run-jail.py with the dictionary jail_flags self.jail_flags = {

              "allow-dev-read": "-d",
              "allow-dev-write": "-D",
              "allow-external-ipc": "-i",
              "allow-all-net-family": "-n",
              "allow-inet-raw": "-r",
              "allow-tty-open": "-t",
              "allow-inet-localhost": "-o",
              "allow-dev-get-status": "-e",
              "allow-dev-mod-system": "-E",
              "allow-mount": "-u",
              "allow-suid": "-s",
              "allow-ipc-parent": "-P",
              "allow-ipc-syslog": "-y",
              "this-is-syslog": "-Y",
              "verbose": "-v",
              "private-namespace": "-N"
              }

rsbac_jail flags_options:

 \- only for wiki to display it correct
 -i = allow access to IPC outside this jail,
 -P = allow access to IPC in the parent jail,
 -y = allow access to IPC in the syslog jail,
 -Y = this is the syslog jail,
 -n = allow all network families, not only UNIX and INET (IPv4),
 -r = allow INET (IPv4) raw sockets (e.g. for ping),
 -a = auto-adjust INET any address 0.0.0.0 to jail address, if set,
 -o = additionally allow to/from remote INET (IPv4) address 127.0.0.1
 -d = allow read access on devices
 -D = allow write access on devices
 -e = allow GET_STATUS_DATA on devices
 -E allow MODIFY_SYSTEM_DATA
 -t = allow *_OPEN on tty devices
 -s = allow to create with / set mode to suid
 -u = allow to mount/umount