rc.d: Fix NFS server startup scripts to enable vnet prison use

Now that commit cbbb22031f is in main,
it is possible to run nfsd(8), nfsuserd(8), mountd(8),
gssd(8) and rpc.tlsservd(8) in an appropriately configured vnet
prison if the "allow.nfsd" option is specified in jail.conf.

This patch fixes the rc scripts for this.
Mostly just replaces the "nojail" KEYWORD with "nojailvnet",
but also avoids setting vfs.nfsd.srvmaxio in a prison, since it
must be set outside of the prisons and applies to all
nfsd(8) instances.

Reviewed by:	jamie
MFC after:	3 months
Differential Revision:	https://reviews.freebsd.org/D38809

libexec/rc/rc.d/gssd

@@ -6,7 +6,7 @@
 # PROVIDE: gssd
 # REQUIRE: root mountcritlocal NETWORKING kdc
 # BEFORE: mountcritremote
-# KEYWORD: nojail shutdown
+# KEYWORD: nojailvnet shutdown
 
 . /etc/rc.subr
 

libexec/rc/rc.d/mountd

@@ -5,7 +5,7 @@
 
 # PROVIDE: mountd
 # REQUIRE: NETWORKING rpcbind quota mountlate
-# KEYWORD: nojail shutdown
+# KEYWORD: nojailvnet shutdown
 
 . /etc/rc.subr
 

libexec/rc/rc.d/nfsd

@@ -5,7 +5,7 @@
 
 # PROVIDE: nfsd
 # REQUIRE: mountcritremote mountd hostname gssd nfsuserd
-# KEYWORD: nojail shutdown
+# KEYWORD: nojailvnet shutdown
 
 . /etc/rc.subr
 
@@ -28,7 +28,7 @@ nfsd_precmd()
 	# oids are available.
 	load_kld nfsd || return 1
 
-	if [ -n "${nfs_server_maxio}" ]; then
+	if [ -n "${nfs_server_maxio}" ] && ! check_jail jailed; then
 		if ! sysctl vfs.nfsd.srvmaxio=${nfs_server_maxio} >/dev/null; then
 			warn "Failed to set server max I/O"
 		fi

libexec/rc/rc.d/nfsuserd

@@ -5,7 +5,7 @@
 
 # PROVIDE: nfsuserd
 # REQUIRE: NETWORKING
-# KEYWORD: nojail shutdown
+# KEYWORD: nojailvnet shutdown
 
 . /etc/rc.subr
 

libexec/rc/rc.d/tlsservd

@@ -6,7 +6,7 @@
 # PROVIDE: tlsservd
 # REQUIRE: NETWORKING root mountcritlocal sysctl
 # BEFORE: nfsd
-# KEYWORD: nojail shutdown
+# KEYWORD: nojailvnet shutdown
 
 . /etc/rc.subr