RELNOTES and UPDATING: Document the new policy on read(2) of dirfd

These changes have been completely flushed as of r361799; note it.

RELNOTES

@@ -10,8 +10,17 @@ newline.  Entries should be separated by a newline.
 
 Changes to this file should not be MFCed.
 
-r361238:
-	ZFS will now reject read(2) of a dirfd with EISDIR.
+r361238, r361798, r361799:
+	ZFS will now unconditionally reject read(2) of a directory with EISDIR.
+	Additionally, read(2) of a directory is now rejected with EISDIR by
+	default and may be re-enabled for non-ZFS filesystems that allow it with
+	the sysctl(8) MIB 'security.bsd.allow_read_dir'.
+
+	Aliases for grep to default to '-d skip' may be desired if commonly
+	non-recursively grepping a list that includes directories and the
+	possibility of EISDIR errors in stderr is not tolerable.  Example
+	aliases, commented out, have been installed in /root/.cshrc and
+	/root/.shrc.
 
 r361066:
 	Add exec.prepare and exec.release hooks for jail(8) and jail.conf(5).

UPDATING

@@ -26,6 +26,18 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW:
 	disable the most expensive debugging functionality run
 	"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
 
+20200604:
+	read(2) of a directory fd is now rejected by default.  root may
+	re-enable it for system root only on non-ZFS filesystems with the
+	security.bsd.allow_read_dir sysctl(8) MIB if
+	security.bsd.suser_enabled=1.
+
+	It may be advised to setup aliases for grep to default to `-d skip` if
+	commonly non-recursively grepping a list that includes directories and
+	the potential for the resulting stderr output is not tolerable.  Example
+	aliases are now installed, commented out, in /root/.cshrc and
+	/root/.shrc.
+
 20200523:
 	Clang, llvm, lld, lldb, compiler-rt, libc++, libunwind and openmp have
 	been upgraded to 10.0.1.  Please see the 20141231 entry below for