diff --git a/libexec/rc/rc.d/gssd b/libexec/rc/rc.d/gssd
index 79dbf10ca575..8d67a3689b3c 100755
--- a/libexec/rc/rc.d/gssd
+++ b/libexec/rc/rc.d/gssd
@@ -1,18 +1,18 @@
 #!/bin/sh
 #
 # $FreeBSD$
 #
 
 # PROVIDE: gssd
 # REQUIRE: root mountcritlocal NETWORKING kdc
 # BEFORE: mountcritremote
-# KEYWORD: nojail shutdown
+# KEYWORD: nojailvnet shutdown
 
 . /etc/rc.subr
 
 name=gssd
 desc="Generic Security Services Daemon"
 rcvar=gssd_enable
 
 load_rc_config $name
 run_rc_command "$1"
diff --git a/libexec/rc/rc.d/mountd b/libexec/rc/rc.d/mountd
index d75416736245..69391fe78e47 100755
--- a/libexec/rc/rc.d/mountd
+++ b/libexec/rc/rc.d/mountd
@@ -1,72 +1,72 @@
 #!/bin/sh
 #
 # $FreeBSD$
 #
 
 # PROVIDE: mountd
 # REQUIRE: NETWORKING rpcbind quota mountlate
-# KEYWORD: nojail shutdown
+# KEYWORD: nojailvnet shutdown
 
 . /etc/rc.subr
 
 name="mountd"
 desc="Service remote NFS mount requests"
 rcvar="mountd_enable"
 command="/usr/sbin/${name}"
 pidfile="/var/run/${name}.pid"
 required_files="/etc/exports"
 start_precmd="mountd_precmd"
 extra_commands="reload"
 
 mountd_precmd()
 {
 
 	# Load the modules now, so that the vfs.nfsd sysctl
 	# oids are available.
 	load_kld nfsd || return 1
 
 	# Do not force rpcbind to be running for an NFSv4 only server.
 	#
 	if checkyesno nfsv4_server_only; then
 		echo 'NFSv4 only server'
 		sysctl vfs.nfsd.server_min_nfsvers=4 > /dev/null
 		sysctl vfs.nfsd.server_max_nfsvers=4 > /dev/null
 		rc_flags="${rc_flags} -R"
 	else
 		force_depend rpcbind || return 1
 		if checkyesno nfsv4_server_enable; then
 			sysctl vfs.nfsd.server_max_nfsvers=4 > /dev/null
 		else
 			sysctl vfs.nfsd.server_max_nfsvers=3 > /dev/null
 		fi
 	fi
 
 	# mountd flags will differ depending on rc.conf settings
 	#
 	if checkyesno nfs_server_enable || checkyesno nfsv4_server_only; then
 		if checkyesno weak_mountd_authentication; then
 			if checkyesno nfsv4_server_only; then
 				echo -n 'weak_mountd_authentication '
 				echo -n 'incompatible with nfsv4_server_only, '
 				echo 'ignored'
 			else
 				rc_flags="${rc_flags} -n"
 			fi
 		fi
 	else
 		if checkyesno mountd_enable; then
 			checkyesno weak_mountd_authentication && rc_flags="-n"
 		fi
 	fi
 
 	if checkyesno zfs_enable; then
 		rc_flags="${rc_flags} /etc/exports /etc/zfs/exports"
 	fi
 
 	rm -f /var/db/mountdtab
 	( umask 022 ; > /var/db/mountdtab ) ||
 	    err 1 'Cannot create /var/db/mountdtab'
 }
 
 load_rc_config $name
 run_rc_command "$1"
diff --git a/libexec/rc/rc.d/nfsd b/libexec/rc/rc.d/nfsd
index b746cf7cea9d..6c2d5c22d963 100755
--- a/libexec/rc/rc.d/nfsd
+++ b/libexec/rc/rc.d/nfsd
@@ -1,65 +1,65 @@
 #!/bin/sh
 #
 # $FreeBSD$
 #
 
 # PROVIDE: nfsd
 # REQUIRE: mountcritremote mountd hostname gssd nfsuserd
-# KEYWORD: nojail shutdown
+# KEYWORD: nojailvnet shutdown
 
 . /etc/rc.subr
 
 name="nfsd"
 desc="Remote NFS server"
 rcvar="nfs_server_enable"
 command="/usr/sbin/${name}"
 nfs_server_vhost=""
 
 load_rc_config $name
 start_precmd="nfsd_precmd"
 sig_stop="USR1"
 
 nfsd_precmd()
 {
 	local	_vhost
 	rc_flags="${nfs_server_flags}"
 
 	# Load the modules now, so that the vfs.nfsd sysctl
 	# oids are available.
 	load_kld nfsd || return 1
 
-	if [ -n "${nfs_server_maxio}" ]; then
+	if [ -n "${nfs_server_maxio}" ] && ! check_jail jailed; then
 		if ! sysctl vfs.nfsd.srvmaxio=${nfs_server_maxio} >/dev/null; then
 			warn "Failed to set server max I/O"
 		fi
 	fi
 
 	if checkyesno nfs_reserved_port_only; then
 		echo 'NFS on reserved port only=YES'
 		sysctl vfs.nfsd.nfs_privport=1 > /dev/null
 	else
 		sysctl vfs.nfsd.nfs_privport=0 > /dev/null
 	fi
 
 	if checkyesno nfs_server_managegids; then
 		force_depend nfsuserd || err 1 "Cannot run nfsuserd"
 	fi
 
 	if checkyesno nfsv4_server_enable; then
 		sysctl vfs.nfsd.server_max_nfsvers=4 > /dev/null
 	elif ! checkyesno nfsv4_server_only; then
 		echo 'NFSv4 is disabled'
 		sysctl vfs.nfsd.server_max_nfsvers=3 > /dev/null
 	fi
 
 	if ! checkyesno nfsv4_server_only; then
 		force_depend rpcbind || return 1
 	fi
 
 	force_depend mountd || return 1
 	if [ -n "${nfs_server_vhost}" ]; then
 		command_args="-V \"${nfs_server_vhost}\""
 	fi
 }
 
 run_rc_command "$1"
diff --git a/libexec/rc/rc.d/nfsuserd b/libexec/rc/rc.d/nfsuserd
index 804b1243a4c4..6c9293a52c09 100755
--- a/libexec/rc/rc.d/nfsuserd
+++ b/libexec/rc/rc.d/nfsuserd
@@ -1,29 +1,29 @@
 #!/bin/sh
 #
 # $FreeBSD$
 #
 
 # PROVIDE: nfsuserd
 # REQUIRE: NETWORKING
-# KEYWORD: nojail shutdown
+# KEYWORD: nojailvnet shutdown
 
 . /etc/rc.subr
 
 name="nfsuserd"
 desc="Load user and group information into the kernel for NFSv4 services and support manage-gids for all NFS versions"
 rcvar="nfsuserd_enable"
 command="/usr/sbin/${name}"
 sig_stop="USR1"
 
 load_rc_config $name
 start_precmd="nfsuserd_precmd"
 
 nfsuserd_precmd()
 {
 	if checkyesno nfs_server_managegids; then
 		rc_flags="-manage-gids ${nfsuserd_flags}"
 	fi
 	return 0
 }
 
 run_rc_command "$1"
diff --git a/libexec/rc/rc.d/tlsservd b/libexec/rc/rc.d/tlsservd
index cca28ed60ffe..95a62060fe32 100755
--- a/libexec/rc/rc.d/tlsservd
+++ b/libexec/rc/rc.d/tlsservd
@@ -1,25 +1,25 @@
 #!/bin/sh
 #
 # $FreeBSD$
 #
 
 # PROVIDE: tlsservd
 # REQUIRE: NETWORKING root mountcritlocal sysctl
 # BEFORE: nfsd
-# KEYWORD: nojail shutdown
+# KEYWORD: nojailvnet shutdown
 
 . /etc/rc.subr
 
 name="tlsservd"
 desc="NFS over TLS server side daemon"
 rcvar="tlsservd_enable"
 command="/usr/sbin/rpc.${name}"
 
 pidfile="/var/run/rpc.${name}.pid"
 required_files="/etc/rpc.tlsservd/cert.pem /etc/rpc.tlsservd/certkey.pem"
 extra_commands="reload"
 
 
 load_rc_config $name
 
 run_rc_command "$1"