@david_chisnall @doerk @winterschon @matt we need a supervisor, but it doesn't need to eat DNS, NTP, automounter, and other things like systemd has.

Services should be started under a new JID so they act like cgroups. I've toyed with this and it can be retrofitted into /etc/rc much like how we allow us to wrap services with things like protect(1) / sshd_oomprotect="YES" style declaration but we'll want more control and doing this in shell is not fun. And if this lands we'll also want to tag the jails with some kind of metadata so they do not show up by default under "jls" output so it's more obvious which jails are real jails you created and which are magical jails that exist for services