diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr
--- a/libexec/rc/rc.subr
+++ b/libexec/rc/rc.subr
@@ -55,6 +55,7 @@
 _svcj_generic_params="path=/ mount.nodevfs host=inherit"
 JID=0
 CPUSET="/bin/cpuset"
+SETAUDIT="/usr/sbin/setaudit"
 
 # Cache the services that we loaded with load_rc_config.
 _loaded_services=""
@@ -933,6 +934,9 @@
 #				Meant to be used in /etc/rc.conf to override
 #				${command}.
 #
+#	${name}_audit_user n    Override the audit user for ${command},
+#				specified as a user name or UID.
+#
 #	${name}_chroot	n	Directory to chroot to before running ${command}
 #				Requires /usr to be mounted.
 #
@@ -1151,6 +1155,15 @@
 		_cpusetcmd="$CPUSET -l $_cpuset"
 	fi
 
+	eval _audit_user=\$${name}_audit_user
+	if [ -z "$_audit_user" -a -n "$audit_user" ]; then
+		_audit_user=$audit_user
+	fi
+	_setauditcmd=
+	if [ -n "$_audit_user" ]; then
+		_setauditcmd="setaudit -U -a $_audit_user"
+	fi
+
 	# If a specific jail has a specific svcj request, honor it (YES/NO).
 	# If not (variable empty), evaluate the global svcj catch-all.
 	# A global YES can be overriden by a specific NO, and a global NO is overriden
@@ -1515,6 +1528,7 @@
 				_doit="\
 ${_nice:+nice -n $_nice }\
 $_cpusetcmd \
+$_setauditcmd \
 ${_fib:+setfib -F $_fib }\
 ${_env:+env $_env }\
 chroot ${_user:+-u $_user }${_group:+-g $_group }${_groups:+-G $_groups }\
@@ -1524,7 +1538,9 @@
 				_doit="\
 ${_fib:+setfib -F $_fib }\
 ${_env:+env $_env }\
-$_cpusetcmd $command $rc_flags $command_args"
+$_cpusetcmd \
+$_setauditcmd \
+$command $rc_flags $command_args"
 				if [ -n "$_user" ]; then
 				    _doit="su -m $_user -c 'sh -c \"$_doit\"'"
 				fi