- Compile without /dev/kmem access. This requires a small patch which opens libkvm in a dummy mode which uses sysctls to implement most of its interfaces rather than /dev/kmem access. This way we can drop the dependency on /dev/kmem without rewriting existing code.
- Add a new snmpd user. Configure snmpd to drop privileges once it's finished initialization.
- Remove the JAIL option. Now that snmpd avoids using /dev/kmem, there's no need to have a special mode for running snmpd in jails.
The patch has been proposed upstream here:
https://sourceforge.net/p/net-snmp/mailman/net-snmp-coders/thread/ZjEwNV5BiTOQ-Adi%40nuc/#msg58766857
It seems to have a positive response, though hasn't been merged yet in
any form. I happy to do the work of reconciling the ports patch with
upstream if/when this lands upstream.