOCS) := FILEMODE = 444
+
+all: $(PROGS)
+
+install: $(PROGS) $(ROOTPROGS) $(ROOTXMLDOCS) $(ROOTTXTS)
+
+clean:
+	$(RM) $(CLEANFILES)
+
+include $(SRC)/cmd/Makefile.targ
diff --git a/usr/src/lib/brand/joyent-minimal/zone/config.xml b/usr/src/lib/brand/joyent-minimal/zone/config.xml
new file mode 100644
index 0000000000..64e92464fe
--- /dev/null
+++ b/usr/src/lib/brand/joyent-minimal/zone/config.xml
@@ -0,0 +1,115 @@
+<?xml version="1.0"?>
+
+<!--
+ CDDL HEADER START
+
+ The contents of this file are subject to the terms of the
+ Common Development and Distribution License (the "License").
+ You may not use this file except in compliance with the License.
+
+ You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ or http://www.opensolaris.org/os/licensing.
+ See the License for the specific language governing permissions
+ and limitations under the License.
+
+ When distributing Covered Code, include this CDDL HEADER in each
+ file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ If applicable, add the following below this CDDL HEADER, with the
+ fields enclosed by brackets "[]" replaced with your own identifying
+ information: Portions Copyright [yyyy] [name of copyright owner]
+
+ CDDL HEADER END
+
+ Copyright 2015 Joyent, Inc.  All rights reserved.
+ Use is subject to license terms.
+
+ DO NOT EDIT THIS FILE.
+-->
+
+<!DOCTYPE brand PUBLIC "-//Joyent Inc//DTD Brands//EN"
+    "file:///usr/share/lib/xml/dtd/brand.dtd.1">
+
+<brand name="joyent-minimal">
+	<modname></modname>
+
+	<initname>/sbin/init</initname>
+	<login_cmd>/usr/bin/login -z %Z %u</login_cmd>
+	<forcedlogin_cmd>/usr/bin/login -z %Z -f %u</forcedlogin_cmd>
+	<user_cmd>/usr/bin/getent passwd %u</user_cmd>
+
+	<install>/usr/lib/brand/joyent-minimal/jinstall -z %z -R %R</install>
+	<installopts>R:t:U:q:z:</installopts>
+	<boot></boot>
+	<halt></halt>
+	<verify_cfg></verify_cfg>
+	<verify_adm></verify_adm>
+	<postclone></postclone>
+	<postinstall></postinstall>
+	<attach>/usr/lib/brand/joyent-minimal/jattach -z %z -R %R</attach>
+	<detach>/usr/lib/brand/joyent-minimal/jdetach -z %z -R %R</detach>
+	<clone></clone>
+	<uninstall>/usr/lib/brand/joyent-minimal/juninstall -z %z -R %R</uninstall>
+	<prestatechange>/usr/lib/brand/joyent-minimal/prestate %z %R</prestatechange>
+	<poststatechange>/usr/lib/brand/joyent-minimal/poststate %z %R</poststatechange>
+	<query>/usr/lib/brand/joyent-minimal/query %z %R</query>
+
+	<privilege set="default" name="contract_event" />
+	<privilege set="default" name="contract_identity" />
+	<privilege set="default" name="contract_observer" />
+	<privilege set="default" name="dtrace_proc" />
+	<privilege set="default" name="dtrace_user" />
+	<privilege set="default" name="file_chown" />
+	<privilege set="default" name="file_chown_self" />
+	<privilege set="default" name="file_dac_execute" />
+	<privilege set="default" name="file_dac_read" />
+	<privilege set="default" name="file_dac_search" />
+	<privilege set="default" name="file_dac_write" />
+	<privilege set="default" name="file_owner" />
+	<privilege set="default" name="file_setid" />
+	<privilege set="default" name="ipc_dac_read" />
+	<privilege set="default" name="ipc_dac_write" />
+	<privilege set="default" name="ipc_owner" />
+	<privilege set="default" name="net_bindmlp" />
+	<privilege set="default" name="net_icmpaccess" />
+	<privilege set="default" name="net_mac_aware" />
+	<privilege set="default" name="net_observability" />
+	<privilege set="default" name="net_privaddr" />
+	<privilege set="default" name="net_rawaccess" ip-type="exclusive" />
+	<privilege set="default" name="proc_chroot" />
+	<privilege set="default" name="sys_audit" />
+	<privilege set="default" name="proc_audit" />
+	<privilege set="default" name="proc_lock_memory" />
+	<privilege set="default" name="proc_owner" />
+	<privilege set="default" name="proc_prioup" />
+	<privilege set="default" name="proc_secflags" />
+	<privilege set="default" name="proc_setid" />
+	<privilege set="default" name="proc_taskid" />
+	<privilege set="default" name="sys_acct" />
+	<privilege set="default" name="sys_admin" />
+	<privilege set="default" name="sys_fs_import" />
+	<privilege set="default" name="sys_ip_config" ip-type="exclusive" />
+	<privilege set="default" name="sys_iptun_config" ip-type="exclusive" />
+	<privilege set="default" name="sys_mount" />
+	<privilege set="default" name="sys_nfs" />
+	<privilege set="default" name="sys_smb" />
+	<privilege set="default" name="sys_resource" />
+	<privilege set="default" name="sys_ppp_config" ip-type="exclusive" />
+
+	<privilege set="prohibited" name="dtrace_kernel" />
+	<privilege set="prohibited" name="proc_zone" />
+	<privilege set="prohibited" name="sys_config" />
+	<privilege set="prohibited" name="sys_devices" />
+	<privilege set="prohibited" name="sys_ip_config" ip-type="shared" />
+	<privilege set="prohibited" name="sys_linkdir" />
+	<privilege set="prohibited" name="sys_net_config" />
+	<privilege set="prohibited" name="sys_res_config" />
+	<privilege set="prohibited" name="sys_suser_compat" />
+	<privilege set="prohibited" name="xvm_control" />
+	<privilege set="prohibited" name="virt_manage" />
+	<privilege set="prohibited" name="sys_ppp_config" ip-type="shared" />
+
+	<privilege set="required" name="proc_exec" />
+	<privilege set="required" name="proc_fork" />
+	<privilege set="required" name="sys_ip_config" ip-type="exclusive" />
+	<privilege set="required" name="sys_mount" />
+</brand>
diff --git a/usr/src/lib/brand/joyent-minimal/zone/jattach b/usr/src/lib/brand/joyent-minimal/zone/jattach
new file mode 100755
index 0000000000..b99c0211fe
--- /dev/null
+++ b/usr/src/lib/brand/joyent-minimal/zone/jattach
@@ -0,0 +1,26 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+. /usr/lib/brand/jcommon/libhooks.ksh
+
+function jcommon_attach_hook
+{
+	jattach_zone_final_setup
+}
+
+ps_brand="joyent-minimal"
+. /usr/lib/brand/jcommon/cattach
diff --git a/usr/src/lib/brand/joyent-minimal/zone/jdetach b/usr/src/lib/brand/joyent-minimal/zone/jdetach
new file mode 100755
index 0000000000..5671f06bf9
--- /dev/null
+++ b/usr/src/lib/brand/joyent-minimal/zone/jdetach
@@ -0,0 +1,19 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+ps_brand="joyent-minimal"
+. /usr/lib/brand/jcommon/cdetach
diff --git a/usr/src/lib/brand/joyent-minimal/zone/jinstall b/usr/src/lib/brand/joyent-minimal/zone/jinstall
new file mode 100755
index 0000000000..167566bdca
--- /dev/null
+++ b/usr/src/lib/brand/joyent-minimal/zone/jinstall
@@ -0,0 +1,32 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+# Does this brand support reprovisioning?
+jst_reprovision="yes"
+
+# Is a template image optional?
+# jst_tmplopt="yes"
+
+. /usr/lib/brand/jcommon/libhooks.ksh
+
+function jcommon_attach_hook
+{
+	jattach_zone_final_setup
+	cp /usr/lib/brand/joyent-minimal/repository.db ${ZROOT}/etc/svc
+}
+
+. /usr/lib/brand/jcommon/cinstall
diff --git a/usr/src/lib/brand/joyent-minimal/zone/juninstall b/usr/src/lib/brand/joyent-minimal/zone/juninstall
new file mode 100755
index 0000000000..09051a17b6
--- /dev/null
+++ b/usr/src/lib/brand/joyent-minimal/zone/juninstall
@@ -0,0 +1,25 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+. /usr/lib/brand/jcommon/libhooks.ksh
+
+function jcommon_uninstall_hook
+{
+	juninstall_delegated_dataset
+}
+
+. /usr/lib/brand/jcommon/cuninstall
diff --git a/usr/src/lib/brand/joyent-minimal/zone/manifests b/usr/src/lib/brand/joyent-minimal/zone/manifests
new file mode 100644
index 0000000000..955d46702e
--- /dev/null
+++ b/usr/src/lib/brand/joyent-minimal/zone/manifests
@@ -0,0 +1,127 @@
+#
+# This file lists the SMF manifests which are available in the global
+# zone and which should be setup for use in non-global zones.  Not
+# all SMF services are usable within a zone, so only those that are usable
+# should be listed here.
+#
+# The format of the file is:
+#	manifest_name enable/disable
+# The manifest_name is found relative to /lib/svc/manifest on the system.
+# The second field is used to indicate if the svc should be enabled or
+# disabled by default within zones, independently of its current status in
+# the global zone.
+#
+# The following is a list of SMF svcs which could be run in a zone, but
+# which we're not currently installing on our live image.  If we add any
+# of these to the image and we want it to also be available in zones,
+# then we need to move the entry to the end and uncomment it out.
+#
+# application/cups.xml
+# application/font/fc-cache.xml
+# application/graphical-login/gdm.xml
+# application/management/net-snmp.xml
+# application/management/seaport.xml
+# application/management/snmpdx.xml
+# application/opengl/ogl-select.xml
+# application/print/service-selector.xml
+# application/security/tcsd.xml
+# application/x11/x11-server.xml
+# application/x11/xfs.xml
+# application/x11/xvnc-inetd.xml
+# network/ldap/client.xml
+# network/rpc/keyserv.xml
+# network/socket-filter-kssl.xml
+# network/ssl/kssl-proxy.xml
+# network/nfs/rquota.xml
+# network/smb/server.xml
+# network/dns/server.xml
+# network/ftp.xml
+# network/finger.xml
+# network/comsat.xml
+# network/rpc/rstat.xml
+# network/rpc/rusers.xml
+# network/rpc/spray.xml
+# network/rpc/wall.xml
+# network/talk.xml
+# network/ntp.xml
+# network/sendmail-client.xml
+# network/smtp-sendmail.xml
+# network/telnet.xml
+# network/wpa.xml
+# network/rpc/gss.xml
+# network/security/kadmin.xml
+# network/security/krb5kdc.xml
+# network/security/ktkt_warn.xml
+# network/rpc/smserver.xml
+# network/nfs/cbd.xml
+# network/nfs/mapid.xml
+# network/nfs/status.xml
+# network/ipmievd.xml
+# network/nis/client.xml
+# network/http-apache22.xml
+# system/consolekit.xml
+# system/device/devices-audio.xml
+# system/fm/notify-params.xml
+# system/install/system-config.xml
+# system/pkgserv.xml
+#
+
+#
+# The following is a list of SMF svcs which are installed on our live image and
+# which could be run in a zone, but which we choose not to run in our zones.
+# If we ever do want to run any of these, move the entry to the end and
+# uncomment it out.
+#
+# network/nfs/client.xml
+# network/nfs/nlockmgr.xml
+# system/boot-archive-update.xml
+# system/boot-archive.xml
+# system/boot-config.xml
+# system/cron.xml
+# system/fmd.xml
+# system/sac.xml
+#
+
+#
+# The following is a list of SMF svc manifests under /lib/svc/manifest.  These
+# are available on our live image and are runnable in a zone.  Since the zones
+# are sharing the base file system with the global zone, we set up so that
+# only these svcs are configured in zones, independently of the global zone
+# /lib/svc/manifest hierarchy.
+#
+
+system/svc/restarter.xml	enabled
+network/dlmgmt.xml		enabled
+system/filesystem/root-fs.xml	enabled
+#
+# This was running, but not in our set of manifests. Maybe it came in
+# from /var.
+#
+system/boot-archive.xml		enabled 
+network/network-ipmgmt.xml	enabled
+system/filesystem/usr-fs.xml	enabled
+network/network-loopback.xml	enabled
+system/device/devices-local.xml	enabled
+milestone/single-user.xml	enabled
+network/network-physical.xml	enabled
+system/filesystem/minimal-fs.xml	enabled
+milestone/network.xml		enabled
+system/filesystem/joyent-fs.xml	enabled
+system/filesystem/local-fs.xml	enabled
+system/name-service-cache.xml	enabled
+system/process-security.xml	enabled
+milestone/name-services.xml	enabled
+system/identity.xml		enabled
+network/network-initial.xml	enabled
+network/network-service.xml	enabled
+network/dns/client.xml		enabled
+network/network-netmask.xml	enabled
+network/network-routing-setup.xml	enabled
+milestone/sysconfig.xml		enabled
+system/system-log.xml		enabled
+milestone/multi-user-server.xml	enabled
+milestone/multi-user.xml	enabled
+milestone/name-services.xml	enabled
+system/early-manifest-import.xml	disabled
+system/manifest-import.xml	disabled
+system/mdata.xml	enabled
diff --git a/usr/src/lib/brand/joyent-minimal/zone/platform.xml b/usr/src/lib/brand/joyent-minimal/zone/platform.xml
new file mode 100644
index 0000000000..025d0e9d79
--- /dev/null
+++ b/usr/src/lib/brand/joyent-minimal/zone/platform.xml
@@ -0,0 +1,171 @@
+<?xml version="1.0"?>
+
+<!--
+ CDDL HEADER START
+
+ The contents of this file are subject to the terms of the
+ Common Development and Distribution License (the "License").
+ You may not use this file except in compliance with the License.
+
+ You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ or http://www.opensolaris.org/os/licensing.
+ See the License for the specific language governing permissions
+ and limitations under the License.
+
+ When distributing Covered Code, include this CDDL HEADER in each
+ file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ If applicable, add the following below this CDDL HEADER, with the
+ fields enclosed by brackets "[]" replaced with your own identifying
+ information: Portions Copyright [yyyy] [name of copyright owner]
+
+ CDDL HEADER END
+
+ Copyright 2017 Joyent, Inc.
+
+ DO NOT EDIT THIS FILE.
+-->
+
+<!DOCTYPE platform PUBLIC "-//Joyent Inc//Zones Platform//EN"
+    "file:///usr/share/lib/xml/dtd/zone_platform.dtd.1">
+
+<platform name="joyent-minimal" allow-exclusive-ip="true">
+
+	<!-- Global filesystems to mount when booting the zone -->
+	<global_mount special="/dev" directory="/dev" type="dev"
+	    opt="attrdir=%R/root/dev"/>
+
+	<global_mount special="/var/zonecontrol/%z" directory="/.zonecontrol"
+	    opt="ro,nodevices,nosetuid,noexec" type="lofs" />
+
+	<global_mount special="/lib" directory="/lib"
+	    opt="ro,nodevices" type="lofs" />
+	<global_mount special="%P/manifests/joyent" directory="/lib/svc/manifest"
+	    opt="ro,nodevices" type="lofs" />
+	<global_mount special="%R/site" directory="/lib/svc/manifest/site"
+	    opt="nodevices" type="lofs" />
+	<global_mount special="/sbin" directory="/sbin"
+	    opt="ro,nodevices" type="lofs" />
+	<global_mount special="/usr" directory="/usr"
+	    opt="ro,nodevices" type="lofs" />
+	<global_mount special="%R/local" directory="/usr/local"
+	    opt="nodevices" type="lofs" />
+	<global_mount special="%R/ccs" directory="/usr/ccs"
+	    opt="nodevices" type="lofs" />
+
+	<!-- Local filesystems to mount when booting the zone -->
+	<mount special="/proc" directory="/proc" type="proc" />
+	<mount special="ctfs" directory="/system/contract" type="ctfs" />
+	<mount special="mnttab" directory="/etc/mnttab" type="mntfs" />
+	<mount special="objfs" directory="/system/object" type="objfs" />
+	<mount special="lxproc" directory="/system/lxproc" type="lxproc" />
+	<mount special="swap" directory="/etc/svc/volatile" type="tmpfs" />
+
+	<!-- Devices to create under /dev -->
+	<device match="arp" />
+	<device match="bpf" />
+	<device match="conslog" />
+	<device match="cpu/self/cpuid" />
+	<device match="crypto" />
+	<device match="cryptoadm" />
+	<device match="dsk" />
+	<device match="dtrace/*" />
+	<device match="dtrace/provider/*" />
+	<device match="eventfd" />
+	<device match="fd" />
+	<device match="full" />
+	<device match="inotify" />
+	<device match="ipnet" />
+	<device match="kstat" />
+	<device match="lo0" />
+	<device match="lofictl" />
+	<device match="lofi" />
+	<device match="log" />
+	<device match="logindmux" />
+	<device match="nsmb" />
+	<device match="net/*" />
+	<device match="null" />
+	<device match="openprom" arch="sparc" />
+	<device match="poll" />
+	<device match="pool" />
+	<device match="ptmx" />
+	<device match="pts/*" />
+	<device match="random" />
+	<device match="rdsk" />
+	<device match="rlofi" />
+	<device match="rmt" />
+	<device match="sad/user" />
+	<device match="smbsrv" />
+	<device match="signalfd" />
+	<device match="svvslo0" />
+	<device match="svvslo1" />
+	<device match="svvslo2" />
+	<device match="svvslo3" />
+	<device match="swap" />
+	<device match="sysevent" />
+	<device match="tap" />
+	<device match="tcp" />
+	<device match="tcp6" />
+	<device match="term" />
+	<device match="ticlts" />
+	<device match="ticots" />
+	<device match="ticotsord" />
+	<device match="timerfd" />
+	<device match="tty" />
+	<device match="tun" />
+	<device match="udp" />
+	<device match="udp6" />
+	<device match="urandom" />
+	<device match="vnd/*" />
+	<device match="zero" />
+	<device match="zfd/%z/slave/0" name="zfd/0" />
+	<device match="zfd/%z/slave/1" name="zfd/1" />
+	<device match="zfd/%z/slave/2" name="zfd/2" />
+	<device match="zfs" />
+	<device match="zvol/dsk/%P/%z/*" />
+	<device match="zvol/rdsk/%P/%z/*" />
+
+	<!-- Devices to create in exclusive IP zone only -->
+	<device match="dld" ip-type="exclusive" />
+	<device match="icmp" ip-type="exclusive" />
+	<device match="icmp6" ip-type="exclusive" />
+	<device match="ip" ip-type="exclusive" />
+	<device match="ip6" ip-type="exclusive" />
+	<device match="ipauth" ip-type="exclusive" />
+	<device match="ipd" ip-type="exclusive" />
+	<device match="ipf" ip-type="exclusive" />
+	<device match="ipl" ip-type="exclusive" />
+	<device match="iplookup" ip-type="exclusive" />
+	<device match="ipmpstub" ip-type="exclusive" />
+	<device match="ipnat" ip-type="exclusive" />
+	<device match="ipscan" ip-type="exclusive" />
+	<device match="ipsecah" ip-type="exclusive" />
+	<device match="ipsecesp" ip-type="exclusive" />
+	<device match="ipstate" ip-type="exclusive" />
+	<device match="ipsync" ip-type="exclusive" />
+	<device match="keysock" ip-type="exclusive" />
+	<device match="rawip" ip-type="exclusive" />
+	<device match="rawip6" ip-type="exclusive" />
+	<device match="rts" ip-type="exclusive" />
+	<device match="sad/admin" ip-type="exclusive" />
+	<device match="sctp" ip-type="exclusive" />
+	<device match="sctp6" ip-type="exclusive" />
+	<device match="spdsock" ip-type="exclusive" />
+	<device match="sppp" ip-type="exclusive" />
+	<device match="sppptun" ip-type="exclusive" />
+	<device match="vni" ip-type="exclusive" />
+
+	<!-- Renamed devices to create under /dev -->
+	<device match="zcons/%z/zoneconsole" name="zconsole" />
+
+	<!-- Symlinks to create under /dev -->
+	<symlink source="console" target="zconsole" />
+	<symlink source="dtremote" target="/dev/null" />
+	<symlink source="msglog" target="zconsole" />
+	<symlink source="stderr" target="./fd/2" />
+	<symlink source="stdin" target="./fd/0" />
+	<symlink source="stdout" target="./fd/1" />
+	<symlink source="syscon" target="zconsole" />
+	<symlink source="sysmsg" target="zconsole" />
+	<symlink source="systty" target="zconsole" />
+
+</platform>
diff --git a/usr/src/lib/brand/joyent-minimal/zone/poststate b/usr/src/lib/brand/joyent-minimal/zone/poststate
new file mode 100755
index 0000000000..be489ef55b
--- /dev/null
+++ b/usr/src/lib/brand/joyent-minimal/zone/poststate
@@ -0,0 +1,19 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+ps_brand="joyent-minimal"
+. /usr/lib/brand/jcommon/poststate
diff --git a/usr/src/lib/brand/joyent-minimal/zone/prestate b/usr/src/lib/brand/joyent-minimal/zone/prestate
new file mode 100755
index 0000000000..e6aeb1cba5
--- /dev/null
+++ b/usr/src/lib/brand/joyent-minimal/zone/prestate
@@ -0,0 +1,19 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+ps_brand="joyent-minimal"
+. /usr/lib/brand/jcommon/prestate
diff --git a/usr/src/lib/brand/joyent-minimal/zone/statechange b/usr/src/lib/brand/joyent-minimal/zone/statechange
new file mode 100755
index 0000000000..5e2eeff0f2
--- /dev/null
+++ b/usr/src/lib/brand/joyent-minimal/zone/statechange
@@ -0,0 +1,42 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2018 Joyent, Inc.  All rights reserved.
+#
+
+# Do we support vrrp?
+jst_vrrp="yes"
+
+# Do we support unfiltered promiscuous mode
+# jst_ufpromisc="yes"
+
+# Do we use vnd devices
+# jst_createvnd="yes"
+
+# Do we not need to have various SMF and ccs stuff created for us?
+# jst_simplefs="yes"
+
+# Should we show snapshots?
+jst_showsnap="yes"
+
+# Where does the mdata socket live?
+jst_mdatapath="/.zonecontrol/"
+
+# Ensure docker zfd(7D) log is not put in the wrong place
+if [[ "$_ZONECFG_attr_docker" == true ]]; then
+	typeset -A FORCED_ATTRS
+	FORCED_ATTRS["zlog-name"]=
+fi
+
+. /usr/lib/brand/jcommon/statechange
diff --git a/usr/src/lib/brand/joyent/Makefile b/usr/src/lib/brand/joyent/Makefile
new file mode 100644
index 0000000000..0823a1f94e
--- /dev/null
+++ b/usr/src/lib/brand/joyent/Makefile
@@ -0,0 +1,31 @@
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+# Copyright 2019 Joyent, Inc.
+#
+
+default: all
+
+# Build everything in parallel; use .WAIT for dependencies
+.PARALLEL:
+
+SUBDIRS =	zone
+
+all :=		TARGET= all
+install :=	TARGET= install
+clean :=	TARGET= clean
+clobber :=	TARGET= clobber
+
+all install clean clobber: $(SUBDIRS)
+
+$(SUBDIRS): FRC
+	@cd $@; pwd; $(MAKE) $(TARGET)
+
+FRC:
diff --git a/usr/src/lib/brand/joyent/zone/Joyent.xml b/usr/src/lib/brand/joyent/zone/Joyent.xml
new file mode 100644
index 0000000000..cbb810301e
--- /dev/null
+++ b/usr/src/lib/brand/joyent/zone/Joyent.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0"?>
+
+<!--
+ Copyright 2010 Joyent, Inc.  All rights reserved.
+ Use is subject to license terms.
+
+ CDDL HEADER START
+
+ The contents of this file are subject to the terms of the
+ Common Development and Distribution License (the "License").
+ You may not use this file except in compliance with the License.
+
+ You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ or http://www.opensolaris.org/os/licensing.
+ See the License for the specific language governing permissions
+ and limitations under the License.
+
+ When distributing Covered Code, include this CDDL HEADER in each
+ file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ If applicable, add the following below this CDDL HEADER, with the
+ fields enclosed by brackets "[]" replaced with your own identifying
+ information: Portions Copyright [yyyy] [name of copyright owner]
+
+ CDDL HEADER END
+
+    DO NOT EDIT THIS FILE.  Use zonecfg(1M) instead.
+-->
+
+<!DOCTYPE zone PUBLIC "-//Joyent Inc//DTD Zones//EN" "file:///usr/share/lib/xml/dtd/zonecfg.dtd.1">
+
+<zone name="default" zonepath="" autoboot="false" brand="joyent">
+</zone>
diff --git a/usr/src/lib/brand/joyent/zone/Makefile b/usr/src/lib/brand/joyent/zone/Makefile
new file mode 100644
index 0000000000..3ffc11c8a0
--- /dev/null
+++ b/usr/src/lib/brand/joyent/zone/Makefile
@@ -0,0 +1,39 @@
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+# Copyright 2019 Joyent, Inc.
+#
+
+BRAND = joyent
+
+include $(SRC)/lib/brand/Makefile.brand
+
+PROGS =	jattach jdetach jinstall juninstall poststate prestate statechange
+XMLDOCS = config.xml platform.xml
+TEMPLATES = Joyent.xml SUNWdefault.xml
+TXTS = manifests
+
+CLOBBERFILES = $(ROOTXMLDOCS) $(ROOTTXTS) $(ROOTPROGS) $(ROOTTEMPLATES)
+
+# These shouldn't be necessary, but for some reason the same thing in
+# ../../Makefile.brand is not being picked up.
+$(ROOTPROGS) := FILEMODE = 755
+$(ROOTTXTS) := FILEMODE = 444
+$(ROOTXMLDOCS) := FILEMODE = 444
+$(ROOTTEMPLATES) := FILEMODE = 444
+
+all: $(PROGS)
+
+install: $(PROGS) $(ROOTPROGS) $(ROOTXMLDOCS) $(ROOTTXTS) $(ROOTTEMPLATES)
+
+clean:
+	$(RM) $(CLEANFILES)
+
+include $(SRC)/cmd/Makefile.targ
diff --git a/usr/src/lib/brand/ipkg/zone/SUNWdefault.xml b/usr/src/lib/brand/joyent/zone/SUNWdefault.xml
index 8c1079256b..070412f6c1 100644
--- a/usr/src/lib/brand/ipkg/zone/SUNWdefault.xml
+++ b/usr/src/lib/brand/joyent/zone/SUNWdefault.xml
@@ -28,5 +28,5 @@
 
 <!DOCTYPE zone PUBLIC "-//Sun Microsystems Inc//DTD Zones//EN" "file:///usr/share/lib/xml/dtd/zonecfg.dtd.1">
 
-<zone name="default" zonepath="" autoboot="false" brand="ipkg">
+<zone name="default" zonepath="" autoboot="false" brand="joyent">
 </zone>
diff --git a/usr/src/lib/brand/joyent/zone/config.xml b/usr/src/lib/brand/joyent/zone/config.xml
new file mode 100644
index 0000000000..c6fdb574dd
--- /dev/null
+++ b/usr/src/lib/brand/joyent/zone/config.xml
@@ -0,0 +1,115 @@
+<?xml version="1.0"?>
+
+<!--
+ CDDL HEADER START
+
+ The contents of this file are subject to the terms of the
+ Common Development and Distribution License (the "License").
+ You may not use this file except in compliance with the License.
+
+ You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ or http://www.opensolaris.org/os/licensing.
+ See the License for the specific language governing permissions
+ and limitations under the License.
+
+ When distributing Covered Code, include this CDDL HEADER in each
+ file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ If applicable, add the following below this CDDL HEADER, with the
+ fields enclosed by brackets "[]" replaced with your own identifying
+ information: Portions Copyright [yyyy] [name of copyright owner]
+
+ CDDL HEADER END
+
+ Copyright 2015 Joyent, Inc.  All rights reserved.
+ Use is subject to license terms.
+
+ DO NOT EDIT THIS FILE.
+-->
+
+<!DOCTYPE brand PUBLIC "-//Joyent Inc//DTD Brands//EN"
+    "file:///usr/share/lib/xml/dtd/brand.dtd.1">
+
+<brand name="joyent">
+	<modname></modname>
+
+	<initname>/sbin/init</initname>
+	<login_cmd>/usr/bin/login -z %Z %u</login_cmd>
+	<forcedlogin_cmd>/usr/bin/login -z %Z -f %u</forcedlogin_cmd>
+	<user_cmd>/usr/bin/getent passwd %u</user_cmd>
+
+	<install>/usr/lib/brand/joyent/jinstall -z %z -R %R</install>
+	<installopts>R:t:U:q:z:</installopts>
+	<boot></boot>
+	<halt></halt>
+	<verify_cfg></verify_cfg>
+	<verify_adm></verify_adm>
+	<postclone></postclone>
+	<postinstall></postinstall>
+	<attach>/usr/lib/brand/joyent/jattach -z %z -R %R</attach>
+	<detach>/usr/lib/brand/joyent/jdetach -z %z -R %R</detach>
+	<clone></clone>
+	<uninstall>/usr/lib/brand/joyent/juninstall -z %z -R %R</uninstall>
+	<prestatechange>/usr/lib/brand/joyent/prestate %z %R</prestatechange>
+	<poststatechange>/usr/lib/brand/joyent/poststate %z %R</poststatechange>
+	<query>/usr/lib/brand/joyent/query %z %R</query>
+
+	<privilege set="default" name="contract_event" />
+	<privilege set="default" name="contract_identity" />
+	<privilege set="default" name="contract_observer" />
+	<privilege set="default" name="dtrace_proc" />
+	<privilege set="default" name="dtrace_user" />
+	<privilege set="default" name="file_chown" />
+	<privilege set="default" name="file_chown_self" />
+	<privilege set="default" name="file_dac_execute" />
+	<privilege set="default" name="file_dac_read" />
+	<privilege set="default" name="file_dac_search" />
+	<privilege set="default" name="file_dac_write" />
+	<privilege set="default" name="file_owner" />
+	<privilege set="default" name="file_setid" />
+	<privilege set="default" name="ipc_dac_read" />
+	<privilege set="default" name="ipc_dac_write" />
+	<privilege set="default" name="ipc_owner" />
+	<privilege set="default" name="net_bindmlp" />
+	<privilege set="default" name="net_icmpaccess" />
+	<privilege set="default" name="net_mac_aware" />
+	<privilege set="default" name="net_observability" />
+	<privilege set="default" name="net_privaddr" />
+	<privilege set="default" name="net_rawaccess" ip-type="exclusive" />
+	<privilege set="default" name="proc_chroot" />
+	<privilege set="default" name="sys_audit" />
+	<privilege set="default" name="proc_audit" />
+	<privilege set="default" name="proc_lock_memory" />
+	<privilege set="default" name="proc_owner" />
+	<privilege set="default" name="proc_prioup" />
+	<privilege set="default" name="proc_secflags" />
+	<privilege set="default" name="proc_setid" />
+	<privilege set="default" name="proc_taskid" />
+	<privilege set="default" name="sys_acct" />
+	<privilege set="default" name="sys_admin" />
+	<privilege set="default" name="sys_fs_import" />
+	<privilege set="default" name="sys_ip_config" ip-type="exclusive" />
+	<privilege set="default" name="sys_iptun_config" ip-type="exclusive" />
+	<privilege set="default" name="sys_mount" />
+	<privilege set="default" name="sys_nfs" />
+	<privilege set="default" name="sys_smb" />
+	<privilege set="default" name="sys_resource" />
+	<privilege set="default" name="sys_ppp_config" ip-type="exclusive" />
+
+	<privilege set="prohibited" name="dtrace_kernel" />
+	<privilege set="prohibited" name="proc_zone" />
+	<privilege set="prohibited" name="sys_config" />
+	<privilege set="prohibited" name="sys_devices" />
+	<privilege set="prohibited" name="sys_ip_config" ip-type="shared" />
+	<privilege set="prohibited" name="sys_linkdir" />
+	<privilege set="prohibited" name="sys_net_config" />
+	<privilege set="prohibited" name="sys_res_config" />
+	<privilege set="prohibited" name="sys_suser_compat" />
+	<privilege set="prohibited" name="xvm_control" />
+	<privilege set="prohibited" name="virt_manage" />
+	<privilege set="prohibited" name="sys_ppp_config" ip-type="shared" />
+
+	<privilege set="required" name="proc_exec" />
+	<privilege set="required" name="proc_fork" />
+	<privilege set="required" name="sys_ip_config" ip-type="exclusive" />
+	<privilege set="required" name="sys_mount" />
+</brand>
diff --git a/usr/src/lib/brand/joyent/zone/jattach b/usr/src/lib/brand/joyent/zone/jattach
new file mode 100755
index 0000000000..11844b9ac4
--- /dev/null
+++ b/usr/src/lib/brand/joyent/zone/jattach
@@ -0,0 +1,26 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+. /usr/lib/brand/jcommon/libhooks.ksh
+
+function jcommon_attach_hook
+{
+	jattach_zone_final_setup
+}
+
+ps_brand="joyent"
+. /usr/lib/brand/jcommon/cattach
diff --git a/usr/src/lib/brand/joyent/zone/jdetach b/usr/src/lib/brand/joyent/zone/jdetach
new file mode 100755
index 0000000000..89681919f1
--- /dev/null
+++ b/usr/src/lib/brand/joyent/zone/jdetach
@@ -0,0 +1,19 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+ps_brand="joyent"
+. /usr/lib/brand/jcommon/cdetach
diff --git a/usr/src/lib/brand/joyent/zone/jinstall b/usr/src/lib/brand/joyent/zone/jinstall
new file mode 100755
index 0000000000..8e6ec2a7b2
--- /dev/null
+++ b/usr/src/lib/brand/joyent/zone/jinstall
@@ -0,0 +1,31 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+# Does this brand support reprovisioning?
+jst_reprovision="yes"
+
+# Is a template image optional?
+# jst_tmplopt="yes"
+
+. /usr/lib/brand/jcommon/libhooks.ksh
+
+function jcommon_attach_hook
+{
+	jattach_zone_final_setup
+}
+
+. /usr/lib/brand/jcommon/cinstall
diff --git a/usr/src/lib/brand/joyent/zone/juninstall b/usr/src/lib/brand/joyent/zone/juninstall
new file mode 100755
index 0000000000..09051a17b6
--- /dev/null
+++ b/usr/src/lib/brand/joyent/zone/juninstall
@@ -0,0 +1,25 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+. /usr/lib/brand/jcommon/libhooks.ksh
+
+function jcommon_uninstall_hook
+{
+	juninstall_delegated_dataset
+}
+
+. /usr/lib/brand/jcommon/cuninstall
diff --git a/usr/src/lib/brand/joyent/zone/manifests b/usr/src/lib/brand/joyent/zone/manifests
new file mode 100644
index 0000000000..00c43b3f8e
--- /dev/null
+++ b/usr/src/lib/brand/joyent/zone/manifests
@@ -0,0 +1,176 @@
+#
+# This file lists the SMF manifests which are available in the global
+# zone and which should be setup for use in non-global zones.  Not
+# all SMF services are usable within a zone, so only those that are usable
+# should be listed here.
+#
+# The format of the file is:
+#	manifest_name enable/disable
+# The manifest_name is found relative to /lib/svc/manifest on the system.
+# The second field is used to indicate if the svc should be enabled or
+# disabled by default within zones, independently of its current status in
+# the global zone.
+#
+# The following is a list of SMF svcs which could be run in a zone, but
+# which we're not currently installing on our live image.  If we add any
+# of these to the image and we want it to also be available in zones,
+# then we need to move the entry to the end and uncomment it out.
+#
+# application/cups.xml
+# application/font/fc-cache.xml
+# application/graphical-login/gdm.xml
+# application/management/net-snmp.xml
+# application/management/seaport.xml
+# application/management/snmpdx.xml
+# application/opengl/ogl-select.xml
+# application/print/service-selector.xml
+# application/security/tcsd.xml
+# application/x11/x11-server.xml
+# application/x11/xfs.xml
+# application/x11/xvnc-inetd.xml
+# network/rpc/keyserv.xml
+# network/socket-filter-kssl.xml
+# network/ssl/kssl-proxy.xml
+# network/dns/server.xml
+# network/ftp.xml
+# network/finger.xml
+# network/comsat.xml
+# network/rpc/rstat.xml
+# network/rpc/rusers.xml
+# network/rpc/spray.xml
+# network/rpc/wall.xml
+# network/talk.xml
+# network/ntp.xml
+# network/sendmail-client.xml
+# network/smtp-sendmail.xml
+# network/telnet.xml
+# network/wpa.xml
+# network/rpc/gss.xml
+# network/security/kadmin.xml
+# network/security/krb5kdc.xml
+# network/security/ktkt_warn.xml
+# network/rpc/smserver.xml
+# network/nfs/cbd.xml
+# network/ipmievd.xml
+# network/http-apache22.xml
+# system/consolekit.xml
+# system/device/devices-audio.xml
+# system/fm/notify-params.xml
+# system/install/system-config.xml
+# system/pkgserv.xml
+#
+
+#
+# The following is a list of SMF svcs which are installed on our live image and
+# which could be run in a zone, but which we choose not to run in our zones.
+# If we ever do want to run any of these, move the entry to the end and
+# uncomment it out.
+#
+# system/boot-archive-update.xml
+# system/boot-config.xml
+#
+
+#
+# The following is a list of SMF svc manifests under /lib/svc/manifest.  These
+# are available on our live image and are runnable in a zone.  Since the zones
+# are sharing the base file system with the global zone, we set up so that
+# only these svcs are configured in zones, independently of the global zone
+# /lib/svc/manifest hierarchy.
+#
+milestone/multi-user-server.xml				enabled
+milestone/multi-user.xml				enabled
+milestone/name-services.xml				enabled
+milestone/network.xml					enabled
+milestone/single-user.xml				enabled
+milestone/sysconfig.xml					enabled
+network/bridge.xml					enabled
+network/dlmgmt.xml					enabled
+network/dns/client.xml					enabled
+network/dns/install.xml					disabled
+network/dns/multicast.xml				disabled
+network/forwarding.xml					disabled
+network/inetd-upgrade.xml				enabled
+network/inetd.xml					disabled
+network/ipfilter.xml					disabled
+network/ipsec/ike.xml					disabled
+network/ipsec/ipsecalgs.xml				enabled
+network/ipsec/manual-key.xml				disabled
+network/ipsec/policy.xml				enabled
+network/ldap/client.xml					disabled
+network/loadbalancer/ilbd.xml				disabled
+network/login.xml					enabled
+network/network-initial.xml				enabled
+network/network-install.xml				disabled
+network/network-ipmgmt.xml				enabled
+network/network-ipqos.xml				disabled
+network/network-iptun.xml				enabled
+network/network-location.xml				disabled
+network/network-loopback.xml				enabled
+network/network-netcfg.xml				enabled
+network/network-netmask.xml				enabled
+network/network-physical.xml				enabled
+network/network-routing-setup.xml			enabled
+network/network-service.xml				enabled
+network/nfs/client.xml					disabled
+network/nfs/mapid.xml					disabled
+network/nfs/nlockmgr.xml				disabled
+network/nfs/rquota.xml					disabled
+network/nfs/status.xml					disabled
+network/nis/client.xml					disabled
+network/rexec.xml					disabled
+network/routing/legacy-routing.xml			enabled
+network/routing/ndp.xml					disabled
+network/routing/rdisc.xml				disabled
+network/routing/ripng.xml				disabled
+network/routing/route.xml				disabled
+network/rpc/bind.xml					enabled
+network/shares/group.xml				enabled
+network/shares/reparsed.xml				disabled
+network/shell.xml					disabled
+network/slp.xml						disabled
+network/smb/client.xml					disabled
+network/smb/server.xml					disabled
+network/ssh.xml						enabled
+network/vrrp.xml					disabled
+system/auditd.xml					disabled
+system/auditset.xml					disabled
+system/boot-archive.xml					enabled
+system/consadm.xml					disabled
+system/console-login.xml				disabled
+system/coreadm.xml					enabled
+system/cron.xml						enabled
+system/cryptosvc.xml					enabled
+system/device/allocate.xml				disabled
+system/device/devices-local.xml				enabled
+system/device/mpxio-upgrade.xml				disabled
+system/early-manifest-import.xml			enabled
+system/extended-accounting.xml				enabled
+system/filesystem/autofs.xml				disabled
+system/filesystem/joyent-fs.xml				enabled
+system/filesystem/local-fs.xml				enabled
+system/filesystem/minimal-fs.xml			enabled
+system/filesystem/root-fs.xml				enabled
+system/filesystem/usr-fs.xml				enabled
+system/fmd.xml						disabled
+system/hostid.xml					enabled
+system/hotplug.xml					disabled
+system/identity.xml					enabled
+system/idmap.xml					disabled
+system/keymap.xml					enabled
+system/logadm-upgrade.xml				enabled
+system/manifest-import.xml				enabled
+system/mdata.xml					disabled
+system/name-service-cache.xml				enabled
+system/pfexecd.xml					enabled
+system/process-security.xml				enabled
+system/rbac.xml						enabled
+system/rcap.xml						disabled
+system/rmtmpfiles.xml					enabled
+system/sac.xml						disabled
+system/sar.xml						disabled
+system/svc/global.xml					disabled
+system/svc/restarter.xml				enabled
+system/sysidtool.xml					enabled
+system/system-log.xml					enabled
+system/utmp.xml						enabled
+system/vtdaemon.xml					disabled
diff --git a/usr/src/lib/brand/joyent/zone/platform.xml b/usr/src/lib/brand/joyent/zone/platform.xml
new file mode 100644
index 0000000000..5a4a960141
--- /dev/null
+++ b/usr/src/lib/brand/joyent/zone/platform.xml
@@ -0,0 +1,168 @@
+<?xml version="1.0"?>
+
+<!--
+ CDDL HEADER START
+
+ The contents of this file are subject to the terms of the
+ Common Development and Distribution License (the "License").
+ You may not use this file except in compliance with the License.
+
+ You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ or http://www.opensolaris.org/os/licensing.
+ See the License for the specific language governing permissions
+ and limitations under the License.
+
+ When distributing Covered Code, include this CDDL HEADER in each
+ file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ If applicable, add the following below this CDDL HEADER, with the
+ fields enclosed by brackets "[]" replaced with your own identifying
+ information: Portions Copyright [yyyy] [name of copyright owner]
+
+ CDDL HEADER END
+
+ Copyright 2017 Joyent, Inc.
+
+ DO NOT EDIT THIS FILE.
+-->
+
+<!DOCTYPE platform PUBLIC "-//Joyent Inc//Zones Platform//EN"
+    "file:///usr/share/lib/xml/dtd/zone_platform.dtd.1">
+
+<platform name="joyent" allow-exclusive-ip="true">
+
+	<!-- Global filesystems to mount when booting the zone -->
+	<global_mount special="/dev" directory="/dev" type="dev"
+	    opt="attrdir=%R/root/dev"/>
+
+	<global_mount special="/var/zonecontrol/%z" directory="/.zonecontrol"
+	    opt="ro,nodevices,nosetuid,noexec" type="lofs" />
+	<global_mount special="/lib" directory="/lib"
+	    opt="ro,nodevices" type="lofs" />
+	<global_mount special="%P/manifests/joyent"
+	    directory="/lib/svc/manifest"
+	    opt="ro,nodevices" type="lofs" />
+	<global_mount special="%R/site" directory="/lib/svc/manifest/site"
+	    opt="nodevices" type="lofs" />
+	<global_mount special="/sbin" directory="/sbin"
+	    opt="ro,nodevices" type="lofs" />
+	<global_mount special="/usr" directory="/usr"
+	    opt="ro,nodevices" type="lofs" />
+	<global_mount special="%R/local" directory="/usr/local"
+	    opt="nodevices" type="lofs" />
+	<global_mount special="%R/ccs" directory="/usr/ccs"
+	    opt="nodevices" type="lofs" />
+
+	<!-- Local filesystems to mount when booting the zone -->
+	<mount special="/proc" directory="/proc" type="proc" />
+	<mount special="ctfs" directory="/system/contract" type="ctfs" />
+	<mount special="mnttab" directory="/etc/mnttab" type="mntfs" />
+	<mount special="objfs" directory="/system/object" type="objfs" />
+	<mount special="lxproc" directory="/system/lxproc" type="lxproc" />
+	<mount special="swap" directory="/etc/svc/volatile" type="tmpfs" />
+
+	<!-- Devices to create under /dev -->
+	<device match="arp" />
+	<device match="bpf" />
+	<device match="conslog" />
+	<device match="cpu/self/cpuid" />
+	<device match="crypto" />
+	<device match="cryptoadm" />
+	<device match="dsk" />
+	<device match="dtrace/*" />
+	<device match="dtrace/provider/*" />
+	<device match="eventfd" />
+	<device match="fd" />
+	<device match="full" />
+	<device match="inotify" />
+	<device match="ipnet" />
+	<device match="kstat" />
+	<device match="lo0" />
+	<device match="lofictl" />
+	<device match="lofi" />
+	<device match="log" />
+	<device match="logindmux" />
+	<device match="nsmb" />
+	<device match="net/*" />
+	<device match="null" />
+	<device match="openprom" arch="sparc" />
+	<device match="poll" />
+	<device match="pool" />
+	<device match="ptmx" />
+	<device match="pts/*" />
+	<device match="random" />
+	<device match="rdsk" />
+	<device match="rlofi" />
+	<device match="rmt" />
+	<device match="sad/user" />
+	<device match="smbsrv" />
+	<device match="signalfd" />
+	<device match="svvslo0" />
+	<device match="svvslo1" />
+	<device match="svvslo2" />
+	<device match="svvslo3" />
+	<device match="swap" />
+	<device match="sysevent" />
+	<device match="tap" />
+	<device match="tcp" />
+	<device match="tcp6" />
+	<device match="term" />
+	<device match="ticlts" />
+	<device match="ticots" />
+	<device match="ticotsord" />
+	<device match="timerfd" />
+	<device match="tty" />
+	<device match="tun" />
+	<device match="udp" />
+	<device match="udp6" />
+	<device match="urandom" />
+	<device match="vnd/*" />
+	<device match="zero" />
+	<device match="zfs" />
+	<device match="zvol/dsk/%P/%z/*" />
+	<device match="zvol/rdsk/%P/%z/*" />
+
+	<!-- Devices to create in exclusive IP zone only -->
+	<device match="dld" ip-type="exclusive" />
+	<device match="icmp" ip-type="exclusive" />
+	<device match="icmp6" ip-type="exclusive" />
+	<device match="ip" ip-type="exclusive" />
+	<device match="ip6" ip-type="exclusive" />
+	<device match="ipauth" ip-type="exclusive" />
+	<device match="ipd" ip-type="exclusive" />
+	<device match="ipf" ip-type="exclusive" />
+	<device match="ipl" ip-type="exclusive" />
+	<device match="iplookup" ip-type="exclusive" />
+	<device match="ipmpstub" ip-type="exclusive" />
+	<device match="ipnat" ip-type="exclusive" />
+	<device match="ipscan" ip-type="exclusive" />
+	<device match="ipsecah" ip-type="exclusive" />
+	<device match="ipsecesp" ip-type="exclusive" />
+	<device match="ipstate" ip-type="exclusive" />
+	<device match="ipsync" ip-type="exclusive" />
+	<device match="keysock" ip-type="exclusive" />
+	<device match="rawip" ip-type="exclusive" />
+	<device match="rawip6" ip-type="exclusive" />
+	<device match="rts" ip-type="exclusive" />
+	<device match="sad/admin" ip-type="exclusive" />
+	<device match="sctp" ip-type="exclusive" />
+	<device match="sctp6" ip-type="exclusive" />
+	<device match="spdsock" ip-type="exclusive" />
+	<device match="sppp" ip-type="exclusive" />
+	<device match="sppptun" ip-type="exclusive" />
+	<device match="vni" ip-type="exclusive" />
+
+	<!-- Renamed devices to create under /dev -->
+	<device match="zcons/%z/zoneconsole" name="zconsole" />
+
+	<!-- Symlinks to create under /dev -->
+	<symlink source="console" target="zconsole" />
+	<symlink source="dtremote" target="/dev/null" />
+	<symlink source="msglog" target="zconsole" />
+	<symlink source="stderr" target="./fd/2" />
+	<symlink source="stdin" target="./fd/0" />
+	<symlink source="stdout" target="./fd/1" />
+	<symlink source="syscon" target="zconsole" />
+	<symlink source="sysmsg" target="zconsole" />
+	<symlink source="systty" target="zconsole" />
+
+</platform>
diff --git a/usr/src/lib/brand/joyent/zone/poststate b/usr/src/lib/brand/joyent/zone/poststate
new file mode 100755
index 0000000000..6cd0d0a18f
--- /dev/null
+++ b/usr/src/lib/brand/joyent/zone/poststate
@@ -0,0 +1,19 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+ps_brand="joyent"
+. /usr/lib/brand/jcommon/poststate
diff --git a/usr/src/lib/brand/joyent/zone/prestate b/usr/src/lib/brand/joyent/zone/prestate
new file mode 100755
index 0000000000..10b73285c6
--- /dev/null
+++ b/usr/src/lib/brand/joyent/zone/prestate
@@ -0,0 +1,19 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+ps_brand="joyent"
+. /usr/lib/brand/jcommon/prestate
diff --git a/usr/src/lib/brand/joyent/zone/statechange b/usr/src/lib/brand/joyent/zone/statechange
new file mode 100755
index 0000000000..5e2eeff0f2
--- /dev/null
+++ b/usr/src/lib/brand/joyent/zone/statechange
@@ -0,0 +1,42 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2018 Joyent, Inc.  All rights reserved.
+#
+
+# Do we support vrrp?
+jst_vrrp="yes"
+
+# Do we support unfiltered promiscuous mode
+# jst_ufpromisc="yes"
+
+# Do we use vnd devices
+# jst_createvnd="yes"
+
+# Do we not need to have various SMF and ccs stuff created for us?
+# jst_simplefs="yes"
+
+# Should we show snapshots?
+jst_showsnap="yes"
+
+# Where does the mdata socket live?
+jst_mdatapath="/.zonecontrol/"
+
+# Ensure docker zfd(7D) log is not put in the wrong place
+if [[ "$_ZONECFG_attr_docker" == true ]]; then
+	typeset -A FORCED_ATTRS
+	FORCED_ATTRS["zlog-name"]=
+fi
+
+. /usr/lib/brand/jcommon/statechange
diff --git a/usr/src/lib/brand/kvm/Makefile b/usr/src/lib/brand/kvm/Makefile
new file mode 100644
index 0000000000..0823a1f94e
--- /dev/null
+++ b/usr/src/lib/brand/kvm/Makefile
@@ -0,0 +1,31 @@
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+# Copyright 2019 Joyent, Inc.
+#
+
+default: all
+
+# Build everything in parallel; use .WAIT for dependencies
+.PARALLEL:
+
+SUBDIRS =	zone
+
+all :=		TARGET= all
+install :=	TARGET= install
+clean :=	TARGET= clean
+clobber :=	TARGET= clobber
+
+all install clean clobber: $(SUBDIRS)
+
+$(SUBDIRS): FRC
+	@cd $@; pwd; $(MAKE) $(TARGET)
+
+FRC:
diff --git a/usr/src/lib/brand/kvm/zone/Makefile b/usr/src/lib/brand/kvm/zone/Makefile
new file mode 100644
index 0000000000..0fc0a1a375
--- /dev/null
+++ b/usr/src/lib/brand/kvm/zone/Makefile
@@ -0,0 +1,35 @@
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+# Copyright 2019 Joyent, Inc.
+#
+
+BRAND = kvm
+
+include $(SRC)/lib/brand/Makefile.brand
+
+PROGS =	kattach kdetach kinstall kuninstall prestate poststate statechange
+XMLDOCS = config.xml platform.xml
+
+CLOBBERFILES = $(ROOTXMLDOCS) $(ROOTPROGS)
+
+# These shouldn't be necessary, but for some reason the same thing in
+# ../../Makefile.brand is not being picked up.
+$(ROOTPROGS) := FILEMODE = 755
+$(ROOTXMLDOCS) := FILEMODE = 444
+
+all: $(PROGS)
+
+install: $(PROGS) $(ROOTPROGS) $(ROOTXMLDOCS)
+
+clean:
+	$(RM) $(CLEANFILES)
+
+include $(SRC)/cmd/Makefile.targ
diff --git a/usr/src/lib/brand/kvm/zone/config.xml b/usr/src/lib/brand/kvm/zone/config.xml
new file mode 100644
index 0000000000..461805ae1f
--- /dev/null
+++ b/usr/src/lib/brand/kvm/zone/config.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0"?>
+
+<!--
+ CDDL HEADER START
+
+ The contents of this file are subject to the terms of the
+ Common Development and Distribution License (the "License").
+ You may not use this file except in compliance with the License.
+
+ You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ or http://www.opensolaris.org/os/licensing.
+ See the License for the specific language governing permissions
+ and limitations under the License.
+
+ When distributing Covered Code, include this CDDL HEADER in each
+ file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ If applicable, add the following below this CDDL HEADER, with the
+ fields enclosed by brackets "[]" replaced with your own identifying
+ information: Portions Copyright [yyyy] [name of copyright owner]
+
+ CDDL HEADER END
+
+ Copyright 2010,2011 Joyent, Inc.  All rights reserved.
+ Use is subject to license terms.
+
+ DO NOT EDIT THIS FILE.
+-->
+
+<!DOCTYPE brand PUBLIC "-//Joyent Inc//DTD Brands//EN"
+    "file:///usr/share/lib/xml/dtd/brand.dtd.1">
+
+<brand name="kvm">
+	<modname></modname>
+
+	<initname>/startvm</initname>
+	<restartinit>false</restartinit>
+	<login_cmd>/usr/bin/login -z %Z %u</login_cmd>
+	<forcedlogin_cmd>/usr/bin/login -z %Z -f %u</forcedlogin_cmd>
+	<user_cmd>/usr/bin/getent passwd %u</user_cmd>
+
+	<install>/usr/lib/brand/kvm/kinstall -z %z -R %R</install>
+	<installopts>R:t:U:q:z:</installopts>
+	<boot></boot>
+	<halt></halt>
+	<verify_cfg></verify_cfg>
+	<verify_adm></verify_adm>
+	<postclone></postclone>
+	<postinstall></postinstall>
+	<attach>/usr/lib/brand/kvm/kattach -z %z -R %R</attach>
+	<detach>/usr/lib/brand/kvm/kdetach -z %z -R %R</detach>
+	<clone></clone>
+	<uninstall>/usr/lib/brand/kvm/kuninstall -z %z -R %R</uninstall>
+	<prestatechange>/usr/lib/brand/kvm/prestate %z %R</prestatechange>
+	<poststatechange>/usr/lib/brand/kvm/poststate %z %R</poststatechange>
+
+	<privilege set="default" name="net_rawaccess" ip-type="exclusive" />
+	<privilege set="default" name="proc_clock_highres" />
+	<privilege set="default" name="proc_lock_memory" />
+	<privilege set="default" name="sys_admin" />
+	<privilege set="default" name="sys_mount" />
+
+	<privilege set="prohibited" name="dtrace_kernel" />
+	<privilege set="prohibited" name="proc_zone" />
+	<privilege set="prohibited" name="sys_config" />
+	<privilege set="prohibited" name="sys_devices" />
+	<privilege set="prohibited" name="sys_ip_config" ip-type="shared" />
+	<privilege set="prohibited" name="sys_linkdir" />
+	<privilege set="prohibited" name="sys_net_config" />
+	<privilege set="prohibited" name="sys_res_config" />
+	<privilege set="prohibited" name="sys_suser_compat" />
+	<privilege set="prohibited" name="xvm_control" />
+	<privilege set="prohibited" name="virt_manage" />
+	<privilege set="prohibited" name="sys_ppp_config" ip-type="shared" />
+
+	<privilege set="required" name="proc_exec" />
+	<privilege set="required" name="sys_mount" />
+</brand>
diff --git a/usr/src/lib/brand/kvm/zone/kattach b/usr/src/lib/brand/kvm/zone/kattach
new file mode 100755
index 0000000000..17d1242c83
--- /dev/null
+++ b/usr/src/lib/brand/kvm/zone/kattach
@@ -0,0 +1,26 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+. /usr/lib/brand/jcommon/libhooks.ksh
+
+function jcommon_attach_hook
+{
+	jattach_kvm_final_setup
+}
+
+ps_brand="kvm"
+. /usr/lib/brand/jcommon/cattach
diff --git a/usr/src/lib/brand/kvm/zone/kdetach b/usr/src/lib/brand/kvm/zone/kdetach
new file mode 100755
index 0000000000..f3785b45e2
--- /dev/null
+++ b/usr/src/lib/brand/kvm/zone/kdetach
@@ -0,0 +1,19 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+ps_brand="kvm"
+. /usr/lib/brand/jcommon/cdetach
diff --git a/usr/src/lib/brand/kvm/zone/kinstall b/usr/src/lib/brand/kvm/zone/kinstall
new file mode 100755
index 0000000000..b070f3a176
--- /dev/null
+++ b/usr/src/lib/brand/kvm/zone/kinstall
@@ -0,0 +1,31 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+# Does this brand support reprovisioning?
+# jst_reprovision="yes"
+
+# Is a template image optional?
+jst_tmplopt="yes"
+
+. /usr/lib/brand/jcommon/libhooks.ksh
+
+function jcommon_attach_hook
+{
+	jattach_kvm_final_setup
+}
+
+. /usr/lib/brand/jcommon/cinstall
diff --git a/usr/src/lib/brand/kvm/zone/kuninstall b/usr/src/lib/brand/kvm/zone/kuninstall
new file mode 100755
index 0000000000..136044ad9e
--- /dev/null
+++ b/usr/src/lib/brand/kvm/zone/kuninstall
@@ -0,0 +1,23 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+function jcommon_uninstall_hook
+{
+	:
+}
+
+. /usr/lib/brand/jcommon/cuninstall
diff --git a/usr/src/lib/brand/kvm/zone/platform.xml b/usr/src/lib/brand/kvm/zone/platform.xml
new file mode 100644
index 0000000000..825344b1e8
--- /dev/null
+++ b/usr/src/lib/brand/kvm/zone/platform.xml
@@ -0,0 +1,145 @@
+<?xml version="1.0"?>
+
+<!--
+ CDDL HEADER START
+
+ The contents of this file are subject to the terms of the
+ Common Development and Distribution License (the "License").
+ You may not use this file except in compliance with the License.
+
+ You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ or http://www.opensolaris.org/os/licensing.
+ See the License for the specific language governing permissions
+ and limitations under the License.
+
+ When distributing Covered Code, include this CDDL HEADER in each
+ file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ If applicable, add the following below this CDDL HEADER, with the
+ fields enclosed by brackets "[]" replaced with your own identifying
+ information: Portions Copyright [yyyy] [name of copyright owner]
+
+ CDDL HEADER END
+
+ Copyright 2010, 2011 Joyent, Inc.  All rights reserved.
+ Use is subject to license terms.
+
+ DO NOT EDIT THIS FILE.
+-->
+
+<!DOCTYPE platform PUBLIC "-//Joyent Inc//Zones Platform//EN"
+    "file:///usr/share/lib/xml/dtd/zone_platform.dtd.1">
+
+<platform name="kvm" allow-exclusive-ip="true">
+
+	<!-- Global filesystems to mount when booting the zone -->
+	<global_mount special="/dev" directory="/dev" type="dev"
+	    opt="attrdir=%R/root/dev"/>
+
+	<global_mount special="/lib" directory="/lib"
+	    opt="ro,nodevices" type="lofs" />
+	<global_mount special="/sbin" directory="/sbin"
+	    opt="ro,nodevices" type="lofs" />
+	<global_mount special="/usr" directory="/usr"
+	    opt="ro,nodevices" type="lofs" />
+	<global_mount special="/smartdc" directory="/smartdc"
+	    opt="ro,nodevices" type="lofs" />
+
+	<!-- Local filesystems to mount when booting the zone -->
+	<mount special="swap" directory="/etc/svc/volatile" type="tmpfs" />
+
+	<!-- Devices to create under /dev -->
+	<device match="arp" />
+	<device match="bpf" />
+	<device match="conslog" />
+	<device match="cpu/self/cpuid" />
+	<device match="crypto" />
+	<device match="cryptoadm" />
+	<device match="dsk" />
+	<device match="dtrace/*" />
+	<device match="dtrace/provider/*" />
+	<device match="fd" />
+	<device match="ipnet" />
+	<device match="kstat" />
+	<device match="kvm" />
+	<device match="lo0" />
+	<device match="lofictl" />
+	<device match="lofi" />
+	<device match="log" />
+	<device match="logindmux" />
+	<device match="nsmb" />
+	<device match="net/*" />
+	<device match="null" />
+	<device match="openprom" arch="sparc" />
+	<device match="poll" />
+	<device match="pool" />
+	<device match="ptmx" />
+	<device match="pts/*" />
+	<device match="random" />
+	<device match="rdsk" />
+	<device match="rlofi" />
+	<device match="rmt" />
+	<device match="sad/user" />
+	<device match="svvslo0" />
+	<device match="svvslo1" />
+	<device match="svvslo2" />
+	<device match="svvslo3" />
+	<device match="swap" />
+	<device match="sysevent" />
+	<device match="tcp" />
+	<device match="tcp6" />
+	<device match="term" />
+	<device match="ticlts" />
+	<device match="ticots" />
+	<device match="ticotsord" />
+	<device match="tty" />
+	<device match="udp" />
+	<device match="udp6" />
+	<device match="urandom" />
+	<device match="vnd/*" />
+	<device match="zero" />
+	<device match="zfs" />
+
+	<!-- Devices to create in exclusive IP zone only -->
+	<device match="dld" ip-type="exclusive" />
+	<device match="icmp" ip-type="exclusive" />
+	<device match="icmp6" ip-type="exclusive" />
+	<device match="ip" ip-type="exclusive" />
+	<device match="ip6" ip-type="exclusive" />
+	<device match="ipauth" ip-type="exclusive" />
+	<device match="ipf" ip-type="exclusive" />
+	<device match="ipl" ip-type="exclusive" />
+	<device match="iplookup" ip-type="exclusive" />
+	<device match="ipmpstub" ip-type="exclusive" />
+	<device match="ipnat" ip-type="exclusive" />
+	<device match="ipscan" ip-type="exclusive" />
+	<device match="ipsecah" ip-type="exclusive" />
+	<device match="ipsecesp" ip-type="exclusive" />
+	<device match="ipstate" ip-type="exclusive" />
+	<device match="ipsync" ip-type="exclusive" />
+	<device match="keysock" ip-type="exclusive" />
+	<device match="rawip" ip-type="exclusive" />
+	<device match="rawip6" ip-type="exclusive" />
+	<device match="rts" ip-type="exclusive" />
+	<device match="sad/admin" ip-type="exclusive" />
+	<device match="sctp" ip-type="exclusive" />
+	<device match="sctp6" ip-type="exclusive" />
+	<device match="spdsock" ip-type="exclusive" />
+	<device match="sppp" ip-type="exclusive" />
+	<device match="sppptun" ip-type="exclusive" />
+	<device match="vni" ip-type="exclusive" />
+
+	<!-- Renamed devices to create under /dev -->
+	<device match="zcons/%z/zoneconsole" name="zconsole" />
+
+	<!-- Symlinks to create under /dev -->
+	<symlink source="console" target="zconsole" />
+	<symlink source="dtremote" target="/dev/null" />
+	<symlink source="msglog" target="zconsole" />
+	<symlink source="stderr" target="./fd/2" />
+	<symlink source="stdin" target="./fd/0" />
+	<symlink source="stdout" target="./fd/1" />
+	<symlink source="syscon" target="zconsole" />
+	<symlink source="sysmsg" target="zconsole" />
+	<symlink source="systty" target="zconsole" />
+
+</platform>
diff --git a/usr/src/lib/brand/kvm/zone/poststate b/usr/src/lib/brand/kvm/zone/poststate
new file mode 100755
index 0000000000..17060a3b68
--- /dev/null
+++ b/usr/src/lib/brand/kvm/zone/poststate
@@ -0,0 +1,19 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+ps_brand="kvm"
+. /usr/lib/brand/jcommon/poststate
diff --git a/usr/src/lib/brand/kvm/zone/prestate b/usr/src/lib/brand/kvm/zone/prestate
new file mode 100755
index 0000000000..a05fe69368
--- /dev/null
+++ b/usr/src/lib/brand/kvm/zone/prestate
@@ -0,0 +1,19 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+ps_brand="kvm"
+. /usr/lib/brand/jcommon/prestate
diff --git a/usr/src/lib/brand/kvm/zone/statechange b/usr/src/lib/brand/kvm/zone/statechange
new file mode 100755
index 0000000000..4e3fab34ca
--- /dev/null
+++ b/usr/src/lib/brand/kvm/zone/statechange
@@ -0,0 +1,36 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+# Do we support vrrp?
+# jst_vrrp="yes"
+
+# Do we support unfiltered promiscuous mode
+jst_ufpromisc="yes"
+
+# Do we use vnd devices
+jst_createvnd="yes"
+
+# Do we not need to have various SMF and ccs stuff created for us?
+jst_simplefs="yes"
+
+# Should we show snapshots?
+# jst_showsnap="yes"
+
+# Where does the mdata socket live?
+jst_mdatapath="/var/run/smartdc"
+
+. /usr/lib/brand/jcommon/statechange
diff --git a/usr/src/lib/brand/lx/zone/Makefile b/usr/src/lib/brand/lx/zone/Makefile
index ddcca6046a..58a5723c5d 100644
--- a/usr/src/lib/brand/lx/zone/Makefile
+++ b/usr/src/lib/brand/lx/zone/Makefile
@@ -21,13 +21,13 @@
 
 #
 # Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
-# Copyright 2015 Joyent, Inc.  All rights reserved.
+# Copyright 2019 Joyent, Inc.
 # Copyright 2017 ASS-Einrichtungssysteme GmbH, Inc.  All rights reserved.
 #
 
-PROGS =	lx_boot
+PROGS =	lx_boot lx_install lx_uninstall prestate poststate statechange
 PROGS += lx_boot_zone_redhat lx_boot_zone_ubuntu lx_boot_zone_debian
-PROGS += lx_boot_zone_busybox lx_boot_zone_suse
+PROGS += lx_boot_zone_busybox lx_boot_zone_suse lx_boot_zone_docker
 XMLDOCS =	config.xml platform.xml
 TEMPLATES =	SUNWlx.xml SUNWlx26.xml
 
diff --git a/usr/src/lib/brand/lx/zone/config.xml b/usr/src/lib/brand/lx/zone/config.xml
index ba7a150a2c..ba2192f867 100644
--- a/usr/src/lib/brand/lx/zone/config.xml
+++ b/usr/src/lib/brand/lx/zone/config.xml
@@ -37,14 +37,17 @@
 	<forcedlogin_cmd>/bin/login -h zone:%Z -f %u</forcedlogin_cmd>
 	<user_cmd>/usr/bin/getent passwd %u</user_cmd>
 
-	<install>/usr/lib/brand/lx/lx_install %z %R</install>
-	<installopts>d:hsvX</installopts>
+	<install>/usr/lib/brand/lx/lx_install -z %z -R %R</install>
+	<installopts>R:t:U:q:z:</installopts>
 	<boot>/usr/lib/brand/lx/lx_boot %z %R</boot>
 	<halt>/usr/lib/brand/lx/lx_support halt %R %z</halt>
 	<verify_cfg>/usr/lib/brand/lx/lx_support verify</verify_cfg>
 	<verify_adm></verify_adm>
 	<postclone></postclone>
 	<postinstall></postinstall>
+	<uninstall>/usr/lib/brand/lx/lx_uninstall -z %z -R %R</uninstall>
+	<prestatechange>/usr/lib/brand/lx/prestate %z %R</prestatechange>
+	<poststatechange>/usr/lib/brand/lx/poststate %z %R</poststatechange>
 
 	<privilege set="default" name="contract_event" />
 	<privilege set="default" name="contract_identity" />
@@ -70,6 +73,7 @@
 	<privilege set="default" name="proc_chroot" />
 	<privilege set="default" name="sys_audit" />
 	<privilege set="default" name="proc_audit" />
+	<privilege set="default" name="proc_clock_highres" />
 	<privilege set="default" name="proc_lock_memory" />
 	<privilege set="default" name="proc_owner" />
 	<privilege set="default" name="proc_secflags" />
@@ -78,10 +82,12 @@
 	<privilege set="default" name="proc_taskid" />
 	<privilege set="default" name="sys_acct" />
 	<privilege set="default" name="sys_admin" />
+	<privilege set="default" name="sys_fs_import" />
 	<privilege set="default" name="sys_ip_config" ip-type="exclusive" />
 	<privilege set="default" name="sys_iptun_config" ip-type="exclusive" />
 	<privilege set="default" name="sys_mount" />
 	<privilege set="default" name="sys_nfs" />
+	<privilege set="default" name="sys_smb" />
 	<privilege set="default" name="sys_resource" />
 	<privilege set="default" name="sys_ppp_config" ip-type="exclusive" />
 
diff --git a/usr/src/lib/brand/lx/zone/lx_boot_zone_docker b/usr/src/lib/brand/lx/zone/lx_boot_zone_docker
new file mode 100755
index 0000000000..9d332a723d
--- /dev/null
+++ b/usr/src/lib/brand/lx/zone/lx_boot_zone_docker
@@ -0,0 +1,17 @@
+#!/bin/ksh -p
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright 2014 Joyent, Inc.  All rights reserved.
+#
+
+# Hand control back to lx_boot
diff --git a/usr/src/lib/brand/lx/zone/lx_boot_zone_docker.ksh b/usr/src/lib/brand/lx/zone/lx_boot_zone_docker.ksh
new file mode 100755
index 0000000000..9d332a723d
--- /dev/null
+++ b/usr/src/lib/brand/lx/zone/lx_boot_zone_docker.ksh
@@ -0,0 +1,17 @@
+#!/bin/ksh -p
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright 2014 Joyent, Inc.  All rights reserved.
+#
+
+# Hand control back to lx_boot
diff --git a/usr/src/lib/brand/lx/zone/lx_install.ksh b/usr/src/lib/brand/lx/zone/lx_install.ksh
index c31b8355ac..d979bb373e 100644
--- a/usr/src/lib/brand/lx/zone/lx_install.ksh
+++ b/usr/src/lib/brand/lx/zone/lx_install.ksh
@@ -9,186 +9,54 @@
 # source.  A copy of the CDDL is also available via the Internet at
 # http://www.illumos.org/license/CDDL.
 #
-# Copyright 2016 Joyent, Inc.  All rights reserved.
-#
 
 #
-# This is only an example install script. It is not currently used for anything.
+# Copyright 2015 Joyent, Inc.
 #
 
-PATH=/bin:/usr/bin:/usr/sbin
-export PATH
+# Does this brand support reprovisioning?
+jst_reprovision="yes"
 
-fullpath()
-{
-	typeset path="$1"
+# Is a template image optional?
+# jst_tmplopt="yes"
 
-	echo $path | egrep -s "^/" || path="${PWD:=$(pwd)}/$path"
-	echo $path
-}
+. /usr/lib/brand/jcommon/libhooks.ksh
 
-makedir()
+function jcommon_attach_hook
 {
-	typeset dirname=$(fullpath "$1")
-	typeset mode=""
-
-	[[ $# -eq 2 ]] && mode="-m $2"
-
-	[[ -d "$dirname" ]] && return
-
-	if ! mkdir $mode -p "$dirname"; then
-		echo $(gettext "Aborting installation...")
-		exit 255
+	# lx-brand specific stuff is done here as final step of install
+
+	#
+	# Make sure the localhost has a hostname alias in the zone's
+	# /etc/hosts file
+	#
+	zroot=$ZONEPATH/root
+	hname=$ZONENAME
+	hostnamef=$zroot/etc/hostname
+	if [[ ! -h $hostnamef ]]; then
+		echo $hname >$hostnamef
 	fi
-}
-
-symlink()
-{
-	typeset src="$1"
-	typeset dst=$(fullpath "$2")
 
-	[[ -e "$dst" || -h "$dst" ]] && rm -f "$dst"
-	
-	if ! ln -s "$src" "$dst"; then
-		echo $(gettext "Aborting installation...")
-		exit 255
+	hostfile=$zroot/etc/hosts
+	if [[ -f $hostfile && ! -h $hostfile ]]; then
+		# use awk to search and append to loopback in one command
+		awk -v hname="$hname" '{
+		    if ($1 ~ /^127\./ && index($0, hname) == 0) {
+		        printf("%s %s\n", $0, hname);
+		    } else {
+		        print $0
+		    }
+		}' $hostfile >/tmp/tmp_${ZONENAME}_$$
+		mv /tmp/tmp_${ZONENAME}_$$ $hostfile
+		chmod 644 $hostfile
 	fi
-}
 
-install_ln()
-{
-	typeset source="$1"
-	typeset target=$(fullpath "$2")
+	rm -rf $ZONEPATH/cores
+	CORE_QUOTA=102400
+	zfs create -o quota=${CORE_QUOTA}m \
+	    -o mountpoint=/${PDS_NAME}/$bname/cores ${PDS_NAME}/cores/$bname
 
-	log "    Installing \"$target\""
-
-	mv -f "$target" "$target.$tag" 2>/dev/null
-
-	if ! ln -s "$source" "$target"; then
-		return 1
-	fi
-
-	return 0
+	chmod 700 $ZONEPATH
 }
 
-# If we weren't passed 3 arguments, exit now.
-[[ $# -lt 3 ]] && exit 254
-
-# Extract the brand directory name from the path.
-branddir=$(dirname "$0")
-zonename="$1"
-zoneroot="$2"
-install_src="3"
-install_root="$zoneroot/root"
-ZPOOL=`df $ZONEROOT | awk -F '[()]' '{split($2, field, "/"); print field[1]; }'`
-if [ -z "$ZPOOL" ]; then
-	ROOTDEV="none"
-else
-	ROOTDEV="/dev/$ZPOOL"
-fi
-
-if [[ ! -f "$install_src" ]]; then
-	echo "$install_src: file not found\n"
-	exit 254
-fi
-
-if [[ ! -d "$install_root" ]]; then
-	if ! mkdir -p "$install_root" 2>/dev/null; then
-		echo "Could not create install directory $install_root"
-		exit 254
-	fi
-fi
-
-if ! ( cd "$install_root" && gtar -xzf "$install_src" ) ; then
-	echo "Error: extraction from tar archive failed"
-	exit 255
-fi
-
-tag="lxsave_$(date +%m.%d.%Y@%T)"
-
-if [[ ! -d "$install_root" ]]; then
-	exit 255
-fi
-
-cd "$install_root"
-
-makedir native/dev
-makedir native/etc/default
-makedir native/etc/svc/volatile
-makedir native/lib
-makedir native/proc
-makedir native/tmp 1777
-makedir native/usr
-makedir native/var
-
-makedir mnt
-makedir opt
-makedir usr/local/bin
-makedir usr/local/include
-makedir usr/local/lib
-makedir usr/local/sbin
-makedir usr/local/share
-makedir usr/local/src
-
-makedir dev 0755
-makedir tmp 1777
-makedir proc 0555
-makedir boot 0755
-
-symlink /bin/sh sbin/sh
-symlink /bin/su usr/bin/su
-symlink /native/usr/lib/ld.so.1 usr/lib/ld.so.1
-
-libpam_so="$(echo lib/libpam.so.0.*)"
-libpam_misc="$(echo lib/libpam_misc.so.0.*)"
-libpamc_so="$(echo lib/libpamc.so.0.*)"
-
-symlink "/$libpam_so" lib/libpam.so.0
-symlink "/$libpam_misc" lib/libpam_misc.so.0
-symlink "/$libpamc_so" lib/libpamc.so.0
-
-makedir var/ld
-
-if ! crle -c var/ld/ld.config -l /native/lib:/native/usr/lib \
-     -s /native/lib/secure:/native/usr/lib/secure; then
-	exit 255
-fi
-
-mv -f etc/fstab etc/fstab.$tag 2>/dev/null
-
-cat > etc/fstab <<- EOF
-	$ROOTDEV	/			zfs	defaults	1 1
-	proc		/proc			proc	defaults	0 0
-EOF
-
-if [[ $? -ne 0 ]]; then
-	exit 255
-fi
-
-if [[ ! -e "$install_root/etc/hosts" ]]; then
-	cat > "$install_root/etc/hosts" <<-_EOF_
-		127.0.0.1		localhost
-	_EOF_
-fi
-
-#
-# Perform distribution-specific changes.
-#
-distro=""
-if [[ -f etc/redhat-release ]]; then
-	distro="redhat"
-elif [[ -f etc/lsb-release ]]; then
-	if egrep -s Ubuntu etc/lsb-release; then
-		distro="ubuntu"
-	elif [[ -f etc/debian_version ]]; then
-		distro="debian"
-	fi
-elif [[ -f etc/debian_version ]]; then
-	distro="debian"
-fi
-
-if [[ -z $distro ]]; then
-	exit 255
-fi
-
-exit 0
+. /usr/lib/brand/jcommon/cinstall
diff --git a/usr/src/lib/brand/lx/zone/lx_uninstall.ksh b/usr/src/lib/brand/lx/zone/lx_uninstall.ksh
new file mode 100755
index 0000000000..136044ad9e
--- /dev/null
+++ b/usr/src/lib/brand/lx/zone/lx_uninstall.ksh
@@ -0,0 +1,23 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+function jcommon_uninstall_hook
+{
+	:
+}
+
+. /usr/lib/brand/jcommon/cuninstall
diff --git a/usr/src/lib/brand/lx/zone/poststate.ksh b/usr/src/lib/brand/lx/zone/poststate.ksh
new file mode 100755
index 0000000000..49370fce60
--- /dev/null
+++ b/usr/src/lib/brand/lx/zone/poststate.ksh
@@ -0,0 +1,19 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+ps_brand="lx"
+. /usr/lib/brand/jcommon/poststate
diff --git a/usr/src/lib/brand/lx/zone/prestate.ksh b/usr/src/lib/brand/lx/zone/prestate.ksh
new file mode 100755
index 0000000000..04d9969a65
--- /dev/null
+++ b/usr/src/lib/brand/lx/zone/prestate.ksh
@@ -0,0 +1,19 @@
+#!/bin/ksh -p
+#
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2014 Joyent, Inc.  All rights reserved.
+#
+
+ps_brand="lx"
+. /usr/lib/brand/jcommon/prestate
diff --git a/usr/src/lib/brand/lx/zone/statechange.ksh b/usr/src/lib/brand/lx/zone/statechange.ksh
new file mode 100755
index 0000000000..d0bc11eee9
--- /dev/null
+++ b/usr/src/lib/brand/lx/zone/statechange.ksh
@@ -0,0 +1,41 @@
+#!/bin/ksh -p
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2018 Joyent, Inc.  All rights reserved.
+#
+
+# Do we support vrrp?
+# jst_vrrp="yes"
+
+# Do we support unfiltered promiscuous mode
+# jst_ufpromisc="yes"
+
+# Do we use vnd devices
+# jst_createvnd="yes"
+
+# Do we not need to have various SMF and ccs stuff created for us?
+jst_simplefs="yes"
+
+# Should we show snapshots?
+jst_showsnap="yes"
+
+# Where does the mdata socket live?
+jst_mdatapath="/native/.zonecontrol/"
+
+# Ensure docker zfd(7D) log is not put in the wrong place
+if [[ "$_ZONECFG_attr_docker" == true ]]; then
+	typeset -A FORCED_ATTRS
+	FORCED_ATTRS["zlog-name"]=
+fi
+
+. /usr/lib/brand/jcommon/statechange
diff --git a/usr/src/lib/libppt/Makefile b/usr/src/lib/libppt/Makefile
index 21c26d447e..7119d6715c 100644
--- a/usr/src/lib/libppt/Makefile
+++ b/usr/src/lib/libppt/Makefile
@@ -10,7 +10,7 @@
 #
 
 #
-# Copyright 2018 Joyent, Inc.
+# Copyright 2019 Joyent, Inc.
 #
 
 include $(SRC)/lib/Makefile.lib
@@ -20,25 +20,35 @@ SUBDIRS = $(MACH) $(BUILD64) $(MACH64)
 HDRS = libppt.h
 HDRDIR = common
 
+ETCFILES=	ppt_matches
+ROOTETC=	$(ROOT)/etc
+IETCFILES=	$(ETCFILES:%=$(ROOTETC)/%)
+
+$(IETCFILES) :=	FILEMODE = 0444
+
 all :=		TARGET= all
 clean :=	TARGET= clean
 clobber :=	TARGET= clobber
 install :=	TARGET= install
-lint :=		TARGET= lint
 
 .KEEP_STATE:
 
-all clean clobber install lint: $(SUBDIRS)
+all clean clobber install: $(SUBDIRS)
 
 install_h: $(ROOTHDRS)
 
 all install: install_h
 
+install: $(IETCFILES)
+
 check: $(CHECKHDRS)
 
 $(SUBDIRS): FRC
 	@cd $@; pwd; $(MAKE) $(TARGET)
 
+$(ROOTETC)/%:	%
+	$(INS.file)
+
 FRC:
 
 include	$(SRC)/lib/Makefile.targ
diff --git a/usr/src/lib/libppt/ppt_matches b/usr/src/lib/libppt/ppt_matches
new file mode 100644
index 0000000000..03ff7e03ba
--- /dev/null
+++ b/usr/src/lib/libppt/ppt_matches
@@ -0,0 +1 @@
+pci10de,15f0
diff --git a/usr/src/lib/libsecdb/user_attr.txt b/usr/src/lib/libsecdb/user_attr.txt
index aa31d7373b..227468d7c0 100644
--- a/usr/src/lib/libsecdb/user_attr.txt
+++ b/usr/src/lib/libsecdb/user_attr.txt
@@ -1,5 +1,6 @@
 #
 # Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, Joyent, Inc. All rights reserved.
 #
 # CDDL HEADER START
 #
@@ -25,11 +26,12 @@
 # user attributes. see user_attr(4)
 #
 #
-root::::auths=solaris.*,solaris.grant;profiles=All;audit_flags=lo\:no;lock_after_retries=no;min_label=admin_low;clearance=admin_high
-lp::::profiles=Printer Management
 adm::::profiles=Log Management
-dladm::::auths=solaris.smf.manage.wpa,solaris.smf.modify
+admin::::profiles=Primary Administrator;roles=root
 daemon::::auths=solaris.smf.manage.ilb,solaris.smf.modify.application
+dladm::::auths=solaris.smf.manage.wpa,solaris.smf.modify
+lp::::profiles=Printer Management
 netadm::::type=role;project=default;profiles=Network Autoconf Admin,Network Management,Service Management
 netcfg::::type=role;project=default;profiles=Network Autoconf User;auths=solaris.network.autoconf.write
+root::::auths=solaris.*,solaris.grant;profiles=All;audit_flags=lo\:no;lock_after_retries=no;min_label=admin_low;clearance=admin_high
 zfssnap::::type=role;auths=solaris.smf.manage.zfs-auto-snapshot;profiles=ZFS File System Management
diff --git a/usr/src/uts/common/io/scsi/adapters/mpt_sas/mpt_sas.conf b/usr/src/uts/common/io/scsi/adapters/mpt_sas/mpt_sas.conf
index c6e017655e..721e66c276 100644
--- a/usr/src/uts/common/io/scsi/adapters/mpt_sas/mpt_sas.conf
+++ b/usr/src/uts/common/io/scsi/adapters/mpt_sas/mpt_sas.conf
@@ -21,7 +21,7 @@
 #
 # Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
-#
+# Copyright 2019 Joyent, Inc.
 #
 
 #
@@ -49,3 +49,8 @@ ddi-vhci-class="scsi_vhci";
 # name="mpt_sas" parent="/pci@7c0/pci@0/pci@9" unit-address="0" mpxio-disable="yes";
 #
 mpxio-disable="no";
+
+#
+# Command/target timeout checking should be done at a 1-second granularity.
+#
+scsi-watchdog-tick=1;
diff --git a/usr/src/uts/intel/io/scsi/targets/sd.conf b/usr/src/uts/intel/io/scsi/targets/sd.conf
index 1863937888..b0aebdb5b1 100644
--- a/usr/src/uts/intel/io/scsi/targets/sd.conf
+++ b/usr/src/uts/intel/io/scsi/targets/sd.conf
@@ -42,7 +42,7 @@ name="sd" class="scsi" target=15 lun=0;
 
 #
 # The following stub node is needed for pathological bottom-up
-# devid resolution on a self-identifying transport. 
+# devid resolution on a self-identifying transport.
 #
 name="sd" class="scsi-self-identifying";
 
@@ -50,3 +50,34 @@ name="sd" class="scsi-self-identifying";
 # Associate the driver with devid resolution.
 #
 ddi-devid-registrant=1;
+
+#
+# Certain hardware RAID controllers have nonvolatile caches but do not
+# support the SYNC_NV bit to restrict flushes to the volatile portion of
+# the cache, if any.  In order to get acceptable performance out of these
+# devices, we need to suppress cache flushing on them.  In most (hopefully
+# all) cases, if the battery fails or the cache otherwise becomes volatile,
+# the controller will switch to write-through mode, and ensure that any
+# underlying drive cache is off.  In this case, it should still be safe to
+# dispense with cache flush commands.  Controllers for which this is not the
+# case should have cache-nonvolatile set unless data loss and corruption are
+# acceptable.
+#
+# In addition, *all* devices have their retries capped at 1.  There are an
+# additional 2 retries for "victim" IOs if a reset is needed.  Retrying is
+# very rarely successful, and it is preferable to let ZFS do it where needed.
+#
+# For the Samsung client drives, users have seen data corruption when they use
+# the advertised 512 byte sectors. The actual sector size of the flash
+# translation layer is 4K, so it's relatively safe to make this change which
+# annecdotally solves that problem.
+#
+sd-config-list=
+	"", "retries-timeout:1,retries-busy:1,retries-reset:1,retries-victim:2",
+	"DELL    PERC H710", "cache-nonvolatile:true",
+	"DELL    PERC H700", "cache-nonvolatile:true",
+	"DELL    PERC/6i", "cache-nonvolatile:true",
+	"ATA     Samsung SSD 830", "physical-block-size:4096",
+	"ATA     Samsung SSD 840", "physical-block-size:4096",
+	"ATA     Samsung SSD 850", "physical-block-size:4096",
+	"ATA     Samsung SSD 860", "physical-block-size:4096";
diff --git a/usr/src/uts/intel/os/device_policy b/usr/src/uts/intel/os/device_policy
index 41adb787ce..88d6afa054 100644
--- a/usr/src/uts/intel/os/device_policy
+++ b/usr/src/uts/intel/os/device_policy
@@ -8,4 +8,21 @@
 #
 
 *		read_priv_set=none		write_priv_set=none
-md:admin					write_priv_set=sys_config
+bridge:*	read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
+fssnap:ctl	read_priv_set=sys_config	write_priv_set=sys_config
+icmp:*		read_priv_set=net_icmpaccess	write_priv_set=net_icmpaccess
+icmp6:*		read_priv_set=net_icmpaccess	write_priv_set=net_icmpaccess
+ipf:*		read_priv_set=sys_ip_config	write_priv_set=sys_ip_config
+ip:*		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
+ip6:*		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
+ipnet:*		read_priv_set=net_observability	write_priv_set=net_observability
+ipsecah:*	read_priv_set=sys_ip_config	write_priv_set=sys_ip_config
+ipsecesp:*	read_priv_set=sys_ip_config	write_priv_set=sys_ip_config
+keysock:*	read_priv_set=sys_ip_config	write_priv_set=sys_ip_config
+mm:allkmem	read_priv_set=all		write_priv_set=all
+mm:kmem		read_priv_set=none		write_priv_set=all
+mm:mem		read_priv_set=none		write_priv_set=all
+openeepr:*					write_priv_set=all
+random:*					write_priv_set=sys_devices
+scsi_vhci:devctl				write_priv_set=sys_devices
+spdsock:*	read_priv_set=sys_ip_config	write_priv_set=sys_ip_config
diff --git a/usr/src/uts/intel/os/driver_aliases b/usr/src/uts/intel/os/driver_aliases
index 1cea287121..050bc5205d 100644
--- a/usr/src/uts/intel/os/driver_aliases
+++ b/usr/src/uts/intel/os/driver_aliases
@@ -1,2 +1,1596 @@
+aac "pci1028,3"
+aac "pci1028,a"
+aac "pci9005,285"
+aac "pci9005,286"
+aac "pciex9005,285"
+aac "pciex9005,286"
+acpinex "acpivirtnex"
+adpu320 "pci9005,8000"
+adpu320 "pci9005,800f.9005.5f"
+adpu320 "pci9005,8010"
+adpu320 "pci9005,8011"
+adpu320 "pci9005,8012"
+adpu320 "pci9005,8014"
+adpu320 "pci9005,8015"
+adpu320 "pci9005,8016"
+adpu320 "pci9005,8017"
+adpu320 "pci9005,801d"
+adpu320 "pci9005,801e"
+adpu320 "pci9005,801f"
+adpu320 "pci9005,808f"
+afe "pci10b7,9300"
+afe "pci1113,1216"
+afe "pci1317,1985"
+afe "pci1317,9511"
+afe "pci1317,9513"
+afe "pci1317,981"
+afe "pci1317,985"
+afe "pci13d1,ab02"
+afe "pci13d1,ab03"
+afe "pci13d1,ab08"
+afe "pci1737,ab08"
+agptarget "pci1022,7454"
+agptarget "pci8086,1130"
+agptarget "pci8086,2560"
+agptarget "pci8086,2570"
+agptarget "pci8086,2580"
+agptarget "pci8086,2590"
+agptarget "pci8086,2770"
+agptarget "pci8086,27a0"
+agptarget "pci8086,27ac"
+agptarget "pci8086,2970"
+agptarget "pci8086,2980"
+agptarget "pci8086,2990"
+agptarget "pci8086,29a0"
+agptarget "pci8086,29b0"
+agptarget "pci8086,29c0"
+agptarget "pci8086,29d0"
+agptarget "pci8086,2a00"
+agptarget "pci8086,2a10"
+agptarget "pci8086,2a40"
+agptarget "pci8086,2e00"
+agptarget "pci8086,2e10"
+agptarget "pci8086,2e20"
+agptarget "pci8086,2e30"
+agptarget "pci8086,2e40"
+agptarget "pci8086,3575"
+agptarget "pci8086,3580"
+agptarget "pci8086,40"
+agptarget "pci8086,44"
+agptarget "pci8086,62"
+agptarget "pci8086,6a"
+agptarget "pci8086,7120"
+agptarget "pci8086,7122"
+agptarget "pci8086,7124"
+ahci "pciclass,010601"
+amd64_gart "pci1022,1103"
+amd8111s "pci1022,7462"
+amd_iommu "pci1002,5a23"
+amd_iommu "pci1022,11ff"
+amdf17nbdf "pci1022,1450"
+amdf17nbdf "pci1022,1460"
+amr "pci1000,1960.1000,532"
+amr "pci101e,1960.1028,493"
+amr "pci1000,1960.1028,518"
+amr "pci1000,1960.1028,520"
+arcmsr "pci17d3,1110"
+arcmsr "pci17d3,1120"
+arcmsr "pci17d3,1130"
+arcmsr "pci17d3,1160"
+arcmsr "pci17d3,1170"
+arcmsr "pci17d3,1201"
+arcmsr "pci17d3,1210"
+arcmsr "pci17d3,1220"
+arcmsr "pci17d3,1230"
+arcmsr "pci17d3,1260"
+arcmsr "pci17d3,1270"
+arcmsr "pci17d3,1280"
+arcmsr "pci17d3,1380"
+arcmsr "pci17d3,1381"
+arcmsr "pci17d3,1680"
+arcmsr "pci17d3,1681"
+arcmsr "pci17d3,1880"
+arcmsr "pci17d3,1882"
 asy "pci11c1,480"
+ata "ide"
+atge "pciex1969,1026"
+atge "pciex1969,1048"
+atge "pciex1969,1062"
+atge "pciex1969,1063"
+atge "pciex1969,1073"
+atge "pciex1969,1083"
+atge "pciex1969,2060"
+atge "pciex1969,2062"
+axf "usb7b8,420a"
+axf "usbb95,7720"
+axf "usbb95,772a"
+axf "usb2001,1a00"
+axf "usb77b,2226"
+axf "usb846,1040"
+axf "usbb95,1720"
+axf "usb8dd,90ff"
+axf "usb557,2009"
+axf "usb411,3d"
+axf "usb6189,182d"
+axf "usb7aa,17"
+axf "usb1189,893"
+axf "usb1631,6200"
+axf "usb13b1,18"
+axf "usb1557,7720"
+axf "usb7d1,3c05"
+axf "usb2001,3c05"
+axf "usb5ac,1402"
+bcm_sata "pci1166,24a"
+bfe "pci14e4,170c"
+bfe "pci14e4,4401"
+bfe "pci14e4,4402"
+bge "SUNW,bge"
+bge "pci108e,1647"
+bge "pci108e,1648"
+bge "pci108e,16a7"
+bge "pci108e,16a8"
+bge "pci14e4,1600"
+bge "pci14e4,1601"
+bge "pci14e4,1643"
+bge "pci14e4,1644"
+bge "pci14e4,1645"
+bge "pci14e4,1647"
+bge "pci14e4,1648"
+bge "pci14e4,1649"
+bge "pci14e4,1653"
+bge "pci14e4,1654"
+bge "pci14e4,1657"
+bge "pci14e4,1659"
+bge "pci14e4,165d"
+bge "pci14e4,165e"
+bge "pci14e4,165f"
+bge "pci14e4,1665"
+bge "pci14e4,1668"
+bge "pci14e4,1669"
+bge "pci14e4,166a"
+bge "pci14e4,166e"
+bge "pci14e4,1677"
+bge "pci14e4,1678"
+bge "pci14e4,1679"
+bge "pci14e4,167d"
+bge "pci14e4,1693"
+bge "pci14e4,1696"
+bge "pci14e4,1699"
+bge "pci14e4,169b"
+bge "pci14e4,169c"
+bge "pci14e4,16a6"
+bge "pci14e4,16a7"
+bge "pci14e4,16a8"
+bge "pci14e4,16c7"
+bge "pci14e4,16f3"
+bge "pciex14e4,1643"
+bge "pciex14e4,1655"
+bge "pciex14e4,1656"
+bge "pciex14e4,1657"
+bge "pciex14e4,165a"
+bge "pciex14e4,165b"
+bge "pciex14e4,165c"
+bge "pciex14e4,165f"
+bge "pciex14e4,1665"
+bge "pciex14e4,1673"
+bge "pciex14e4,1674"
+bge "pciex14e4,1677"
+bge "pciex14e4,167a"
+bge "pciex14e4,167b"
+bge "pciex14e4,1680"
+bge "pciex14e4,1681"
+bge "pciex14e4,1684"
+bge "pciex14e4,1688"
+bge "pciex14e4,1689"
+bge "pciex14e4,1690"
+bge "pciex14e4,1691"
+bge "pciex14e4,1692"
+bge "pciex14e4,1694"
+bge "pciex14e4,1698"
+bge "pciex14e4,169d"
+bge "pciex14e4,16fd"
+bge "pciex14e4,16f3"
+bge "pciex14e4,1713"
+bnx "pci14e4,1639"
+bnx "pci14e4,163a"
+bnx "pci14e4,163b"
+bnx "pci14e4,163c"
+bnx "pci14e4,164a"
+bnx "pci14e4,164c"
+bnx "pci14e4,16aa"
+bnx "pci14e4,16ac"
+bnxe "pci14e4,164e"
+bnxe "pci14e4,164f"
+bnxe "pci14e4,1650"
+bnxe "pciex14e4,164e"
+bnxe "pciex14e4,164f"
+bnxe "pciex14e4,1650"
+bnxe "pciex14e4,1662"
+bnxe "pciex14e4,1663"
+bnxe "pciex14e4,168a"
+bnxe "pciex14e4,168d"
+bnxe "pciex14e4,168e"
+bnxe "pciex14e4,16a1"
+bnxe "pciex14e4,16a4"
+bnxe "pciex14e4,16a5"
+bnxe "pciex14e4,16ab"
+bnxe "pciex14e4,16ae"
+bscbus "SVI0101"
+ce "pci100b,35"
+ce "pci108e,abba"
+chxge "pci1425,7"
+chxge "pci1425,a"
+cpqary3 "pci103c,3211"
+cpqary3 "pci103c,3212"
+cpqary3 "pci103c,3223"
+cpqary3 "pci103c,3225"
+cpqary3 "pci103c,3234"
+cpqary3 "pci103c,3235"
+cpqary3 "pci103c,3237"
+cpqary3 "pci103c,323d"
+cpqary3 "pcie11,4070"
+cpqary3 "pcie11,4080"
+cpqary3 "pcie11,4082"
+cpqary3 "pcie11,4083"
+cpqary3 "pcie11,4091"
+cpqary3 "pcie11,409a"
+cpqary3 "pcie11,409b"
+cpqary3 "pcie11,409c"
+cpqary3 "pcie11,409d"
+cpqary3 "pcie11,409e"
+cpudrv "cpu"
+cpunex "cpus"
+dcam1394 "firewire000104,000100"
+dcam1394 "firewire00a02d,000100"
+dmfe "pci108e,9102"
+dmfe "pci1282,9102"
+dmfe "pci128h,9102"
+dnet "pci1011,14"
+dnet "pci1011,19"
+dnet "pci1011,2"
+dnet "pci1011,9"
+dnet "pci10b8,2001"
+dnet "pci1109,1400"
+dnet "pci1109,2400"
+dnet "pci2646,1"
+dr "acpidr_sbd"
+dr_sas "pciex1000,78"
+dr_sas "pciex1000,79"
+e1000g "pci8086,1000"
+e1000g "pci8086,1001"
+e1000g "pci8086,1004.0e11.49"
+e1000g "pci8086,1004.0e11.b1a4"
+e1000g "pci8086,1004.1014.10f2"
+e1000g "pci8086,1004.8086.1004"
+e1000g "pci8086,1004.8086.2004"
+e1000g "pci8086,1008"
+e1000g "pci8086,1009"
+e1000g "pci8086,100c"
+e1000g "pci8086,100d"
+e1000g "pci8086,100e"
+e1000g "pci8086,100f"
+e1000g "pci8086,1010"
+e1000g "pci8086,1011"
+e1000g "pci8086,1012"
+e1000g "pci8086,1013"
+e1000g "pci8086,1014"
+e1000g "pci8086,1015"
+e1000g "pci8086,1016"
+e1000g "pci8086,1017"
+e1000g "pci8086,1018"
+e1000g "pci8086,1019"
+e1000g "pci8086,101a"
+e1000g "pci8086,101d"
+e1000g "pci8086,101e"
+e1000g "pci8086,1026"
+e1000g "pci8086,1027"
+e1000g "pci8086,1028"
+e1000g "pci8086,1049"
+e1000g "pci8086,104a"
+e1000g "pci8086,104b"
+e1000g "pci8086,104c"
+e1000g "pci8086,104d"
+e1000g "pci8086,105a"
+e1000g "pci8086,105b"
+e1000g "pci8086,105c"
+e1000g "pci8086,105e"
+e1000g "pci8086,105f"
+e1000g "pci8086,1060"
+e1000g "pci8086,1061"
+e1000g "pci8086,1062"
+e1000g "pci8086,1063"
+e1000g "pci8086,1075"
+e1000g "pci8086,1076"
+e1000g "pci8086,1077"
+e1000g "pci8086,1078"
+e1000g "pci8086,1079"
+e1000g "pci8086,107a"
+e1000g "pci8086,107b"
+e1000g "pci8086,107c"
+e1000g "pci8086,107d"
+e1000g "pci8086,107e"
+e1000g "pci8086,107f"
+e1000g "pci8086,108a"
+e1000g "pci8086,108b"
+e1000g "pci8086,108c"
+e1000g "pci8086,1096"
+e1000g "pci8086,1098"
+e1000g "pci8086,1099"
+e1000g "pci8086,109a"
+e1000g "pci8086,10a4"
+e1000g "pci8086,10a5"
+e1000g "pci8086,10b5"
+e1000g "pci8086,10b9"
+e1000g "pci8086,10ba"
+e1000g "pci8086,10bb"
+e1000g "pci8086,10bc"
+e1000g "pci8086,10bd"
+e1000g "pci8086,10bf"
+e1000g "pci8086,10c0"
+e1000g "pci8086,10c2"
+e1000g "pci8086,10c3"
+e1000g "pci8086,10c4"
+e1000g "pci8086,10c5"
+e1000g "pci8086,10cb"
+e1000g "pci8086,10cc"
+e1000g "pci8086,10cd"
+e1000g "pci8086,10ce"
+e1000g "pci8086,10d3"
+e1000g "pci8086,10d5"
+e1000g "pci8086,10d9"
+e1000g "pci8086,10da"
+e1000g "pci8086,10de"
+e1000g "pci8086,10df"
+e1000g "pci8086,10e5"
+e1000g "pci8086,10ea"
+e1000g "pci8086,10eb"
+e1000g "pci8086,10ef"
+e1000g "pci8086,10f0"
+e1000g "pci8086,10f5"
+e1000g "pci8086,10f6"
+e1000g "pci8086,1502"
+e1000g "pci8086,1503"
+e1000g "pci8086,150c"
+e1000g "pci8086,153a"
+e1000g "pci8086,153b"
+e1000g "pci8086,1559"
+e1000g "pci8086,155a"
+e1000g "pci8086,156f"
+e1000g "pci8086,1570"
+e1000g "pci8086,15a0"
+e1000g "pci8086,15a1"
+e1000g "pci8086,15a2"
+e1000g "pci8086,15a3"
+e1000g "pci8086,15b7"
+e1000g "pci8086,15b8"
+e1000g "pci8086,15b9"
+e1000g "pci8086,15bb"
+e1000g "pci8086,15bc"
+e1000g "pci8086,15bd"
+e1000g "pci8086,15be"
+e1000g "pci8086,15d6"
+e1000g "pci8086,15d7"
+e1000g "pci8086,15d8"
+e1000g "pci8086,15df"
+e1000g "pci8086,15e0"
+e1000g "pci8086,15e1"
+e1000g "pci8086,15e2"
+e1000g "pci8086,15e3"
+e1000g "pci8086,294c"
+e1000g "pci8086,f0fe"
+e1000g "pciex8086,1049"
+e1000g "pciex8086,104a"
+e1000g "pciex8086,104b"
+e1000g "pciex8086,104c"
+e1000g "pciex8086,104d"
+e1000g "pciex8086,105e"
+e1000g "pciex8086,105f"
+e1000g "pciex8086,1060"
+e1000g "pciex8086,107d"
+e1000g "pciex8086,107e"
+e1000g "pciex8086,107f"
+e1000g "pciex8086,108b"
+e1000g "pciex8086,108c"
+e1000g "pciex8086,1096"
+e1000g "pciex8086,1098"
+e1000g "pciex8086,109a"
+e1000g "pciex8086,10a4"
+e1000g "pciex8086,10a5"
+e1000g "pciex8086,10b9"
+e1000g "pciex8086,10ba"
+e1000g "pciex8086,10bb"
+e1000g "pciex8086,10bc"
+e1000g "pciex8086,10bd"
+e1000g "pciex8086,10bf"
+e1000g "pciex8086,10c0"
+e1000g "pciex8086,10c2"
+e1000g "pciex8086,10c3"
+e1000g "pciex8086,10c4"
+e1000g "pciex8086,10c5"
+e1000g "pciex8086,10cb"
+e1000g "pciex8086,10cc"
+e1000g "pciex8086,10cd"
+e1000g "pciex8086,10ce"
+e1000g "pciex8086,10d3"
+e1000g "pciex8086,10d5"
+e1000g "pciex8086,10d9"
+e1000g "pciex8086,10da"
+e1000g "pciex8086,10de"
+e1000g "pciex8086,10df"
+e1000g "pciex8086,10e5"
+e1000g "pciex8086,10ea"
+e1000g "pciex8086,10eb"
+e1000g "pciex8086,10ef"
+e1000g "pciex8086,10f0"
+e1000g "pciex8086,10f5"
+e1000g "pciex8086,10f6"
+e1000g "pciex8086,1502"
+e1000g "pciex8086,1503"
+e1000g "pciex8086,150c"
+e1000g "pciex8086,153a"
+e1000g "pciex8086,153b"
+e1000g "pciex8086,1559"
+e1000g "pciex8086,156f"
+e1000g "pciex8086,1570"
+e1000g "pciex8086,155a"
+e1000g "pciex8086,15a0"
+e1000g "pciex8086,15a1"
+e1000g "pciex8086,15a2"
+e1000g "pciex8086,15a3"
+e1000g "pciex8086,15b7"
+e1000g "pciex8086,15b8"
+e1000g "pciex8086,15b9"
+e1000g "pciex8086,15bb"
+e1000g "pciex8086,15bc"
+e1000g "pciex8086,15bd"
+e1000g "pciex8086,15be"
+e1000g "pciex8086,15d6"
+e1000g "pciex8086,15d7"
+e1000g "pciex8086,15d8"
+e1000g "pciex8086,15df"
+e1000g "pciex8086,15e0"
+e1000g "pciex8086,15e1"
+e1000g "pciex8086,15e2"
+e1000g "pciex8086,15e3"
+e1000g "pciex8086,294c"
+e1000g "pciex8086,f0fe"
+ecpp "lp"
+ehci "pciclass,0c0320"
+elxl "pci10b7,9000"
+elxl "pci10b7,9001"
+elxl "pci10b7,9004"
+elxl "pci10b7,9005"
+elxl "pci10b7,9006"
+elxl "pci10b7,9050"
+elxl "pci10b7,9051"
+elxl "pci10b7,9055"
+elxl "pci10b7,9056"
+elxl "pci10b7,905a"
+elxl "pci10b7,9200"
+elxl "pci10b7,9201"
+elxl "pci10b7,9202"
+elxl "pci10b7,9800"
+elxl "pci10b7,9805"
+emlxs "lpfs"
+emlxs "pci10df,f0a5"
+emlxs "pci10df,f800"
+emlxs "pci10df,f900"
+emlxs "pci10df,f980"
+emlxs "pci10df,fa00"
+emlxs "pci10df,fc00"
+emlxs "pci10df,fc10"
+emlxs "pci10df,fc20"
+emlxs "pci10df,fd00"
+emlxs "pci10df,fe00"
+emlxs "pciex10df,f100"
+emlxs "pciex10df,f111"
+emlxs "pciex10df,f112"
+emlxs "pciex10df,fc20"
+emlxs "pciex10df,fc40"
+emlxs "pciex10df,fe00"
+emlxs "pciex10df,fe05"
+emlxs "pciex19a2,704"
+emlxs "pciex19a2,714"
+fipe "pci8086,25f0"
+fipe "pci8086,360c"
+glm "pci1000,b"
+hci1394 "pciclass,0c0010"
+heci "pci8086,2974"
+heci "pci8086,2984"
+heci "pci8086,2994"
+heci "pci8086,29a4"
+heci "pci8086,29b4"
+heci "pci8086,29c4"
+heci "pci8086,2e04"
+heci "pci8086,2e14"
+hid "usbif,class3"
+hme "pci108e,1001"
+hubd "usbif,class9"
+hxge "pci108e,aaaa"
+i40e "pciex8086,1572"
+i40e "pciex8086,1580"
+i40e "pciex8086,1581"
+i40e "pciex8086,1583"
+i40e "pciex8086,1584"
+i40e "pciex8086,1585"
+i40e "pciex8086,1586"
+i40e "pciex8086,1589"
+i40e "pciex8086,158a"
+i40e "pciex8086,158b"
+i40e "pciex8086,37ce"
+i40e "pciex8086,37cf"
+i40e "pciex8086,37d0"
+i40e "pciex8086,37d1"
+i40e "pciex8086,37d2"
+i40e "pciex8086,37d3"
+i915 "pci8086,2562"
+i915 "pci8086,2572"
+i915 "pci8086,2582"
+i915 "pci8086,2592"
+i915 "pci8086,2772"
+i915 "pci8086,27a2"
+i915 "pci8086,27ae"
+i915 "pci8086,2972"
+i915 "pci8086,2982"
+i915 "pci8086,2992"
+i915 "pci8086,29a2"
+i915 "pci8086,29b2"
+i915 "pci8086,29c2"
+i915 "pci8086,29d2"
+i915 "pci8086,2a02"
+i915 "pci8086,2a12"
+i915 "pci8086,2a42"
+i915 "pci8086,2e02.8086.2e02"
+i915 "pci8086,2e12"
+i915 "pci8086,2e22"
+i915 "pci8086,2e32"
+i915 "pci8086,2e42"
+i915 "pci8086,42"
+i915 "pci8086,46"
+ibp "ib.ipib"
+igb "pciex8086,10a7"
+igb "pciex8086,10a9"
+igb "pciex8086,10c9"
+igb "pciex8086,10d6"
+igb "pciex8086,10e6"
+igb "pciex8086,10e7"
+igb "pciex8086,10e8"
+igb "pciex8086,150a"
+igb "pciex8086,150d"
+igb "pciex8086,150e"
+igb "pciex8086,150f"
+igb "pciex8086,1510"
+igb "pciex8086,1511"
+igb "pciex8086,1516"
+igb "pciex8086,1518"
+igb "pciex8086,1521"
+igb "pciex8086,1522"
+igb "pciex8086,1523"
+igb "pciex8086,1524"
+igb "pciex8086,1526"
+igb "pciex8086,1533"
+igb "pciex8086,1534"
+igb "pciex8086,1535"
+igb "pciex8086,1536"
+igb "pciex8086,1537"
+igb "pciex8086,1538"
+igb "pciex8086,1539"
+igb "pciex8086,1546"
+igb "pciex8086,157b"
+igb "pciex8086,157c"
+igb "pciex8086,1f40"
+igb "pciex8086,1f41"
+igb "pciex8086,1f45"
+igb "pciex8086,438"
+imcstub "pci8086,e1e"
+imcstub "pci8086,e1f"
+imcstub "pci8086,e60"
+imcstub "pci8086,e68"
+imcstub "pci8086,e6a"
+imcstub "pci8086,e6b"
+imcstub "pci8086,e6c"
+imcstub "pci8086,e6d"
+imcstub "pci8086,e71"
+imcstub "pci8086,e79"
+imcstub "pci8086,ea0"
+imcstub "pci8086,ea8"
+imcstub "pci8086,eaa"
+imcstub "pci8086,eab"
+imcstub "pci8086,eac"
+imcstub "pci8086,ead"
+imcstub "pci8086,ec8"
+imcstub "pci8086,ec9"
+imcstub "pci8086,eca"
+imcstub "pci8086,2014"
+imcstub "pci8086,2016"
+imcstub "pci8086,2024"
+imcstub "pci8086,2040"
+imcstub "pci8086,2044"
+imcstub "pci8086,2048"
+imcstub "pci8086,2054"
+imcstub "pci8086,2055"
+imcstub "pci8086,2066"
+imcstub "pci8086,208e"
+imcstub "pci8086,2f1e"
+imcstub "pci8086,2f1f"
+imcstub "pci8086,2f28"
+imcstub "pci8086,2f60"
+imcstub "pci8086,2f68"
+imcstub "pci8086,2f6a"
+imcstub "pci8086,2f6b"
+imcstub "pci8086,2f6c"
+imcstub "pci8086,2f6d"
+imcstub "pci8086,2f71"
+imcstub "pci8086,2f79"
+imcstub "pci8086,2fa0"
+imcstub "pci8086,2fa8"
+imcstub "pci8086,2faa"
+imcstub "pci8086,2fab"
+imcstub "pci8086,2fac"
+imcstub "pci8086,2fad"
+imcstub "pci8086,2ffc"
+imcstub "pci8086,2ffd"
+imcstub "pci8086,3c71"
+imcstub "pci8086,3ca0"
+imcstub "pci8086,3ca8"
+imcstub "pci8086,3caa"
+imcstub "pci8086,3cab"
+imcstub "pci8086,3cac"
+imcstub "pci8086,3cad"
+imcstub "pci8086,3ce0"
+imcstub "pci8086,3ce3"
+imcstub "pci8086,3cf4"
+imcstub "pci8086,3cf5"
+imcstub "pci8086,3cf6"
+imcstub "pci8086,6f1e"
+imcstub "pci8086,6f1f"
+imcstub "pci8086,6f28"
+imcstub "pci8086,6f60"
+imcstub "pci8086,6f68"
+imcstub "pci8086,6f6a"
+imcstub "pci8086,6f6b"
+imcstub "pci8086,6f6c"
+imcstub "pci8086,6f6d"
+imcstub "pci8086,6f71"
+imcstub "pci8086,6f79"
+imcstub "pci8086,6fa0"
+imcstub "pci8086,6fa8"
+imcstub "pci8086,6faa"
+imcstub "pci8086,6fab"
+imcstub "pci8086,6fac"
+imcstub "pci8086,6fad"
+imcstub "pci8086,6ffc"
+imcstub "pci8086,6ffd"
+imcstub "pciex8086,e1e"
+imcstub "pciex8086,e1f"
+imcstub "pciex8086,e60"
+imcstub "pciex8086,e68"
+imcstub "pciex8086,e6a"
+imcstub "pciex8086,e6b"
+imcstub "pciex8086,e6c"
+imcstub "pciex8086,e6d"
+imcstub "pciex8086,e71"
+imcstub "pciex8086,e79"
+imcstub "pciex8086,ea0"
+imcstub "pciex8086,ea8"
+imcstub "pciex8086,eaa"
+imcstub "pciex8086,eab"
+imcstub "pciex8086,eac"
+imcstub "pciex8086,ead"
+imcstub "pciex8086,ec8"
+imcstub "pciex8086,ec9"
+imcstub "pciex8086,eca"
+imcstub "pciex8086,2014"
+imcstub "pciex8086,2016"
+imcstub "pciex8086,2024"
+imcstub "pciex8086,2040"
+imcstub "pciex8086,2044"
+imcstub "pciex8086,2048"
+imcstub "pciex8086,2054"
+imcstub "pciex8086,2055"
+imcstub "pciex8086,2066"
+imcstub "pciex8086,208e"
+imcstub "pciex8086,2f1e"
+imcstub "pciex8086,2f1f"
+imcstub "pciex8086,2f28"
+imcstub "pciex8086,2f60"
+imcstub "pciex8086,2f68"
+imcstub "pciex8086,2f6a"
+imcstub "pciex8086,2f6b"
+imcstub "pciex8086,2f6c"
+imcstub "pciex8086,2f6d"
+imcstub "pciex8086,2f71"
+imcstub "pciex8086,2f79"
+imcstub "pciex8086,2fa0"
+imcstub "pciex8086,2fa8"
+imcstub "pciex8086,2faa"
+imcstub "pciex8086,2fab"
+imcstub "pciex8086,2fac"
+imcstub "pciex8086,2fad"
+imcstub "pciex8086,2ffc"
+imcstub "pciex8086,2ffd"
+imcstub "pciex8086,3c71"
+imcstub "pciex8086,3ca0"
+imcstub "pciex8086,3ca8"
+imcstub "pciex8086,3caa"
+imcstub "pciex8086,3cab"
+imcstub "pciex8086,3cac"
+imcstub "pciex8086,3cad"
+imcstub "pciex8086,3ce0"
+imcstub "pciex8086,3ce3"
+imcstub "pciex8086,3cf4"
+imcstub "pciex8086,3cf5"
+imcstub "pciex8086,3cf6"
+imcstub "pciex8086,6f1e"
+imcstub "pciex8086,6f1f"
+imcstub "pciex8086,6f28"
+imcstub "pciex8086,6f60"
+imcstub "pciex8086,6f68"
+imcstub "pciex8086,6f6a"
+imcstub "pciex8086,6f6b"
+imcstub "pciex8086,6f6c"
+imcstub "pciex8086,6f6d"
+imcstub "pciex8086,6f71"
+imcstub "pciex8086,6f79"
+imcstub "pciex8086,6fa0"
+imcstub "pciex8086,6fa8"
+imcstub "pciex8086,6faa"
+imcstub "pciex8086,6fab"
+imcstub "pciex8086,6fac"
+imcstub "pciex8086,6fad"
+imcstub "pciex8086,6ffc"
+imcstub "pciex8086,6ffd"
+intel_nb5000 "pci8086,25c0"
+intel_nb5000 "pci8086,25d0"
+intel_nb5000 "pci8086,25d4"
+intel_nb5000 "pci8086,25d8"
+intel_nb5000 "pci8086,3600"
+intel_nb5000 "pci8086,4000"
+intel_nb5000 "pci8086,4001"
+intel_nb5000 "pci8086,4003"
+intel_nb5000 "pci8086,65c0"
+intel_nhm "pci8086,3423"
+intel_nhm "pci8086,372a"
+intel_nhmex "pci8086,3422"
+intel_nhmex "pci8086,3438"
+ioat "pciex8086,1a38"
+ioat "pciex8086,360b"
+ioat "pciex8086,402f"
+iprb "pci8086,1029"
+iprb "pci8086,1030"
+iprb "pci8086,1031"
+iprb "pci8086,1032"
+iprb "pci8086,1038"
+iprb "pci8086,1039"
+iprb "pci8086,103d"
+iprb "pci8086,103d.8086.103d"
+iprb "pci8086,1050"
+iprb "pci8086,1050.8086.3020"
+iprb "pci8086,1050.8086.302f"
+iprb "pci8086,1050.8086.3427"
+iprb "pci8086,1059"
+iprb "pci8086,1064"
+iprb "pci8086,1068"
+iprb "pci8086,1069"
+iprb "pci8086,1092"
+iprb "pci8086,1209"
+iprb "pci8086,1229"
+iprb "pci8086,1229.8086.1"
+iprb "pci8086,1229.8086.10"
+iprb "pci8086,1229.8086.1009"
+iprb "pci8086,1229.8086.100c"
+iprb "pci8086,1229.8086.1012"
+iprb "pci8086,1229.8086.1013"
+iprb "pci8086,1229.8086.1015"
+iprb "pci8086,1229.8086.1016"
+iprb "pci8086,1229.8086.1017"
+iprb "pci8086,1229.8086.1030"
+iprb "pci8086,1229.8086.1040"
+iprb "pci8086,1229.8086.1041"
+iprb "pci8086,1229.8086.1042"
+iprb "pci8086,1229.8086.1050"
+iprb "pci8086,1229.8086.1051"
+iprb "pci8086,1229.8086.1052"
+iprb "pci8086,1229.8086.10f0"
+iprb "pci8086,1229.8086.11"
+iprb "pci8086,1229.8086.12"
+iprb "pci8086,1229.8086.1229"
+iprb "pci8086,1229.8086.13"
+iprb "pci8086,1229.8086.2"
+iprb "pci8086,1229.8086.2009"
+iprb "pci8086,1229.8086.200d"
+iprb "pci8086,1229.8086.200e"
+iprb "pci8086,1229.8086.200f"
+iprb "pci8086,1229.8086.2010"
+iprb "pci8086,1229.8086.2013"
+iprb "pci8086,1229.8086.2016"
+iprb "pci8086,1229.8086.2017"
+iprb "pci8086,1229.8086.2018"
+iprb "pci8086,1229.8086.2019"
+iprb "pci8086,1229.8086.2101"
+iprb "pci8086,1229.8086.2102"
+iprb "pci8086,1229.8086.2103"
+iprb "pci8086,1229.8086.2104"
+iprb "pci8086,1229.8086.2105"
+iprb "pci8086,1229.8086.2106"
+iprb "pci8086,1229.8086.2107"
+iprb "pci8086,1229.8086.2108"
+iprb "pci8086,1229.8086.2200"
+iprb "pci8086,1229.8086.2201"
+iprb "pci8086,1229.8086.2202"
+iprb "pci8086,1229.8086.2203"
+iprb "pci8086,1229.8086.2204"
+iprb "pci8086,1229.8086.2205"
+iprb "pci8086,1229.8086.2206"
+iprb "pci8086,1229.8086.2207"
+iprb "pci8086,1229.8086.2208"
+iprb "pci8086,1229.8086.2402"
+iprb "pci8086,1229.8086.2407"
+iprb "pci8086,1229.8086.2408"
+iprb "pci8086,1229.8086.2409"
+iprb "pci8086,1229.8086.240f"
+iprb "pci8086,1229.8086.2410"
+iprb "pci8086,1229.8086.2411"
+iprb "pci8086,1229.8086.2412"
+iprb "pci8086,1229.8086.2413"
+iprb "pci8086,1229.8086.3"
+iprb "pci8086,1229.8086.30"
+iprb "pci8086,1229.8086.3000"
+iprb "pci8086,1229.8086.3001"
+iprb "pci8086,1229.8086.3002"
+iprb "pci8086,1229.8086.3006"
+iprb "pci8086,1229.8086.3007"
+iprb "pci8086,1229.8086.3008"
+iprb "pci8086,1229.8086.3010"
+iprb "pci8086,1229.8086.3011"
+iprb "pci8086,1229.8086.3012"
+iprb "pci8086,1229.8086.301a"
+iprb "pci8086,1229.8086.31"
+iprb "pci8086,1229.8086.3411"
+iprb "pci8086,1229.8086.4"
+iprb "pci8086,1229.8086.40"
+iprb "pci8086,1229.8086.41"
+iprb "pci8086,1229.8086.42"
+iprb "pci8086,1229.8086.5"
+iprb "pci8086,1229.8086.50"
+iprb "pci8086,1229.8086.6"
+iprb "pci8086,1229.8086.7"
+iprb "pci8086,1229.8086.8"
+iprb "pci8086,1229.8086.9"
+iprb "pci8086,1229.8086.a"
+iprb "pci8086,1229.8086.b"
+iprb "pci8086,1229.8086.c"
+iprb "pci8086,1229.8086.d"
+iprb "pci8086,1229.8086.e"
+iprb "pci8086,1229.8086.f"
+iprb "pci8086,2449"
+iprb "pci8086,2449.8086.3010"
+iprb "pci8086,2449.8086.3011"
+iprb "pci8086,2449.8086.3012"
+iprb "pci8086,2449.8086.3013"
+iprb "pci8086,2449.8086.3014"
+iprb "pci8086,2449.8086.3015"
+iprb "pci8086,2449.8086.3016"
+iprb "pci8086,2449.8086.3017"
+iprb "pci8086,2449.8086.3018"
+iprb "pci8086,27dc"
+iprb "pci8086,27dc.8086.308d"
+isa "pciclass,060100"
+iwn "pci8086,82"
+iwn "pci8086,83"
+iwn "pci8086,84"
+iwn "pci8086,85"
+iwn "pci8086,87"
+iwn "pci8086,89"
+iwn "pci8086,8a"
+iwn "pci8086,8b"
+iwn "pci8086,8d"
+iwn "pci8086,8e"
+iwn "pci8086,90"
+iwn "pci8086,91"
+iwn "pci8086,887"
+iwn "pci8086,888"
+iwn "pci8086,88e"
+iwn "pci8086,88f"
+iwn "pci8086,890"
+iwn "pci8086,891"
+iwn "pci8086,892"
+iwn "pci8086,893"
+iwn "pci8086,894"
+iwn "pci8086,895"
+iwn "pci8086,896"
+iwn "pci8086,897"
+iwn "pci8086,8ae"
+iwn "pci8086,422b"
+iwn "pci8086,422c"
+iwn "pci8086,4236"
+iwn "pci8086,4238"
+iwn "pci8086,4239"
+ixgb "pci8086,1048"
+ixgb "pci8086,109e"
+ixgb "pci8086,1a48"
+ixgb "pci8086,a11f"
+ixgbe "pciex8086,10b6"
+ixgbe "pciex8086,10c6"
+ixgbe "pciex8086,10c7"
+ixgbe "pciex8086,10c8"
+ixgbe "pciex8086,10db"
+ixgbe "pciex8086,10dd"
+ixgbe "pciex8086,10e1"
+ixgbe "pciex8086,10ec"
+ixgbe "pciex8086,10f1"
+ixgbe "pciex8086,10f4"
+ixgbe "pciex8086,10f7"
+ixgbe "pciex8086,10f8"
+ixgbe "pciex8086,10f9"
+ixgbe "pciex8086,10fb"
+ixgbe "pciex8086,10fc"
+ixgbe "pciex8086,1507"
+ixgbe "pciex8086,1508"
+ixgbe "pciex8086,150b"
+ixgbe "pciex8086,1514"
+ixgbe "pciex8086,1517"
+ixgbe "pciex8086,151c"
+ixgbe "pciex8086,1528"
+ixgbe "pciex8086,154d"
+ixgbe "pciex8086,154a"
+ixgbe "pciex8086,1557"
+ixgbe "pciex8086,1558"
+ixgbe "pciex8086,1560"
+ixgbe "pciex8086,1563"
+ixgbe "pciex8086,15aa"
+ixgbe "pciex8086,15ab"
+ixgbe "pciex8086,15ac"
+ixgbe "pciex8086,15ad"
+ixgbe "pciex8086,15ae"
+ixgbe "pciex8086,15d1"
+kb8042 "pnpPNP,303"
+lsimega "pci1000,1960"
+lsimega "pci1000,407"
+lsimega "pci1000,407.1000.532"
+lsimega "pci1000,408"
+lsimega "pci1000,408.1000.2"
+lsimega "pci1000,409"
+lsimega "pci1028,13"
+marvell88sx "pci11ab,5040"
+marvell88sx "pci11ab,5041"
+marvell88sx "pci11ab,5080"
+marvell88sx "pci11ab,5081"
+marvell88sx "pci11ab,6041.9"
+marvell88sx "pci11ab,6081.9"
+mc-amd "pci1022,1100"
+mc-amd "pci1022,1101"
+mc-amd "pci1022,1102"
+mega_sas "pci1000,411.1000.1001"
+mega_sas "pci1000,411.1000.1002"
+mega_sas "pci1000,411.1000.1003"
+mega_sas "pci1000,411.1000.1004"
+mega_sas "pci1000,411.1000.1008"
+mega_sas "pci1000,411.1000.100c"
+mega_sas "pci1000,411.1000.100d"
+mega_sas "pci1000,411.1000.2004"
+mega_sas "pci1000,411.1000.2005"
+mega_sas "pci1000,411.1033.8287"
+mega_sas "pci1000,411.1054.3016"
+mega_sas "pci1000,411.1734.1081"
+mega_sas "pci1000,411.1734.10a3"
+mega_sas "pci1000,411.8086.1001"
+mega_sas "pci1000,411.8086.1003"
+mega_sas "pci1000,411.8086.1008"
+mega_sas "pci1000,411.8086.3490"
+mega_sas "pci1000,411.8086.3500"
+mega_sas "pci1000,411.8086.3501"
+mega_sas "pci1000,411.8086.3504"
+mega_sas "pci1000,411.8086.3507"
+mega_sas "pci1000,413.1000.1005"
+mega_sas "pci1000,57.8086.3002"
+mega_sas "pci1000,60.1000.1006"
+mega_sas "pci1000,60.1000.100a"
+mega_sas "pci1000,60.1000.100e"
+mega_sas "pci1000,60.1000.100f"
+mega_sas "pci1000,60.1000.1010"
+mega_sas "pci1000,60.1000.1011"
+mega_sas "pci1000,60.1000.1012"
+mega_sas "pci1000,60.1000.1013"
+mega_sas "pci1000,60.1000.1014"
+mega_sas "pci1000,60.1000.1015"
+mega_sas "pci1000,60.1000.1016"
+mega_sas "pci1000,60.1000.1017"
+mega_sas "pci1000,60.1000.1018"
+mega_sas "pci1000,60.1000.1019"
+mega_sas "pci1000,60.1000.101a"
+mega_sas "pci1000,60.1000.101b"
+mega_sas "pci1000,60.1000.1021"
+mega_sas "pci1000,60.1000.1022"
+mega_sas "pci1000,60.1014.363"
+mega_sas "pci1000,60.1014.364"
+mega_sas "pci1000,60.1014.365"
+mega_sas "pci1000,60.1014.379"
+mega_sas "pci1000,60.1014.3a2"
+mega_sas "pci1000,60.1014.3ac"
+mega_sas "pci1000,60.1028.1f0a"
+mega_sas "pci1000,60.1028.1f0b"
+mega_sas "pci1000,60.1028.1f0c"
+mega_sas "pci1000,60.1028.1f0d"
+mega_sas "pci1000,60.1028.1f11"
+mega_sas "pci1000,60.1033.835a"
+mega_sas "pci1000,60.1033.836e"
+mega_sas "pci1000,60.1043.824d"
+mega_sas "pci1000,60.1054.3019"
+mega_sas "pci1000,60.1170.2f"
+mega_sas "pci1000,60.1170.34"
+mega_sas "pci1000,60.1170.36"
+mega_sas "pci1000,60.1458.1000"
+mega_sas "pci1000,60.15d9.c080"
+mega_sas "pci1000,60.1734.10f9"
+mega_sas "pci1000,60.1734.1102"
+mega_sas "pci1000,60.1734.114b"
+mega_sas "pci1000,60.17aa.6b7c"
+mega_sas "pci1000,60.18a1.3"
+mega_sas "pci1000,60.19e5.2001"
+mega_sas "pci1000,60.19e5.2002"
+mega_sas "pci1000,60.19e5.2003"
+mega_sas "pci1000,60.19e5.2004"
+mega_sas "pci1000,60.19e5.2005"
+mega_sas "pci1000,60.19e5.2006"
+mega_sas "pci1000,60.19e5.2010"
+mega_sas "pci1000,60.19e5.2011"
+mega_sas "pci1000,60.19e5.2012"
+mega_sas "pci1000,60.19e5.2013"
+mega_sas "pci1000,60.19e5.2014"
+mega_sas "pci1000,60.19e5.2015"
+mega_sas "pci1000,60.19e5.2016"
+mega_sas "pci1000,60.19e5.2017"
+mega_sas "pci1000,60.19e5.2018"
+mega_sas "pci1000,60.19e5.2019"
+mega_sas "pci1000,60.19e5.201a"
+mega_sas "pci1000,60.19e5.d203"
+mega_sas "pci1000,60.1b0a.14"
+mega_sas "pci1000,60.1fca.2163"
+mega_sas "pci1000,60.1fca.2164"
+mega_sas "pci1000,60.8086.1006"
+mega_sas "pci1000,60.8086.100a"
+mega_sas "pci1000,60.8086.1010"
+mega_sas "pci1000,60.8086.1013"
+mega_sas "pci1000,60.8086.1021"
+mega_sas "pci1000,60.8086.34cc"
+mega_sas "pci1000,60.8086.34cd"
+mega_sas "pci1000,60.8086.34e4"
+mega_sas "pci1000,60.8086.3505"
+mega_sas "pci1000,60.8086.3508"
+mega_sas "pci1000,7c.1000.101c"
+mega_sas "pci1000,7c.1000.101d"
+mega_sas "pci1000,7c.1014.395"
+mega_sas "pci1028,15.1028.1f01"
+mega_sas "pci1028,15.1028.1f02"
+mega_sas "pci1028,15.1028.1f03"
+mouse8042 "pnpPNP,f03"
+mpt "pci1000,30"
+mpt "pci1000,50"
+mpt "pci1000,54"
+mpt "pci1000,56"
+mpt "pci1000,58"
+mpt "pci1000,62"
+mpt "pciex1000,56"
+mpt "pciex1000,58"
+mpt "pciex1000,62"
+mpt_sas "pci1000,64"
+mpt_sas "pci1000,70"
+mpt_sas "pci1000,72"
+mpt_sas "pci1000,76"
+mpt_sas "pciex1000,64"
+mpt_sas "pciex1000,65"
+mpt_sas "pciex1000,6e"
+mpt_sas "pciex1000,70"
+mpt_sas "pciex1000,72"
+mpt_sas "pciex1000,74"
+mpt_sas "pciex1000,76"
+mpt_sas "pciex1000,77"
+mpt_sas "pciex1000,7e"
+mpt_sas "pciex1000,80"
+mpt_sas "pciex1000,81"
+mpt_sas "pciex1000,82"
+mpt_sas "pciex1000,83"
+mpt_sas "pciex1000,84"
+mpt_sas "pciex1000,85"
+mpt_sas "pciex1000,86"
+mpt_sas "pciex1000,87"
+mpt_sas "pciex1000,90"
+mpt_sas "pciex1000,91"
+mpt_sas "pciex1000,92"
+mpt_sas "pciex1000,93"
+mpt_sas "pciex1000,94"
+mpt_sas "pciex1000,95"
+mpt_sas "pciex1000,96"
+mpt_sas "pciex1000,97"
+mpt_sas "pciex1000,aa"
+mpt_sas "pciex1000,ab"
+mpt_sas "pciex1000,ac"
+mpt_sas "pciex1000,ad"
+mpt_sas "pciex1000,ae"
+mpt_sas "pciex1000,af"
+mpt_sas "pciex1000,c0"
+mpt_sas "pciex1000,c1"
+mpt_sas "pciex1000,c2"
+mpt_sas "pciex1000,c3"
+mpt_sas "pciex1000,c4"
+mpt_sas "pciex1000,c5"
+mpt_sas "pciex1000,c6"
+mpt_sas "pciex1000,c7"
+mpt_sas "pciex1000,c8"
+mpt_sas "pciex1000,c9"
+mpt_sas "pciex1000,d0"
+mpt_sas "pciex1000,d1"
+mpt_sas "pciex1000,d2"
+mr_sas "pciex1000,52"
+mr_sas "pciex1000,53"
+mr_sas "pciex1000,5b"
+mr_sas "pciex1000,5d"
+mr_sas "pciex1000,5f"
+mr_sas "pciex1000,71"
+mr_sas "pciex1000,73"
+mr_sas "pciex1000,ce"
+mr_sas "pciex1000,cf"
+mwl "pci11ab,2a0a"
+mwl "pci11ab,2a24"
+mxfe "pci10d9,512"
+mxfe "pci10d9,531"
+mxfe "pci11ad,c115"
+mxfe "pci11fc,9881"
+myri10ge "pci14c1,8"
+myri10ge "pci14c1,9"
+myri10ge "pciex14c1,8"
+myri10ge "pciex14c1,9"
+nfp "pci1011,1065.100.100"
+nfp "pciex1011,1065.100.100"
+nfp "pci8086,b555.100.100"
+nfp "pciex8086,b555.100.100"
+nge "pci10de,268"
+nge "pci10de,269"
+nge "pci10de,37"
+nge "pci10de,372"
+nge "pci10de,373"
+nge "pci10de,38"
+nge "pci10de,3ee"
+nge "pci10de,3ef"
+nge "pci10de,56"
+nge "pci10de,57"
+nge "pci10de,760"
+nge "pci10de,ab0"
+nge "pci10de,df"
+nge "pci10de,e6"
+npe "pciex_root_complex"
+ntxn "pci4040,1"
+ntxn "pci4040,100"
+ntxn "pci4040,2"
+ntxn "pci4040,24"
+ntxn "pci4040,25"
+ntxn "pci4040,3"
+ntxn "pci4040,4"
+ntxn "pci4040,5"
+nulldriver "scsa,nodev"
+nulldriver "scsa,probe"
+nv_sata "pci10de,266"
+nv_sata "pci10de,267"
+nv_sata "pci10de,36"
+nv_sata "pci10de,37e"
+nv_sata "pci10de,37f"
+nv_sata "pci10de,3e"
+nv_sata "pci10de,3f6"
+nv_sata "pci10de,3f7"
+nv_sata "pci10de,54"
+nv_sata "pci10de,55"
+nvme "pciclass,010802"
+nvme "pciexclass,010802"
+nxge "SUNW,niusl"
+nxge "pciex108e,abcd"
+oce "pciex19a2,700"
+oce "pciex19a2,710"
+ohci "pciclass,0c0310"
+pcata "pccard,disk"
+pchtemp "pci8086,8ca4"
+pchtemp "pci8086,8c24"
+pchtemp "pci8086,8d24"
+pchtemp "pci8086,9d31"
+pchtemp "pci8086,a1b1"
+pchtemp "pci8086,a231"
+pchtemp "pci8086,a2b1"
+pchtemp "pci8086,a131"
+pchtemp "pci8086,a379"
+pci_pci "pci1011,1"
+pci_pci "pci1011,21"
+pci_pci "pci1014,22"
+pci_pci "pciclass,060400"
+pci_pci "pciclass,060401"
+pcic "pciclass,060500"
+pcic "pciclass,060700"
+pcieb "pciexclass,060400"
+pcieb "pciexclass,060401"
+pcn "pci1022,2000"
+pcn "pci103c,104c"
+pcser "pccard,Intel_MODEM_2400+_iNC110US_A-"
+pcser "pccard,serial"
+pcser "pccard102,2"
+pcser "pccard102,5"
+pit_beep "SUNW,pit_beep"
+pmcs "pciex11f8,8001"
+pseudo "zconsnex"
+pseudo "zfdnex"
+pvscsi "pci15ad,7c0"
+qede "pciex1077,1634"
+qede "pciex1077,1629"
+qede "pciex1077,1630"
+qede "pciex1077,1656"
+qede "pciex1077,1654"
+qede "pciex1077,1666"
+qede "pciex1077,8070"
+qede "pciex1077,8071"
+qede "pciex1077,8072"
+qede "pciex1077,8073"
+qlc "pci1077,132"
+qlc "pci1077,2200"
+qlc "pci1077,2300"
+qlc "pci1077,2312"
+qlc "pci1077,2422"
+qlc "pciex1077,2432"
+qlc "pciex1077,2532"
+qlc "pciex1077,5432"
+qlc "pciex1077,8001"
+qlc "pciex1077,8021"
+qlge "pciex1077,8000"
+rge "pci10ec,8136"
+rge "pci10ec,8167"
+rge "pci10ec,8168"
+rge "pci10ec,8169"
+rge "pci16ec,116"
+rge "pciex10ec,8136"
+rtls "pci10ec,8139"
+rtls "pci1113,1211"
+rtls "pci1186,1300"
+rtls "pci1186,1301"
+rum "usb1044,800a"
+rum "usb13b1,20"
+rum "usb148f,2573"
+rum "usb15a9,4"
+rum "usb7d1,3c03"
+rum "usb7d1,3c04"
+rum "usbb05,1723"
+scsa1394 "firewire00609e,010483"
+scsa2usb "usb584,222"
+scsa2usb "usbif,class8"
+sd "scsiclass,00"
+sd "scsiclass,05"
+sdhost "pciclass,080500"
+sdhost "pciclass,080501"
+ses "scsiclass,03S"
+ses "scsiclass,0d"
+sfe "pci100b,20"
+sfe "pci1039,7016"
+sfe "pci1039,900"
+sfxge "pci1924,803"
+sfxge "pci1924,810"
+sfxge "pci1924,813"
+sfxge "pci1924,901"
+sfxge "pci1924,903"
+sfxge "pci1924,923"
+sgen "scsa,08.bfcp"
+sgen "scsa,08.bvhci"
+smrt "pci103c,1920"
+smrt "pci103c,1921"
+smrt "pci103c,1922"
+smrt "pci103c,1923"
+smrt "pci103c,1924"
+smrt "pci103c,1926"
+smrt "pci103c,1928"
+smrt "pci103c,21bd"
+smrt "pci103c,21be"
+smrt "pci103c,21bf"
+smrt "pci103c,21c0"
+smrt "pci103c,21c1"
+smrt "pci103c,21c2"
+smrt "pci103c,21c3"
+smrt "pci103c,21c5"
+smrt "pci103c,21c6"
+smrt "pci103c,21c7"
+smrt "pci103c,21c8"
+smrt "pci103c,21ca"
+smrt "pci103c,21cb"
+smrt "pci103c,21cc"
+smrt "pci103c,21cd"
+smrt "pci103c,21ce"
+smrt "pci103c,3241"
+smrt "pci103c,3243"
+smrt "pci103c,3245"
+smrt "pci103c,3247"
+smrt "pci103c,3249"
+smrt "pci103c,324a"
+smrt "pci103c,324b"
+smrt "pci103c,3350"
+smrt "pci103c,3351"
+smrt "pci103c,3352"
+smrt "pci103c,3353"
+smrt "pci103c,3354"
+smrt "pci103c,3355"
+smrt "pci103c,3356"
+si3124 "pci1095,3124"
+si3124 "pci1095,3132"
+skd "pciex1b39,1"
+st "scsiclass,01"
+t4nex "pciex1425,4400"
+t4nex "pciex1425,4401"
+t4nex "pciex1425,4402"
+t4nex "pciex1425,4403"
+t4nex "pciex1425,4404"
+t4nex "pciex1425,4405"
+t4nex "pciex1425,4406"
+t4nex "pciex1425,4407"
+t4nex "pciex1425,4408"
+t4nex "pciex1425,4409"
+t4nex "pciex1425,440a"
+t4nex "pciex1425,440d"
+t4nex "pciex1425,440e"
+t4nex "pciex1425,5400"
+t4nex "pciex1425,5401"
+t4nex "pciex1425,5402"
+t4nex "pciex1425,5403"
+t4nex "pciex1425,5404"
+t4nex "pciex1425,5405"
+t4nex "pciex1425,5406"
+t4nex "pciex1425,5407"
+t4nex "pciex1425,5408"
+t4nex "pciex1425,5409"
+t4nex "pciex1425,540a"
+t4nex "pciex1425,540b"
+t4nex "pciex1425,540c"
+t4nex "pciex1425,540d"
+t4nex "pciex1425,540e"
+t4nex "pciex1425,540f"
+t4nex "pciex1425,5410"
+t4nex "pciex1425,5411"
+t4nex "pciex1425,5412"
+t4nex "pciex1425,5413"
+t4nex "pciex1425,5414"
+t4nex "pciex1425,5415"
+t4nex "pciex1425,5416"
+t4nex "pciex1425,5417"
+t4nex "pciex1425,5418"
+t4nex "pciex1425,5480"
+t4nex "pciex1425,5481"
+t4nex "pciex1425,5482"
+t4nex "pciex1425,5486"
+t4nex "pciex1425,5487"
+t4nex "pciex1425,5488"
+t4nex "pciex1425,5489"
+t4nex "pciex1425,5490"
+t4nex "pciex1425,5491"
+t4nex "pciex1425,5492"
+t4nex "pciex1425,5493"
+t4nex "pciex1425,5494"
+t4nex "pciex1425,5495"
+t4nex "pciex1425,5496"
+t4nex "pciex1425,5497"
+t4nex "pciex1425,5498"
+t4nex "pciex1425,5499"
+t4nex "pciex1425,549a"
+t4nex "pciex1425,549b"
+t4nex "pciex1425,549c"
+t4nex "pciex1425,549d"
+t4nex "pciex1425,549e"
+t4nex "pciex1425,549f"
+t4nex "pciex1425,54a0"
+t4nex "pciex1425,54a1"
+t4nex "pciex1425,6400"
+t4nex "pciex1425,6401"
+t4nex "pciex1425,6402"
+t4nex "pciex1425,6403"
+t4nex "pciex1425,6404"
+t4nex "pciex1425,6405"
+t4nex "pciex1425,6406"
+t4nex "pciex1425,6407"
+t4nex "pciex1425,6408"
+t4nex "pciex1425,6409"
+t4nex "pciex1425,640d"
+t4nex "pciex1425,6410"
+t4nex "pciex1425,6411"
+t4nex "pciex1425,6414"
+t4nex "pciex1425,6415"
+t4nex "pciex1425,6480"
+t4nex "pciex1425,6481"
+tavor "pci15b3,5a44"
+tavor "pci15b3,5a45"
+tavor "pci15b3,6278"
+tavor "pci15b3,6279"
+tavor "pciex15b3,6278"
+tavor "pciex15b3,6279"
+udmf "usb7aa,9601"
+udmf "usba46,6688"
+udmf "usba46,268"
+udmf "usba46,9601"
+udmf "usbfe6,8101"
+ugen "usbif51d,class3"
+upf "usb7a6,8511"
+upf "usb411,5"
+upf "usb4bb,904"
+upf "usb4bb,93a"
+upf "usb506,4601"
+upf "usb557,2007"
+upf "usb7b8,110c"
+upf "usb7b8,4104"
+upf "usb7b8,4004"
+upf "usb7b8,4007"
+upf "usb7b8,4102"
+upf "usb7b8,4002"
+upf "usb7b8,400b"
+upf "usb7b8,400c"
+upf "usb7b8,abc1"
+upf "usb7b8,200c"
+upf "usb83a,1046"
+upf "usb83a,5046"
+upf "usb83a,b004"
+upf "usb7a6,8513"
+upf "usb7a6,8515"
+upf "usb7a6,986"
+upf "usb7a6,1986"
+upf "usb334,1701"
+upf "usb7c9,b100"
+upf "usb50d,121"
+upf "usb8dd,986"
+upf "usb8dd,987"
+upf "usb8dd,988"
+upf "usb8dd,8511"
+upf "usb49f,8511"
+upf "usb7aa,4"
+upf "usb7aa,d"
+upf "usb2001,4001"
+upf "usb2001,4002"
+upf "usb2001,4102"
+upf "usb2001,400b"
+upf "usb2001,200c"
+upf "usb2001,4003"
+upf "usb2001,abc1"
+upf "usbdb7,2"
+upf "usb1342,304"
+upf "usb56e,4010"
+upf "usb5cc,3000"
+upf "usb1044,8002"
+upf "usbe66,400c"
+upf "usb3f0,811c"
+upf "usb4bb,913"
+upf "usb951,a"
+upf "usb56e,4002"
+upf "usb56e,4005"
+upf "usb56e,400b"
+upf "usb56e,abc1"
+upf "usb56e,200c"
+upf "usb66b,2202"
+upf "usb66b,2203"
+upf "usb66b,2204"
+upf "usb66b,2206"
+upf "usb66b,8b4"
+upf "usb66b,400b"
+upf "usb66b,200c"
+upf "usb411,1"
+upf "usb411,9"
+upf "usb45e,7a"
+upf "usb846,1020"
+upf "usbb3p,109"
+upf "usbb3p,901"
+upf "usb8d1,3"
+upf "usb707,200"
+upf "usb707,201"
+upf "usb15e8,9100"
+upf "usb15e8,9110"
+upf "usb67c,1001"
+urf "usbbda,8150"
+urf "usb411,12"
+urf "usb3980,3"
+urf "usb7b8,401a"
+urf "usb1557,8150"
+urf "usb586,401a"
+uhci "pciclass,0c0300"
+usb_ac "usbif,class1.1"
+usb_as "usbif,class1.2"
+usb_ia "usb,ia"
+usb_mid "usb,device"
+usbecm "usb,class2.6.0"
+usbecm "usb430,a4a2"
+usbecm "usbif,class2.6"
+usbftdi "usb403,6001"
+usbftdi "usb403,6015"
+usbftdi "usb403,cc48"
+usbftdi "usb403,cc49"
+usbftdi "usb403,cc4a"
+usbftdi "usb403,e888"
+usbftdi "usb403,e889"
+usbftdi "usb403,e88b"
+usbftdi "usb403,e88c"
+usbftdi "usb403,fa00"
+usbftdi "usb403,fa01"
+usbftdi "usb403,fa02"
+usbftdi "usb403,fa03"
+usbftdi "usb403,fa04"
+usbftdi "usb403,fc08"
+usbftdi "usb403,fc09"
+usbftdi "usb403,fc0b"
+usbftdi "usb403,fc0c"
+usbftdi "usb403,fc0d"
+usbftdi "usb403,fc82"
+usbftdi "usb411,00b3"
+usbftdi "usb7cc,0421"
+usbftdi "usb856,ac01"
+usbftdi "usb93c,0601"
+usbftdi "usb93c,0701"
+usbprn "usbif,class7.1"
+usbsacm "usb,class2.2.0"
+usbsacm "usb1410,1110"
+usbsacm "usbc88,17da"
+usbsacm "usbif,class2.2"
+usbser_edge "usbif1608,1.100.config1.0"
+usbser_edge "usbif1608,1.config1.0"
+usbser_edge "usbif1608,10.config1.0"
+usbser_edge "usbif1608,11.config1.0"
+usbser_edge "usbif1608,12.config1.0"
+usbser_edge "usbif1608,13.config1.0"
+usbser_edge "usbif1608,14.config1.0"
+usbser_edge "usbif1608,201.config1.0"
+usbser_edge "usbif1608,205.config1.0"
+usbser_edge "usbif1608,206.config1.0"
+usbser_edge "usbif1608,207.config1.0"
+usbser_edge "usbif1608,20c.config1.0"
+usbser_edge "usbif1608,20d.config1.0"
+usbser_edge "usbif1608,215.config1.0"
+usbser_edge "usbif1608,217.config1.0"
+usbser_edge "usbif1608,21a.config1.0"
+usbser_edge "usbif1608,240.config1.0"
+usbser_edge "usbif1608,241.config1.0"
+usbser_edge "usbif1608,242.config1.0"
+usbser_edge "usbif1608,243.config1.0"
+usbser_edge "usbif1608,244.config1.0"
+usbser_edge "usbif1608,247.config1.0"
+usbser_edge "usbif1608,3.config1.0"
+usbser_edge "usbif1608,4.config1.0"
+usbser_edge "usbif1608,5.config1.0"
+usbser_edge "usbif1608,6.config1.0"
+usbser_edge "usbif1608,7.config1.0"
+usbser_edge "usbif1608,c.config1.0"
+usbser_edge "usbif1608,d.config1.0"
+usbser_edge "usbif1608,e.config1.0"
+usbser_edge "usbif1608,f.config1.0"
+usbsksp "usb6cd,11a"
+usbsksp "usb6cd,121"
+usbsksp "usb6cd,12a"
+usbsksp "usb6cd,131"
+usbsprl "usb557,2008"
+usbsprl "usb56e,5004"
+usbsprl "usb5ad,fba"
+usbsprl "usb6189,2068"
+usbsprl "usb67b,2303"
+usbsprl "usb67b,aaa2"
+vgatext "pciclass,000100"
+vgatext "pciclass,030000"
+vgatext "pciclass,030001"
+vgatext "pnpPNP,900"
 vmxnet "pci15ad,720"
+vmxnet3s "pci15ad,7b0"
+vr "pci1106,3043"
+vr "pci1106,3053"
+vr "pci1106,3065"
+vr "pci1106,3106"
+xge "pci17d5,5731"
+xge "pci17d5,5831"
+xge "pci17d5,5832"
+xhci "pciclass,0c0330"
+xnbe "xnb,ioemu"
+xnbo "xnb"
+xnbo "xnb,SUNW_mac"
+xnbu "xnb,netfront"
+xpv "pci5853,1.1"
+yge "pciex1186,4b00"
+yge "pciex11ab,4354"
+yge "pciex11ab,4355"
+yge "pciex11ab,4362"
+yge "pciex11ab,4363"
+yge "pciex11ab,4364"
+yge "pciex11ab,436a"
+vioblk "pci1af4,1001"
+vioif "pci1af4,1"
diff --git a/usr/src/uts/intel/os/driver_classes b/usr/src/uts/intel/os/driver_classes
index e69de29bb2..3124f9a28b 100644
--- a/usr/src/uts/intel/os/driver_classes
+++ b/usr/src/uts/intel/os/driver_classes
@@ -0,0 +1,30 @@
+scsi_vhci	scsi-self-identifying
+mpt	scsi
+pci_pci	pci
+cpqary3	scsi
+aac	scsi
+adpu320	scsi
+ahci	scsi-self-identifying
+amr	scsi
+arcmsr	scsi
+bcm_sata	scsi-self-identifying
+isa	sysbus
+pci	pci
+emlxs	fibre-channel
+iscsi	scsi-self-identify
+lsimega	scsi
+mpt_sas	scsi-self-identifying
+mr_sas	scsi-self-identifying
+mega_sas	scsi
+marvell88sx	scsi-self-identifying
+nv_sata	scsi-self-identifying
+pcic	pcmcia
+glm	scsi
+pmcs	scsi-self-identifying
+ata	dada
+ata	scsi
+qlc	fibre-channel
+si3124	scsi-self-identifying
+dr_sas	scsi-self-identifying
+skd	disk
+smrt	scsi-self-identifying
diff --git a/usr/src/uts/intel/os/minor_perm b/usr/src/uts/intel/os/minor_perm
index dbc6a35081..52aa933f0a 100644
--- a/usr/src/uts/intel/os/minor_perm
+++ b/usr/src/uts/intel/os/minor_perm
@@ -1,6 +1,273 @@
+spwr:* 0666 root sys
+dump:dump 0660 root sys
+id:* 0640 root sys
+kstat:* 0666 root sys
+ksyms:* 0666 root sys
+logi:l 0666 root sys
+msm:l 0666 root sys
+pts:* 0644 root sys
+pts:0 0620 root tty
+pts:1 0620 root tty
+pts:2 0620 root tty
+pts:3 0620 root tty
+svvslo:* 0666 root sys
+vol:volctl 0666 root sys
+tnf:tnfctl 0600 root sys
+tnf:tnfmap 0600 root sys
+fssnap:* 0640 root sys
+fssnap:ctl 0666 root sys
+rsm:* 0666 root sys
+vni:* 0666 root sys
+bmc:bmc 0666 root sys
+glm:* 0755 root sys
+usbsacm:* 0666 root sys
+sdpib:* 0644 root sys
+i915:* 0644 root sys
+rdc:* 0666 root sys
+md:* 0640 root sys
+md:admin 0644 root sys
+iscsi:* 0600 root sys
+dcam1394:* 0666 root sys
+nv_sata:* 0644 root sys
+smp:* 0644 root sys
+sv:* 0666 root sys
+dmfe:* 0666 root sys
+clone:dmfe 0666 root sys
+clone:ptmx 0666 root sys
+ehci:* 0644 root sys
+hid:* 0600 root sys
+hubd:* 0644 root sys
+hwahc:* 0644 root sys
+hwarc:* 0644 root sys
+ohci:* 0644 root sys
+uhci:* 0644 root sys
+usb_ac:* 0600 root sys
+usb_as:* 0600 root sys
+usbprn:* 0666 root sys
+wusb_ca:* 0666 root sys
+wusb_df:* 0666 root sys
+ipw:* 0666 root sys
+clone:ipw 0666 root sys
+fcip:* 0600 root sys
+ral:* 0666 root sys
+clone:ral 0666 root sys
+daplt:* 0644 root sys
+atiatom:* 0644 root sys
+rtw:* 0666 root sys
+clone:rtw 0666 root sys
+usbsksp:* 0666 root sys
+wpi:* 0666 root sys
+clone:wpi 0666 root sys
+pcser:* 0666 uucp uucp
+dtrace:* 0666 root sys
+fasttrap:fasttrap 0666 root sys
+fbt:fbt 0644 root sys
+lockstat:* 0644 root sys
+profile:profile 0644 root sys
+sdt:sdt 0644 root sys
+systrace:systrace 0644 root sys
+rum:* 0666 root sys
+clone:rum 0666 root sys
+ce:* 0600 root sys
+rge:* 0666 root sys
+clone:rge 0666 root sys
+fcsm:* 0600 root sys
+bge:* 0666 root sys
+clone:bge 0666 root sys
+winlock:* 0666 root sys
+fp:* 0600 root sys
+fm:* 0644 root sys
+ipf:* 0666 root sys
+smbsrv:* 0640 root sys
+bnx:* 0644 root sys
+pcwl:* 0666 root sys
+clone:pcwl 0666 root sys
+pcan:* 0666 root sys
+clone:pcan 0666 root sys
+ural:* 0666 root sys
+clone:ural 0666 root sys
+mxfe:* 0666 root sys
+clone:mxfe 0666 root sys
+ugen:* 0644 root sys
+zyd:* 0666 root sys
+clone:zyd 0666 root sys
+qlc:* 0666 root sys
+qlge:* 0666 root sys
+igb:* 0666 root sys
+clone:igb 0666 root sys
+afe:* 0666 root sys
+clone:afe 0666 root sys
+scsa1394:* 0666 root sys
+agpgart:* 0644 root sys
+agptarget:* 0644 root sys
+amd64_gart:* 0644 root sys
+nsmb:* 0666 root sys
+fcoet:* 0600 root sys
+nvidia:* 0666 root root
+fcp:* 0600 root sys
+ahci:* 0644 root sys
+adpu320:adpu320ctl 0666 root root
+ses:* 0666 bin bin
+iwk:* 0666 root sys
+clone:iwk 0666 root sys
+iwh:* 0666 root sys
+clone:iwh 0666 root sys
+amd_iommu:* 0644 root sys
+balloon:* 0444 root sys
+domcaps:* 0444 root sys
+evtchn:* 0666 root sys
+privcmd:* 0666 root sys
+xenbus:* 0666 root sys
+xpvtap:* 0666 root sys
+ixgb:* 0666 root root
+pm:* 0666 root sys
+usbvc:* 0666 root sys
+hci1394:* 0600 root sys
+rpcib:* 0644 root sys
+nxge:* 0600 root sys
+audio:* 0666 root sys
+fcoe:* 0600 root sys
+usbser_edge:* 0666 root sys
+srpt:* 0644 root sys
+pool:pool 0666 root sys
+pool:poolctl 0666 root sys
+e1000g:* 0666 root sys
+clone:e1000g 0666 root sys
+sdp:* 0644 root sys
+sdp:sdp 0666 root sys
+ixgbe:* 0666 root sys
+clone:ixgbe 0666 root sys
+xge:* 0666 root sys
+clone:xge 0666 root sys
+aggr:* 0666 root sys
+arp:arp 0666 root sys
+bl:* 0666 root sys
+conskbd:kbd 0666 root sys
+clone:bridge 0666 root sys
+cn:* 0620 root tty
+consms:mouse 0666 root sys
+cpuid:self 0644 root sys
+crypto:crypto 0666 root sys
+cryptoadm:cryptoadm 0644 root sys
+dld:* 0666 root sys
 devinfo:devinfo 0640 root sys
 devinfo:devinfo,ro 0444 root sys
+dlpistub:* 0666 root sys
+icmp:icmp 0666 root sys
+icmp6:icmp6 0666 root sys
+ip:ip 0666 root sys
+ip6:ip6 0666 root sys
+ipnet:lo0 0666 root sys
+ipsecah:ipsecah 0666 root sys
+ipsecesp:ipsecesp 0666 root sys
+keysock:keysock 0666 root sys
+kssl:* 0666 root sys
+clone:llc1 0666 root sys
+lofi:* 0600 root sys
+lofi:ctl 0644 root sys
+log:conslog 0666 root sys
+log:log 0640 root sys
+mm:allkmem 0600 root sys
+mm:full 0666 root sys
+mm:kmem 0640 root sys
+mm:mem 0640 root sys
+mm:null 0666 root sys
+mm:zero 0666 root sys
+openeepr:openprom 0640 root sys
+ptc:* 0666 root sys
+poll:* 0666 root sys
+physmem:* 0600 root sys
+ptsl:* 0666 root sys
+rts:rts 0666 root sys
+random:* 0644 root sys
+sad:admin 0666 root sys
+sad:user 0666 root sys
+scsi_vhci:* 0666 root sys
+simnet:* 0666 root sys
+clone:simnet 0666 root sys
+sgen:* 0600 root sys
+spdsock:spdsock 0666 root sys
+st:* 0666 root sys
+sy:tty 0666 root tty
+sysevent:* 0600 root sys
+sysmsg:msglog 0600 root sys
+sysmsg:sysmsg 0600 root sys
+tcp:tcp 0666 root sys
+tcp6:tcp6 0666 root sys
+tl:* 0666 root sys
+clone:ticlts 0666 root sys
+clone:ticots 0666 root sys
+clone:ticotsord 0666 root sys
+udp:udp 0666 root sys
+vnic:* 0666 root sys
+clone:vnic 0666 root sys
+udp6:udp6 0666 root sys
+wc:* 0600 root sys
+acpi_drv:* 0666 root sys
+ramdisk:* 0600 root sys
+ramdisk:ctl 0644 root sys
+sd:* 0640 root sys
+smbios:smbios 0444 root sys
+ucode:* 0644 root sys
+iser:* 0600 root sys
+ath:* 0666 root sys
+clone:ath 0666 root sys
+usbsprl:* 0666 root sys
+marvell88sx:* 0644 root sys
+rtls:* 0666 root sys
+clone:rtls 0666 root sys
+iwi:* 0666 root sys
+clone:iwi 0666 root sys
+arcmsr:* 0600 root sys
+hxge:* 0600 root sys
+cpc:shared 0666 root sys
+emlxs:* 0666 root sys
+oce:* 0666 root sys
+tavor:* 0666 root sys
+zfs:* 0600 root sys
+zfs:zfs 0666 root sys
+iscsit:* 0600 root sys
+dnet:* 0666 root sys
+clone:dnet 0666 root sys
+elxl:* 0666 root sys
+clone:elxl 0666 root sys
+iprb:* 0666 root sys
+clone:iprb 0666 root sys
+pcn:* 0666 root sys
+clone:pcn 0666 root sys
+sfe:* 0666 root root
+chxge:* 0666 root sys
+clone:chxge 0666 root sys
+av1394:* 0600 root sys
+vscan:* 0640 root sys
+si3124:* 0644 root sys
+nge:* 0666 root sys
+clone:nge 0666 root sys
 asy:* 0666 root sys
 asy:*,cu 0600 uucp uucp
-md:* 0640 root sys
-md:admin 0644 root sys
+cmdk:* 0640 root sys
+ecpp:* 0666 root sys
+fd:* 0666 root sys
+fct:* 0666 root sys
+pppt:* 0666 root sys
+qlt:* 0666 root sys
+stmf:* 0666 root sys
+stmf_sbd:* 0666 root sys
+bpf:bpf 0666 root sys
+ib:* 0644 root sys
+sdhost:* 0644 root root
+vboxdrv:'* 0666 root sys'
+vboxusbmon:'* 0666 root sys'
+blkdev:* 0640 root root
+ibp:* 0666 root sys
+clone:ibp 0666 root sys
+ipmi:ipmi 0600 root sys
+lx_ptm:lx_ptmajor 0666 root sys
+lx_systrace:* 0644 root sys
+inotify:* 0666 root sys
+skd:* 0600 root sys
+eventfd:* 0666 root sys
+timerfd:* 0666 root sys
+signalfd:* 0666 root sys
+iwn:* 0666 root sys
+clone:iwn 0666 root sys
diff --git a/usr/src/uts/intel/os/name_to_major b/usr/src/uts/intel/os/name_to_major
index 1fb86f9a50..e7fe60a8ab 100644
--- a/usr/src/uts/intel/os/name_to_major
+++ b/usr/src/uts/intel/os/name_to_major
@@ -2,4 +2,310 @@ md 85
 devinfo 88
 asy 106
 did 239
+dump 0
+fssnap 1
+kstat 2
+ksyms 3
+logindmux 4
+ptm 5
+pts 6
+aggr 7
+arp 8
+bl 9
+clone 10
+conskbd 11
+bridge 12
+cn 13
+consms 14
+cpuid 15
+crypto 16
+cryptoadm 17
+dld 18
+dlpistub 19
+icmp 20
+icmp6 21
+ip 22
+ip6 23
+ipnet 24
+ippctl 25
+ipsecah 26
+ipsecesp 27
+iptun 28
+bnx 29
+iwscn 30
+kb8042 31
+keysock 32
+kmdb 33
+kssl 34
+llc1 35
+lofi 36
+log 37
+mm 38
+mouse8042 39
+nulldriver 40
+openeepr 41
+options 42
+ptc 43
+poll 44
+physmem 45
+pseudo 46
+ptsl 47
+rts 48
+random 49
+sad 50
+scsi_vhci 51
+kvm 52
+simnet 54
+sgen 55
+softmac 56
+spdsock 57
+st 58
+sy 59
+sysevent 60
+sysmsg 61
+tcp 62
+tcp6 63
+tl 64
+udp 65
+vnic 66
+udp6 67
+wc 68
+acpi_drv 69
+bscbus 70
+bscv 71
+cpunex 72
+i8042 73
+intel_nb5000 74
+intel_nhm 75
+intel_nhmex 76
+mc-amd 77
+mpt 78
+pci_pci 79
+pcieb 80
+power 81
+ramdisk 82
+sd 83
+smbios 84
+tzmon 86
+ucode 87
+vgatext 89
+zfs 90
+pool 91
+zcons 92
+bnxe 93
+cpqary3 94
+hci1394 95
+audio 96
+audio1575 97
+audioens 98
+audiopci 99
+audiots 100
+audio810 101
+adpu320 102
+afe 103
+amd64_gart 104
+agpgart 105
+agptarget 107
+ahci 108
+amd8111s 109
+amr 110
+heci 111
+arcmsr 112
+atge 113
+bcm_sata 114
+bfe 115
+bge 116
+acpippm 117
+amd_iommu 118
+balloon 119
+cpudrv 120
+evtchn 121
+domcaps 122
+isa 123
+pit_beep 124
+npe 125
+ppm 126
+rootnex 127
+pci 128
+privcmd 129
+acpinex 130
+ehci 131
+hid 132
+hubd 133
+hwahc 134
+hwarc 135
+ohci 136
+scsa2usb 137
+uhci 138
+usb_ac 139
+usb_as 140
+usb_ia 141
+usb_mid 142
+usbprn 143
+wusb_ca 144
+wusb_df 145
+xpvtap 146
+xdb 147
+xdf 148
+xencons 149
+xnbe 150
+xnbu 151
+xpvd 152
+xnf 153
+xnbo 154
+xenbus 155
+ce 156
+chxge 157
+cpc 158
+srn 159
+ioat 160
+dmfe 161
+i915 162
+dtrace 163
+dcpc 164
+fasttrap 165
+fbt 166
+profile 167
+lockstat 168
+sdt 169
+systrace 170
+emlxs 171
+oce 172
+fcp 173
+fp 174
+fcip 175
+fcsm 176
+fipe 177
+fm 178
+dcam1394 179
+hme 180
+hxge 181
+ib 182
+sdpib 183
+sdp 184
+igb 185
+e1000g 186
+ipf 187
+iscsi 189
+iser 190
+ixgb 191
+ixgbe 192
+bpf 193
+lsimega 194
+vioif 195
+overlay 196
+mpt_sas 198
+mr_sas 199
+mega_sas 200
+marvell88sx 201
+mwl 202
+mxfe 203
+myri10ge 204
+nge 205
+ntxn 206
+nv_sata 207
+nxge 208
+pcn 209
+dnet 210
+elxl 211
+iprb 212
+pcs 213
+pcic 214
+pcser 215
+glm 216
+pm 217
+pmcs 218
+sppp 219
+sppptun 220
+fd 221
+fdc 222
+ecpp 223
+cmdk 225
+pci-ide 226
+ata 227
+pcata 228
+qlc 229
+qlge 230
+rge 231
+rpcib 232
+rtls 233
+rum 234
+scsa1394 235
+sdhost 237
+ses 238
+sfe 240
+si3124 241
+nsmb 242
+smp 243
+tavor 244
+tpm 245
+usbsacm 246
+daplt 247
+usbser_edge 248
+usbftdi 249
+ugen 250
+usbsksp 251
+usbsprl 252
+audiovia823x 253
+vr 254
+xge 255
+xpv 256
+yge 257
+zyd 258
+fct 259
+stmf 260
+stmf_sbd 261
+pppt 262
+qlt 263
+ibp 264
+blkdev 265
+smbsrv 266
+aac 267
+xsvc 268
+vioblk 53
+iscsit 269
 vmxnet 270
+ipd 188
+tap 271
+tun 272
+ipmi 273
+dr_sas 274
+t4nex 275
+cxgbe 276
+virtio 277
+usbgem 278
+axf 279
+udmf 280
+upf 281
+urf 282
+vnd 283
+lx_ptm 284
+lx_systrace 286
+nfp 287
+inotify 288
+skd 289
+eventfd 290
+zfd 291
+timerfd 292
+signalfd 293
+nvme 294
+lxautofs 295
+i40e 296
+sfxge 297
+pvscsi 298
+vmxnet3s 299
+smrt 300
+iwn 301
+xhci 302
+qede 303
+buildstamp 304
+vmm 305
+viona 306
+ppt 307
+coretemp 308
+amdf17nbdf 309
+pchtemp 310
+ufm 311
+ufmtest 312
+imcstub 313
+imc 314
diff --git a/usr/src/uts/intel/os/path_to_inst b/usr/src/uts/intel/os/path_to_inst
index 180715f4cd..9853ae8e23 100644
--- a/usr/src/uts/intel/os/path_to_inst
+++ b/usr/src/uts/intel/os/path_to_inst
@@ -1 +1,3 @@
-#path_to_inst_bootstrap_1
+#
+#	Caution! This file contains critical kernel state
+#