Index: etc/rc.d/jail
===================================================================
--- etc/rc.d/jail	(revision 194960)
+++ etc/rc.d/jail	(working copy)
@@ -41,7 +41,20 @@
 	eval _ip=\"\$jail_${_j}_ip\"
 	eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\"
 	eval _exec=\"\$jail_${_j}_exec\"
+	eval _params=\"\${jail_params} \$jail_${_j}_params\"
 
+	if checkyesno jail_set_hostname_allow ; then
+		_allow="allow.set_hostname"
+	else
+		_allow="allow.noset_hostname"
+	fi
+	if checkyesno jail_sysvipc_allow ; then
+		_allow="${_allow} allow.sysvipc"
+	fi
+	if ! checkyesno jail_socket_unixiproute_only ; then
+		_allow="${_allow} allow.socket_af"
+	fi
+
 	i=0
 	while : ; do
 		eval _exec_prestart${i}=\"\${jail_${_j}_exec_prestart${i}:-\${jail_exec_prestart${i}}}\"
@@ -132,6 +145,8 @@
 	debug "$_j procdir: $_procdir"
 	debug "$_j ruleset: $_ruleset"
 	debug "$_j fstab: $_fstab"
+	debug "$_j params: $_params"
+	debug "$_j allow: $_allow"
 
 	i=0
 	while : ; do
@@ -482,9 +497,21 @@
 		esac
 
 		# Append address to list of addresses for the jail command.
-		case "${_addrl}" in
-		"")	_addrl="${_addr}" ;;
-		*)	_addrl="${_addrl},${_addr}" ;;
+		case "${_type}" in
+		inet)	case "${_addr4l}" in
+			"")	_addr4l="${_addr}" ;;
+			*)	_addr4l="${_addr4l},${_addr}" ;;
+			esac
+			;;
+		inet6)	case "${_addr6l}" in
+			"")	_addr6l="${_addr}" ;;
+			*)	_addr6l="${_addr6l},${_addr}" ;;
+			esac
+			;;
+		*)	warn "Could not determine address family.  Not going" \
+			    "to ${_action} address '${_addr}' for ${_jail}."
+			continue
+			;;
 		esac
 
 		# Configure interface alias if requested by a given interface
@@ -492,14 +519,6 @@
 		case "${_iface}" in
 		"")	continue ;;
 		esac
-		case "${_type}" in
-		inet)	;;
-		inet6)	;;
-		*)	warn "Could not determine address family.  Not going" \
-			    "to ${_action} address '${_addr}' for ${_jail}."
-			continue
-			;;
-		esac
 		case "${_action}" in
 		add)	ifconfig ${_iface} ${_type} ${_addr}${_mask} alias
 			;;
@@ -566,8 +585,13 @@
 			echo -n " [${_hostname} already running (/var/run/jail_${_jail}.id exists)]"
 			continue;
 		fi
-		_addrl=""
+		_addr4l=""
+		_addr6l=""
 		jail_ips "add"
+		if [ ! -z "$_addr6l" ] || \
+			sysctl security.jail.param.ip6.addr 2>/dev/null ; then
+			_addr6l="ip6.addr=\"${_addr6l}\""
+		fi
 		if [ -n "${_fib}" ]; then
 			_setfib="setfib -F '${_fib}'"
 		else
@@ -635,8 +659,10 @@
 			i=$((i + 1))
 		done
 
-		eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \
-			\"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1
+		eval ${_setfib} jail -ci ${_flags} name=$_jail ${_allow} \
+			${_params} path=${_rootdir} host.hostname=${_hostname} \
+			ip4.addr=\"${_addr4l}\" ${_addr6l} \
+			command=${_exec_start} > ${_tmp_jail} 2>&1
 
 		if [ "$?" -eq 0 ] ; then
 			_jail_id=$(head -1 ${_tmp_jail})
@@ -699,9 +725,9 @@
 				fi
 				killall -j ${_jail_id} -TERM > /dev/null 2>&1
 				sleep 1
-				killall -j ${_jail_id} -KILL > /dev/null 2>&1
+				jail -r ${_jail_id} > /dev/null 2>&1
 				jail_umount_fs
-				echo -n " $_hostname"
+				echo -n " $_jail"
 
 				i=0
 				while : ; do
Index: etc/defaults/rc.conf
===================================================================
--- etc/defaults/rc.conf	(revision 194960)
+++ etc/defaults/rc.conf	(working copy)
@@ -650,6 +650,7 @@
 #jail_example_mount_enable="NO"			# mount/umount jail's fs
 #jail_example_fstab=""				# fstab(5) for mount/umount
 #jail_example_flags="-l -U root"		# flags for jail(8)
+#jail_example_params="persist securelevel=1"	# further parameters for jail(8)
 
 ##############################################################
 ### Define source_rc_confs, the mechanism used by /etc/rc.* ##