Glad it's working for you!
A significant reduction in complexity. However, and the reason for my delay in replying. Magic happened! I was now transmitting data which crossed jail barriers (from b3 "named" to b2 "named logging"). I needed to consult with one of the FreeBSD developers to ensure that a security hole wasn't occurring. :)
Well, that's also what you were doing with your former b3:named2 and b3:named-log2, except you were transmitting the data via a named pipe created in your run script explicitly instead of an anonymous pipe created by s6-rc implicitly. The integrated pipe feature does not touch your security model at all; if you were to consult with a FreeBSD developer, you needed to do it before making the change. :)
It appears (and I'm assuming) that s6 uses pseudo terminal sub-system to communicate. In this specific case below, per pts/3
No, s6 does not use pseudo-terminals at all; all it does is let processes inherit fds from their parent. In your case, /dev/pts/3 seems to be s6-svscan's stdout and stderr; if you don't want to have pseudo-terminals, you should check the script that launches your supervision tree, and redirect s6-svscan's outputs accordingly. -- Laurent
