FreeBSD Jails or Docker instances
up vote
10
down vote
favorite
What are the main differences between jails on FreeBSD and Docker on Linux? Is one considerably more secure or more performant than the other? Jails are way older than Docker instances so the code itself could be considered more secure. But Jails never "catched on" so perhaps it's not as good as Docker instances? Or is that just because Linux is so much more popular than FreeBSD?
docker freebsd jail
New contributor
add a comment |
up vote
10
down vote
favorite
What are the main differences between jails on FreeBSD and Docker on Linux? Is one considerably more secure or more performant than the other? Jails are way older than Docker instances so the code itself could be considered more secure. But Jails never "catched on" so perhaps it's not as good as Docker instances? Or is that just because Linux is so much more popular than FreeBSD?
docker freebsd jail
New contributor
add a comment |
up vote
10
down vote
favorite
up vote
10
down vote
favorite
What are the main differences between jails on FreeBSD and Docker on Linux? Is one considerably more secure or more performant than the other? Jails are way older than Docker instances so the code itself could be considered more secure. But Jails never "catched on" so perhaps it's not as good as Docker instances? Or is that just because Linux is so much more popular than FreeBSD?
docker freebsd jail
New contributor
What are the main differences between jails on FreeBSD and Docker on Linux? Is one considerably more secure or more performant than the other? Jails are way older than Docker instances so the code itself could be considered more secure. But Jails never "catched on" so perhaps it's not as good as Docker instances? Or is that just because Linux is so much more popular than FreeBSD?
docker freebsd jail
docker freebsd jail
New contributor
New contributor
edited 17 hours ago
New contributor
asked 18 hours ago
Simba
558
558
New contributor
New contributor
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
15
down vote
I will address some of the aspects of FreeBSD jails and Linux Docker, of how they are similar and how they are different.
- both serve the same goal: it's an implementation of lightweight virtualization, when you run application in a separated and isolated compartment under same kernel, and here the similarities end, and differences begin
- Docker is a tool that is used mainly for running prepared binary images that one can get from various public or private repositories. Most people use it in this way. Fewer people construct their own ones and upload then into those repositories.
- FreeBSD jails are more like LXC in Linux: it's a method of creating your container from scratch. You create it, install the software into it, and that's pretty much all - it can be treated as a FreeBSD inside FreeBSD. There's no easy way to export that container as a single piece of software, like in Docker. So pretty much all the people that use FreeBSD, au contraire, always build their own piece of FreeBSD inside a container from scratch (i.e. from the base system installed), installing software from FreeBSD Ports system or from source. FreeBSD jails thus are less friendly, and have higher starting use cost.
- in the same way as the LXC containers are persistent, FreeBSD jails also are persistent. All the changes remain intact between the boots. As I said, it's just a piece of OS inside the same OS (though userland software versions may differ until the ABI is maintained in the FreeBSD kernel). This means you cannot commit the changes - they are commited once they are created.
- from all of the above it's obvious why FreeBSD containers cannot have their similar orchestration layer, like Docker does: there's no ports publishing, there's no volumes, there's no links or any meta-connections between different jails. Only the interfaces the networked OS gives you: network sockets, unix sockets, common mount points.
- there's no limitations, of course, about who can communicate with whom inside FreeBSD jails, as there are none in Docker.
- you can run native docker images in FreeBSD, because there's at least partial support of docker under FreeBSD, but, since Linux is free, I strongly advise against it (and I truly and deeply love FreeBSD), because they will be ran through Linux compatibility layer (provided with a FreeBSD kernel module) which provides some known limitations.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Simba is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f944354%2ffreebsd-jails-or-docker-instances%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
15
down vote
I will address some of the aspects of FreeBSD jails and Linux Docker, of how they are similar and how they are different.
- both serve the same goal: it's an implementation of lightweight virtualization, when you run application in a separated and isolated compartment under same kernel, and here the similarities end, and differences begin
- Docker is a tool that is used mainly for running prepared binary images that one can get from various public or private repositories. Most people use it in this way. Fewer people construct their own ones and upload then into those repositories.
- FreeBSD jails are more like LXC in Linux: it's a method of creating your container from scratch. You create it, install the software into it, and that's pretty much all - it can be treated as a FreeBSD inside FreeBSD. There's no easy way to export that container as a single piece of software, like in Docker. So pretty much all the people that use FreeBSD, au contraire, always build their own piece of FreeBSD inside a container from scratch (i.e. from the base system installed), installing software from FreeBSD Ports system or from source. FreeBSD jails thus are less friendly, and have higher starting use cost.
- in the same way as the LXC containers are persistent, FreeBSD jails also are persistent. All the changes remain intact between the boots. As I said, it's just a piece of OS inside the same OS (though userland software versions may differ until the ABI is maintained in the FreeBSD kernel). This means you cannot commit the changes - they are commited once they are created.
- from all of the above it's obvious why FreeBSD containers cannot have their similar orchestration layer, like Docker does: there's no ports publishing, there's no volumes, there's no links or any meta-connections between different jails. Only the interfaces the networked OS gives you: network sockets, unix sockets, common mount points.
- there's no limitations, of course, about who can communicate with whom inside FreeBSD jails, as there are none in Docker.
- you can run native docker images in FreeBSD, because there's at least partial support of docker under FreeBSD, but, since Linux is free, I strongly advise against it (and I truly and deeply love FreeBSD), because they will be ran through Linux compatibility layer (provided with a FreeBSD kernel module) which provides some known limitations.
add a comment |
up vote
15
down vote
I will address some of the aspects of FreeBSD jails and Linux Docker, of how they are similar and how they are different.
- both serve the same goal: it's an implementation of lightweight virtualization, when you run application in a separated and isolated compartment under same kernel, and here the similarities end, and differences begin
- Docker is a tool that is used mainly for running prepared binary images that one can get from various public or private repositories. Most people use it in this way. Fewer people construct their own ones and upload then into those repositories.
- FreeBSD jails are more like LXC in Linux: it's a method of creating your container from scratch. You create it, install the software into it, and that's pretty much all - it can be treated as a FreeBSD inside FreeBSD. There's no easy way to export that container as a single piece of software, like in Docker. So pretty much all the people that use FreeBSD, au contraire, always build their own piece of FreeBSD inside a container from scratch (i.e. from the base system installed), installing software from FreeBSD Ports system or from source. FreeBSD jails thus are less friendly, and have higher starting use cost.
- in the same way as the LXC containers are persistent, FreeBSD jails also are persistent. All the changes remain intact between the boots. As I said, it's just a piece of OS inside the same OS (though userland software versions may differ until the ABI is maintained in the FreeBSD kernel). This means you cannot commit the changes - they are commited once they are created.
- from all of the above it's obvious why FreeBSD containers cannot have their similar orchestration layer, like Docker does: there's no ports publishing, there's no volumes, there's no links or any meta-connections between different jails. Only the interfaces the networked OS gives you: network sockets, unix sockets, common mount points.
- there's no limitations, of course, about who can communicate with whom inside FreeBSD jails, as there are none in Docker.
- you can run native docker images in FreeBSD, because there's at least partial support of docker under FreeBSD, but, since Linux is free, I strongly advise against it (and I truly and deeply love FreeBSD), because they will be ran through Linux compatibility layer (provided with a FreeBSD kernel module) which provides some known limitations.
add a comment |
up vote
15
down vote
up vote
15
down vote
I will address some of the aspects of FreeBSD jails and Linux Docker, of how they are similar and how they are different.
- both serve the same goal: it's an implementation of lightweight virtualization, when you run application in a separated and isolated compartment under same kernel, and here the similarities end, and differences begin
- Docker is a tool that is used mainly for running prepared binary images that one can get from various public or private repositories. Most people use it in this way. Fewer people construct their own ones and upload then into those repositories.
- FreeBSD jails are more like LXC in Linux: it's a method of creating your container from scratch. You create it, install the software into it, and that's pretty much all - it can be treated as a FreeBSD inside FreeBSD. There's no easy way to export that container as a single piece of software, like in Docker. So pretty much all the people that use FreeBSD, au contraire, always build their own piece of FreeBSD inside a container from scratch (i.e. from the base system installed), installing software from FreeBSD Ports system or from source. FreeBSD jails thus are less friendly, and have higher starting use cost.
- in the same way as the LXC containers are persistent, FreeBSD jails also are persistent. All the changes remain intact between the boots. As I said, it's just a piece of OS inside the same OS (though userland software versions may differ until the ABI is maintained in the FreeBSD kernel). This means you cannot commit the changes - they are commited once they are created.
- from all of the above it's obvious why FreeBSD containers cannot have their similar orchestration layer, like Docker does: there's no ports publishing, there's no volumes, there's no links or any meta-connections between different jails. Only the interfaces the networked OS gives you: network sockets, unix sockets, common mount points.
- there's no limitations, of course, about who can communicate with whom inside FreeBSD jails, as there are none in Docker.
- you can run native docker images in FreeBSD, because there's at least partial support of docker under FreeBSD, but, since Linux is free, I strongly advise against it (and I truly and deeply love FreeBSD), because they will be ran through Linux compatibility layer (provided with a FreeBSD kernel module) which provides some known limitations.
I will address some of the aspects of FreeBSD jails and Linux Docker, of how they are similar and how they are different.
- both serve the same goal: it's an implementation of lightweight virtualization, when you run application in a separated and isolated compartment under same kernel, and here the similarities end, and differences begin
- Docker is a tool that is used mainly for running prepared binary images that one can get from various public or private repositories. Most people use it in this way. Fewer people construct their own ones and upload then into those repositories.
- FreeBSD jails are more like LXC in Linux: it's a method of creating your container from scratch. You create it, install the software into it, and that's pretty much all - it can be treated as a FreeBSD inside FreeBSD. There's no easy way to export that container as a single piece of software, like in Docker. So pretty much all the people that use FreeBSD, au contraire, always build their own piece of FreeBSD inside a container from scratch (i.e. from the base system installed), installing software from FreeBSD Ports system or from source. FreeBSD jails thus are less friendly, and have higher starting use cost.
- in the same way as the LXC containers are persistent, FreeBSD jails also are persistent. All the changes remain intact between the boots. As I said, it's just a piece of OS inside the same OS (though userland software versions may differ until the ABI is maintained in the FreeBSD kernel). This means you cannot commit the changes - they are commited once they are created.
- from all of the above it's obvious why FreeBSD containers cannot have their similar orchestration layer, like Docker does: there's no ports publishing, there's no volumes, there's no links or any meta-connections between different jails. Only the interfaces the networked OS gives you: network sockets, unix sockets, common mount points.
- there's no limitations, of course, about who can communicate with whom inside FreeBSD jails, as there are none in Docker.
- you can run native docker images in FreeBSD, because there's at least partial support of docker under FreeBSD, but, since Linux is free, I strongly advise against it (and I truly and deeply love FreeBSD), because they will be ran through Linux compatibility layer (provided with a FreeBSD kernel module) which provides some known limitations.
edited 16 hours ago
Sven♦
85.5k10144198
85.5k10144198
answered 17 hours ago
drookie
5,82411019
5,82411019
add a comment |
add a comment |
Simba is a new contributor. Be nice, and check out our Code of Conduct.
Simba is a new contributor. Be nice, and check out our Code of Conduct.
Simba is a new contributor. Be nice, and check out our Code of Conduct.
Simba is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f944354%2ffreebsd-jails-or-docker-instances%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown