>It provides a similar function as FreeBSD's jail(8) utility while being significantly more flexible. The package provides jail(1), a drop-in replacement of FreeBSD's jail(8)
It's my understanding that it's not fixable without some help from the kernel. The fundamental problem is that a program can race ahead of a userspace syscall policy enforcement framework (i.e. sysjail) by trapping to the kernel directly. The authors identify several ways this can be exploited to gain privileged information or invoke syscalls the OS allows but the framework tries to prevent.
Did some quick googling. Yes apperently as of 2009 it was unfixed. Seems the problem is with systrace over arching architecure OR how the kernel works with systrace.
>It provides a similar function as FreeBSD's jail(8) utility while being significantly more flexible. The package provides jail(1), a drop-in replacement of FreeBSD's jail(8)
http://sysjail.bsd.lv/