https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259770
--- Comment #8 from Fabian Keil <f...@fabiankeil.de> --- (In reply to Kyle Evans from comment #7) D'oh. Thanks, Kyle. Somehow I was under the impression that CLOEXEC would apply to forks as well but obviously it does not. Calling "pidfile_close(pfh)" before "g_gate_drop_privs()" lets jail(2) succeed: [fk@steffen ~]$ sysctl kern.pwd_chroot_chdir_check_open_directories kern.pwd_chroot_chdir_check_open_directories: 1 [fk@steffen ~]$ sudo ggated -v -j info: Listen on port: 3080. debug: Privileges successfully dropped using jail+setgid+setuid. -- You are receiving this mail because: You are on the CC list for the bug.