Jail parameter patch: disable/new/inherit

[Jamie Gritton]

There's a patch to Current at http://gritton.org/freebsd/triple.diff
that makes some small changes to the new parameter based jail system.
I invite any interested in the future direction of jails to review it
before it goes in (hopefully in the next day or two).

This patch deals with jailed subsystems that may or may not be
virtualized.  At first, there was a boolean to describe this
situation: for example in the VIMAGE kernels, the setting "vnet"
parameter would create a jail with a virtual network stack.

But there's more than just virtual or not.  In particular there are
three things that can be done with a particular subsystem:

"disable": Don't use the subsystem at all in a jail.  For example, if
you create a jail with "ip6=disable", that jail won't be able to use
IPv6 sockets, as if it were a system without INET6 defined in the
kernel.

"new": Create a new virtual instance of the subsystem in the jail.
What constitutes a new instance will vary, but it generally means the
jail is treated in some way different from the rest of the system.
Setting "ip6=new" will restrict IPv6 addresses (to the contents of the
list specified by "ip6.addr" which should also be set).  Setting
"host=new" will let a jail set its own hostname (and related data)
separately from the rest of the system.  Setting "vnet=new" will
create a new network stack for the jail.

"inherit": This is the default state, and means the jail is treated
the same as the rest of the system.  There's no difference between a
jailed and non-jailed process as far as that subsystem is concerned.
A jail with "ip6=inherit" would allow the full use of the available
IPv6 addresses.

As yet, this is just a structural/name change.  It will become
important as other features are added to the jail system, including
any modules that want to have jail support.

- Jamie