Links:
rc-article part for Service Jails URL: https://docs.freebsd.org/en/articles/rc-scripting/#rcng-service-jails
service jail patches for ports in our bugtracker URL: https://bugs.freebsd.org/bugzilla/buglist.cgi?quicksearch=service+jail+aware

Contact: Alexander Leidinger <netchild@FreeBSD.org>

Service jails extend the rc(8) system to allow automatic jailing of rc.d services. A service jail inherits the filesystem of the parent host or jail, but uses all other limits of the jail (process visibility, restricted network access, filesystem mounting permissions, sysvipc, …​) by default. Additional configuration allows inheritance of the IPs of the parent, sysvipc, memory page locking, and use of the bhyve virtual machine monitor (vmm(4)).

Since the last report several ports have been modified to come with a service jail config. Out of about 1460 start scripts in the ports collection, about 80 start scripts are changed. Prominent examples out of those are postgresql, DNS servers, FTP servers, PHP, dovecot, postfix, rspamd, amavisd-new and clamav. Some more changes are waiting for a treatment by the corresponding port maintainers.

Any help in changing more start scripts (most of the time just one line to add) is welcome. If you want to help, you can check the bugtracker link above for changes which are already under review.