MAC label handling is a little special; to avoid being too disruptive,
we allocate a mac_t * here for the value so that we can mac_prepare()
or mac_from_text() into. As a result, we need:

• A custom free() handler to avoid leaking the *jp_value
• A custom jailparam_get() handler to mac_prepare() the mac_t and populate the iove properly, so that the kernel doesn't have to do something funky like copyin, dereference, copyin again.
• A custom jailparam_set() handler to similarly populate the iovec properly.