allow.chflags for jails
The manpage reads:
Normally, privileged users inside a jail are treated as
unprivileged by chflags(2). When this parameter is set,
such users are treated as privileged, and may manipulate
system file flags subject to the usual constraints on
kern.securelevel.
It is not really clear what the security implecations of this are inside a jail.