That’s a fair take, yes. Ilja said that the entire subsystem for Linux on FreeBSD is also jail aware, but he didn’t even begin to look into that.

His process is briefly touched on in the talk. If I understood correctly he compiled a list of the most common jail privilege flags that exist and then searched the FreeBSD source code for those, investigating the code in those places. No automated tooling was used, this was just done by reading the source code. Which Ilja has been doing as “light bed time reading” :p for as long as I’ve known him (25+ years).