=== Jail metadata feature

Links: +
link:https://cgit.freebsd.org/src/commit/?id=30e6e008bc06385a66756bebb41676f4f9017eca[The main commit] URL: link:https://cgit.freebsd.org/src/commit/?id=30e6e008bc06385a66756bebb41676f4f9017eca[]

Contact: Igor Ostapenko <igoro@FreeBSD.org> +
Contact: Dave Cottlehuber <dch@FreeBSD.org>

The `meta` and `env` new parameters of man:jail[8] have been introduced.
Each one is an arbitrary string associated with a jail.
It can be set upon jail creation or added/modified later:

  # jail -cm ... meta="tag1=value1 tag2=value2" env="configuration"

The values are not inherited from the parent jail.
A parent jail can read both metadata parameters, while a child jail can read only `env` via the newly added `security.jail.env` sysctl.

The maximum size of `meta` or `env` per jail is controlled by the global `security.jail.meta_maxbufsize` sysctl.
Decreasing it does not alter the existing meta information.

Each metadata buffer can optionally be handled as a set of `key=value\n` strings:

  # jail -cm ... meta="$(echo k1=v1; echo k2=v2)" env.1=one
  # jls meta.k2 env.1 meta.k1

While `meta.k1=""` or `meta.k1=` resets the value to an empty string, the `meta.k1` without the equal sign removes the given key.
The flua's libjail has been updated respectively to support the key-based handling.

Sponsor: SkunkWerks GmbH