By default, don't allow processes in a jail to list the set of

jails in the system.  Previous behavior (allowed) may be restored
by setting security.jail.list_allowed=1.

sys/kern/kern_jail.c

@@ -59,6 +59,11 @@ SYSCTL_INT(_security_jail, OID_AUTO, getfsstate_getfsstatroot_only, CTLFLAG_RW,
     &jail_getfsstatroot_only, 0,
     "Processes see only their root file system in getfsstat()");
 
+int	jail_list_allowed = 0;
+SYSCTL_INT(_security_jail, OID_AUTO, list_allowed, CTLFLAG_RW,
+    &jail_list_allowed, 0,
+    "Processes in jail can access system jail list");
+
 /* allprison, lastprid, and prisoncount are protected by allprison_mtx. */
 struct	prisonlist allprison;
 struct	mtx allprison_mtx;
@@ -446,6 +451,8 @@ sysctl_jail_list(SYSCTL_HANDLER_ARGS)
 	int count, error;
 
 	mtx_assert(&Giant, MA_OWNED);
+	if (jailed(req->td->td_ucred) && !jail_list_allowed)
+		return (0);
 retry:
 	mtx_lock(&allprison_mtx);
 	count = prisoncount;