allow.chflags for jails
The manpage reads:
Normally, privileged users inside a jail are treated as unprivileged by chflags(2). When this parameter is set, such users are treated as privileged, and may manipulate system file flags subject to the usual constraints on kern.securelevel.
It is not really clear what the security implecations of this are inside a jail.