Index: lib/libc/sys/Makefile.inc
===================================================================
--- lib/libc/sys/Makefile.inc
+++ lib/libc/sys/Makefile.inc
@@ -46,6 +46,7 @@
 
 SRCS+= brk.c
 SRCS+= closefrom.c
+SRCS+= jail_attach.c
 SRCS+= pipe.c
 SRCS+= shm_open.c
 SRCS+= vadvise.c
Index: lib/libc/sys/Symbol.map
===================================================================
--- lib/libc/sys/Symbol.map
+++ lib/libc/sys/Symbol.map
@@ -410,6 +410,7 @@
 	fhreadlink;
 	getfhat;
 	funlinkat;
+	jail_attach2;
 	memfd_create;
 	shm_rename;
 };
Index: lib/libc/sys/jail_attach.c
===================================================================
--- /dev/null
+++ lib/libc/sys/jail_attach.c
@@ -0,0 +1,42 @@
+/*-
+ * SPDX-License-Identifier: BSD-2-Clause
+  *
+ * Copyright 2020 Pawel Biernacki, Mysterious Code Ltd.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+__weak_reference(__sys_jail_attach, jail_attach);
+__weak_reference(__sys_jail_attach, _jail_attach);
+
+extern int __sys_jail_attach2(int jid, int flags);
+
+int
+__sys_jail_attach(int jid)
+{
+
+	return (__sys_jail_attach2(jid, 0));
+}
Index: sys/compat/freebsd32/syscalls.master
===================================================================
--- sys/compat/freebsd32/syscalls.master
+++ sys/compat/freebsd32/syscalls.master
@@ -790,7 +790,7 @@
 433	AUE_THR_KILL	NOPROTO	{ int thr_kill(long id, int sig); }
 434	AUE_NULL	UNIMPL	nosys
 435	AUE_NULL	UNIMPL	nosys
-436	AUE_JAIL_ATTACH	NOPROTO	{ int jail_attach(int jid); }
+436	AUE_JAIL_ATTACH	COMPAT12|NOPROTO { int jail_attach(int jid); }
 437	AUE_EXTATTR_LIST_FD	NOPROTO	{ ssize_t extattr_list_fd(int fd, \
 				    int attrnamespace, void *data, \
 				    size_t nbytes); }
@@ -1164,5 +1164,5 @@
 				    char *buf, size_t size, int flags); }
 575	AUE_CLOSERANGE	NOPROTO	{ int close_range(u_int lowfd, u_int highfd, \
 				    int flags); }
-
+576	AUE_JAIL_ATTACH	NOPROTO	{ int jail_attach2(int jid, int flags); }
 ; vim: syntax=off
Index: sys/kern/kern_jail.c
===================================================================
--- sys/kern/kern_jail.c
+++ sys/kern/kern_jail.c
@@ -136,7 +136,8 @@
 LIST_HEAD(, prison_racct) allprison_racct;
 int	lastprid = 0;
 
-static int do_jail_attach(struct thread *td, struct prison *pr);
+static int kern_jail_attach(struct thread *td, int jid, int flags);
+static int do_jail_attach(struct thread *td, struct prison *pr, int flags);
 static void prison_complete(void *context, int pending);
 static void prison_deref(struct prison *pr, int flags);
 static char *prison_path(struct prison *pr1, struct prison *pr2);
@@ -1829,7 +1830,7 @@
 	/* Attach this process to the prison if requested. */
 	if (flags & JAIL_ATTACH) {
 		mtx_lock(&pr->pr_mtx);
-		error = do_jail_attach(td, pr);
+		error = do_jail_attach(td, pr, 0);
 		if (error) {
 			vfs_opterror(opts, "attach failed");
 			if (!created)
@@ -2321,13 +2322,38 @@
 	prison_deref(pr, deuref | PD_DEREF);
 }
 
+#if defined(COMPAT_FREEBSD12)
 /*
- * struct jail_attach_args {
+ * struct freebsd12_jail_attach_args {
  *	int jid;
  * };
  */
+
+int
+freebsd12_jail_attach(struct thread *td,
+    struct freebsd12_jail_attach_args *uap)
+{
+
+	return kern_jail_attach(td, uap->jid, 0);
+}
+#endif
+
+/*
+ * struct jail_attach2_args {
+ *	int jid;
+ *	int flags;
+ * };
+ */
 int
-sys_jail_attach(struct thread *td, struct jail_attach_args *uap)
+sys_jail_attach2(struct thread *td, struct jail_attach2_args *uap)
+{
+
+	return kern_jail_attach(td, uap->jid, uap->flags);
+}
+
+
+static int
+kern_jail_attach(struct thread *td, int jid, int flags)
 {
 	struct prison *pr;
 	int error;
@@ -2344,7 +2370,7 @@
 	 */
 	sx_xlock(&allprison_lock);
 	sx_downgrade(&allprison_lock);
-	pr = prison_find_child(td->td_ucred->cr_prison, uap->jid);
+	pr = prison_find_child(td->td_ucred->cr_prison, jid);
 	if (pr == NULL) {
 		sx_sunlock(&allprison_lock);
 		return (EINVAL);
@@ -2360,11 +2386,11 @@
 		return (EINVAL);
 	}
 
-	return (do_jail_attach(td, pr));
+	return (do_jail_attach(td, pr, flags));
 }
 
 static int
-do_jail_attach(struct thread *td, struct prison *pr)
+do_jail_attach(struct thread *td, struct prison *pr, int flags)
 {
 	struct proc *p;
 	struct ucred *newcred, *oldcred;
@@ -2391,9 +2417,17 @@
 	sx_sunlock(&allprison_lock);
 
 	/*
-	 * Reparent the newly attached process to this jail.
+	 * Reparent the newly attached process to this jail.  If any
+	 * recognised flags are set, apply them.
 	 */
 	p = td->td_proc;
+	PROC_LOCK(p);
+	if ((flags & JAIL_ATTACH_NOTRACE) != 0)
+		p->p_flag2 |= P2_NOTRACE;
+	if ((flags & JAIL_ATTACH_NOTRACE_EXEC) != 0)
+		p->p_flag2 |= P2_NOTRACE | P2_NOTRACE_EXEC;
+	PROC_UNLOCK(p);
+
 	error = cpuset_setproc_update_set(p, pr->pr_cpuset);
 	if (error)
 		goto e_revert_osd;
Index: sys/kern/syscalls.master
===================================================================
--- sys/kern/syscalls.master
+++ sys/kern/syscalls.master
@@ -2289,7 +2289,7 @@
 		);
 	}
 434-435	AUE_NULL	UNIMPL	nosys
-436	AUE_JAIL_ATTACH	STD {
+436	AUE_JAIL_ATTACH	COMPAT12 {
 		int jail_attach(
 		    int jid
 		);
@@ -3235,6 +3235,13 @@
 		);
 	}
 
+576	AUE_JAIL_ATTACH	STD {
+		int jail_attach2(
+		    int jid,
+		    int flags
+		);
+	}
+
 ; Please copy any additions and changes to the following compatability tables:
 ; sys/compat/freebsd32/syscalls.master
 ; vim: syntax=off
Index: sys/sys/jail.h
===================================================================
--- sys/sys/jail.h
+++ sys/sys/jail.h
@@ -106,6 +106,12 @@
 #define	JAIL_SYS_NEW		1
 #define	JAIL_SYS_INHERIT	2
 
+/*
+ * Flags for jail_attach2.
+ */
+#define	JAIL_ATTACH_NOTRACE		0x01
+#define	JAIL_ATTACH_NOTRACE_NOEXEC	0x02
+
 #ifndef _KERNEL
 
 struct iovec;
@@ -114,6 +120,7 @@
 int jail_set(struct iovec *, unsigned int, int);
 int jail_get(struct iovec *, unsigned int, int);
 int jail_attach(int);
+int jail_attach2(int, int);
 int jail_remove(int);
 
 #else /* _KERNEL */