rc.subr: add new sysv option for service jails

Clarify that the "sysvipc" svcj option inherits from the host / parent.
Add "sysvipcnew" which creates a new SysV namespace for the service
jail.
Sanity check that only one of them is used.

libexec/rc/rc.subr

@@ -1219,6 +1219,7 @@ run_rc_command()
 	if [ -n "$_svcj_options" ]; then	# translate service jail options
 		_svcj_cmd_options=""
 
+		_svcj_sysvipc_x=0
 		for _svcj_option in $_svcj_options; do
 			case "$_svcj_option" in
 				mlock)
@@ -1243,8 +1244,13 @@ run_rc_command()
 					_svcj_cmd_options="allow.nfsd enforce_statfs=1 ${_svcj_cmd_options}"
 					;;
 				sysvipc)
+					_svcj_sysvipc_x=$((${_svcj_sysvipc_x} + 1))
 					_svcj_cmd_options="sysvmsg=inherit sysvsem=inherit sysvshm=inherit  ${_svcj_cmd_options}"
 					;;
+				sysvipcnew)
+					_svcj_sysvipc_x=$((${_svcj_sysvipc_x} + 1))
+					_svcj_cmd_options="sysvmsg=new sysvsem=new sysvshm=new ${_svcj_cmd_options}"
+					;;
 				vmm)
 					_svcj_cmd_options="allow.vmm ${_svcj_cmd_options}"
 					;;
@@ -1253,6 +1259,11 @@ run_rc_command()
 					;;
 			esac
 		done
+		if [ ${_svcj_sysvipc_x} -gt 1 ]; then
+			echo -n "ERROR: more than one sysvipc option is "
+			echo "specified in ${name}_svcj_options: $_svcj_options"
+			return 1
+		fi
 	fi
 
 	[ -z "$autoboot" ] && eval $_pidcmd	# determine the pid if necessary

share/man/man5/rc.conf.5

@@ -4977,8 +4977,11 @@ to them.
 .It nfsd
 Allows to run nfsd and affiliated daemons.
 .It sysvipc
-Allows access to SysV semaphores, SysV shared memory and
-SysV messages.
+Inherits the SysV semaphores, SysV shared memory and
+SysV messages from the host or the parent jail.
+.It sysvipcnew
+Creates a new namespace for SysV semaphores, SysV shared memory
+and SysV messages for this particular service jail.
 .It vmm
 Allows access to
 .Xr vmm 4 .
@@ -4988,6 +4991,7 @@ is enabled in the kernel.
 .El
 
 All non-network options can be combined with all other options.
+From the SysV options only one option can be specified.
 
 If the
 .Ao Ar name Ac Ns Va _svcj