FreeBSD Jails or Docker instances











up vote
10
down vote

favorite
4












What are the main differences between jails on FreeBSD and Docker on Linux? Is one considerably more secure or more performant than the other? Jails are way older than Docker instances so the code itself could be considered more secure. But Jails never "catched on" so perhaps it's not as good as Docker instances? Or is that just because Linux is so much more popular than FreeBSD?










share|improve this question









New contributor




Simba is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
























    up vote
    10
    down vote

    favorite
    4












    What are the main differences between jails on FreeBSD and Docker on Linux? Is one considerably more secure or more performant than the other? Jails are way older than Docker instances so the code itself could be considered more secure. But Jails never "catched on" so perhaps it's not as good as Docker instances? Or is that just because Linux is so much more popular than FreeBSD?










    share|improve this question









    New contributor




    Simba is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.






















      up vote
      10
      down vote

      favorite
      4









      up vote
      10
      down vote

      favorite
      4






      4





      What are the main differences between jails on FreeBSD and Docker on Linux? Is one considerably more secure or more performant than the other? Jails are way older than Docker instances so the code itself could be considered more secure. But Jails never "catched on" so perhaps it's not as good as Docker instances? Or is that just because Linux is so much more popular than FreeBSD?










      share|improve this question









      New contributor




      Simba is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      What are the main differences between jails on FreeBSD and Docker on Linux? Is one considerably more secure or more performant than the other? Jails are way older than Docker instances so the code itself could be considered more secure. But Jails never "catched on" so perhaps it's not as good as Docker instances? Or is that just because Linux is so much more popular than FreeBSD?







      docker freebsd jail






      share|improve this question









      New contributor




      Simba is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question









      New contributor




      Simba is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question








      edited 17 hours ago





















      New contributor




      Simba is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 18 hours ago









      Simba

      558




      558




      New contributor




      Simba is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      Simba is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      Simba is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          15
          down vote













          I will address some of the aspects of FreeBSD jails and Linux Docker, of how they are similar and how they are different.




          • both serve the same goal: it's an implementation of lightweight virtualization, when you run application in a separated and isolated compartment under same kernel, and here the similarities end, and differences begin

          • Docker is a tool that is used mainly for running prepared binary images that one can get from various public or private repositories. Most people use it in this way. Fewer people construct their own ones and upload then into those repositories.

          • FreeBSD jails are more like LXC in Linux: it's a method of creating your container from scratch. You create it, install the software into it, and that's pretty much all - it can be treated as a FreeBSD inside FreeBSD. There's no easy way to export that container as a single piece of software, like in Docker. So pretty much all the people that use FreeBSD, au contraire, always build their own piece of FreeBSD inside a container from scratch (i.e. from the base system installed), installing software from FreeBSD Ports system or from source. FreeBSD jails thus are less friendly, and have higher starting use cost.

          • in the same way as the LXC containers are persistent, FreeBSD jails also are persistent. All the changes remain intact between the boots. As I said, it's just a piece of OS inside the same OS (though userland software versions may differ until the ABI is maintained in the FreeBSD kernel). This means you cannot commit the changes - they are commited once they are created.

          • from all of the above it's obvious why FreeBSD containers cannot have their similar orchestration layer, like Docker does: there's no ports publishing, there's no volumes, there's no links or any meta-connections between different jails. Only the interfaces the networked OS gives you: network sockets, unix sockets, common mount points.

          • there's no limitations, of course, about who can communicate with whom inside FreeBSD jails, as there are none in Docker.

          • you can run native docker images in FreeBSD, because there's at least partial support of docker under FreeBSD, but, since Linux is free, I strongly advise against it (and I truly and deeply love FreeBSD), because they will be ran through Linux compatibility layer (provided with a FreeBSD kernel module) which provides some known limitations.






          share|improve this answer























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "2"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });






            Simba is a new contributor. Be nice, and check out our Code of Conduct.










            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f944354%2ffreebsd-jails-or-docker-instances%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            15
            down vote













            I will address some of the aspects of FreeBSD jails and Linux Docker, of how they are similar and how they are different.




            • both serve the same goal: it's an implementation of lightweight virtualization, when you run application in a separated and isolated compartment under same kernel, and here the similarities end, and differences begin

            • Docker is a tool that is used mainly for running prepared binary images that one can get from various public or private repositories. Most people use it in this way. Fewer people construct their own ones and upload then into those repositories.

            • FreeBSD jails are more like LXC in Linux: it's a method of creating your container from scratch. You create it, install the software into it, and that's pretty much all - it can be treated as a FreeBSD inside FreeBSD. There's no easy way to export that container as a single piece of software, like in Docker. So pretty much all the people that use FreeBSD, au contraire, always build their own piece of FreeBSD inside a container from scratch (i.e. from the base system installed), installing software from FreeBSD Ports system or from source. FreeBSD jails thus are less friendly, and have higher starting use cost.

            • in the same way as the LXC containers are persistent, FreeBSD jails also are persistent. All the changes remain intact between the boots. As I said, it's just a piece of OS inside the same OS (though userland software versions may differ until the ABI is maintained in the FreeBSD kernel). This means you cannot commit the changes - they are commited once they are created.

            • from all of the above it's obvious why FreeBSD containers cannot have their similar orchestration layer, like Docker does: there's no ports publishing, there's no volumes, there's no links or any meta-connections between different jails. Only the interfaces the networked OS gives you: network sockets, unix sockets, common mount points.

            • there's no limitations, of course, about who can communicate with whom inside FreeBSD jails, as there are none in Docker.

            • you can run native docker images in FreeBSD, because there's at least partial support of docker under FreeBSD, but, since Linux is free, I strongly advise against it (and I truly and deeply love FreeBSD), because they will be ran through Linux compatibility layer (provided with a FreeBSD kernel module) which provides some known limitations.






            share|improve this answer



























              up vote
              15
              down vote













              I will address some of the aspects of FreeBSD jails and Linux Docker, of how they are similar and how they are different.




              • both serve the same goal: it's an implementation of lightweight virtualization, when you run application in a separated and isolated compartment under same kernel, and here the similarities end, and differences begin

              • Docker is a tool that is used mainly for running prepared binary images that one can get from various public or private repositories. Most people use it in this way. Fewer people construct their own ones and upload then into those repositories.

              • FreeBSD jails are more like LXC in Linux: it's a method of creating your container from scratch. You create it, install the software into it, and that's pretty much all - it can be treated as a FreeBSD inside FreeBSD. There's no easy way to export that container as a single piece of software, like in Docker. So pretty much all the people that use FreeBSD, au contraire, always build their own piece of FreeBSD inside a container from scratch (i.e. from the base system installed), installing software from FreeBSD Ports system or from source. FreeBSD jails thus are less friendly, and have higher starting use cost.

              • in the same way as the LXC containers are persistent, FreeBSD jails also are persistent. All the changes remain intact between the boots. As I said, it's just a piece of OS inside the same OS (though userland software versions may differ until the ABI is maintained in the FreeBSD kernel). This means you cannot commit the changes - they are commited once they are created.

              • from all of the above it's obvious why FreeBSD containers cannot have their similar orchestration layer, like Docker does: there's no ports publishing, there's no volumes, there's no links or any meta-connections between different jails. Only the interfaces the networked OS gives you: network sockets, unix sockets, common mount points.

              • there's no limitations, of course, about who can communicate with whom inside FreeBSD jails, as there are none in Docker.

              • you can run native docker images in FreeBSD, because there's at least partial support of docker under FreeBSD, but, since Linux is free, I strongly advise against it (and I truly and deeply love FreeBSD), because they will be ran through Linux compatibility layer (provided with a FreeBSD kernel module) which provides some known limitations.






              share|improve this answer

























                up vote
                15
                down vote










                up vote
                15
                down vote









                I will address some of the aspects of FreeBSD jails and Linux Docker, of how they are similar and how they are different.




                • both serve the same goal: it's an implementation of lightweight virtualization, when you run application in a separated and isolated compartment under same kernel, and here the similarities end, and differences begin

                • Docker is a tool that is used mainly for running prepared binary images that one can get from various public or private repositories. Most people use it in this way. Fewer people construct their own ones and upload then into those repositories.

                • FreeBSD jails are more like LXC in Linux: it's a method of creating your container from scratch. You create it, install the software into it, and that's pretty much all - it can be treated as a FreeBSD inside FreeBSD. There's no easy way to export that container as a single piece of software, like in Docker. So pretty much all the people that use FreeBSD, au contraire, always build their own piece of FreeBSD inside a container from scratch (i.e. from the base system installed), installing software from FreeBSD Ports system or from source. FreeBSD jails thus are less friendly, and have higher starting use cost.

                • in the same way as the LXC containers are persistent, FreeBSD jails also are persistent. All the changes remain intact between the boots. As I said, it's just a piece of OS inside the same OS (though userland software versions may differ until the ABI is maintained in the FreeBSD kernel). This means you cannot commit the changes - they are commited once they are created.

                • from all of the above it's obvious why FreeBSD containers cannot have their similar orchestration layer, like Docker does: there's no ports publishing, there's no volumes, there's no links or any meta-connections between different jails. Only the interfaces the networked OS gives you: network sockets, unix sockets, common mount points.

                • there's no limitations, of course, about who can communicate with whom inside FreeBSD jails, as there are none in Docker.

                • you can run native docker images in FreeBSD, because there's at least partial support of docker under FreeBSD, but, since Linux is free, I strongly advise against it (and I truly and deeply love FreeBSD), because they will be ran through Linux compatibility layer (provided with a FreeBSD kernel module) which provides some known limitations.






                share|improve this answer














                I will address some of the aspects of FreeBSD jails and Linux Docker, of how they are similar and how they are different.




                • both serve the same goal: it's an implementation of lightweight virtualization, when you run application in a separated and isolated compartment under same kernel, and here the similarities end, and differences begin

                • Docker is a tool that is used mainly for running prepared binary images that one can get from various public or private repositories. Most people use it in this way. Fewer people construct their own ones and upload then into those repositories.

                • FreeBSD jails are more like LXC in Linux: it's a method of creating your container from scratch. You create it, install the software into it, and that's pretty much all - it can be treated as a FreeBSD inside FreeBSD. There's no easy way to export that container as a single piece of software, like in Docker. So pretty much all the people that use FreeBSD, au contraire, always build their own piece of FreeBSD inside a container from scratch (i.e. from the base system installed), installing software from FreeBSD Ports system or from source. FreeBSD jails thus are less friendly, and have higher starting use cost.

                • in the same way as the LXC containers are persistent, FreeBSD jails also are persistent. All the changes remain intact between the boots. As I said, it's just a piece of OS inside the same OS (though userland software versions may differ until the ABI is maintained in the FreeBSD kernel). This means you cannot commit the changes - they are commited once they are created.

                • from all of the above it's obvious why FreeBSD containers cannot have their similar orchestration layer, like Docker does: there's no ports publishing, there's no volumes, there's no links or any meta-connections between different jails. Only the interfaces the networked OS gives you: network sockets, unix sockets, common mount points.

                • there's no limitations, of course, about who can communicate with whom inside FreeBSD jails, as there are none in Docker.

                • you can run native docker images in FreeBSD, because there's at least partial support of docker under FreeBSD, but, since Linux is free, I strongly advise against it (and I truly and deeply love FreeBSD), because they will be ran through Linux compatibility layer (provided with a FreeBSD kernel module) which provides some known limitations.







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited 16 hours ago









                Sven

                85.5k10144198




                85.5k10144198










                answered 17 hours ago









                drookie

                5,82411019




                5,82411019






















                    Simba is a new contributor. Be nice, and check out our Code of Conduct.










                    draft saved

                    draft discarded


















                    Simba is a new contributor. Be nice, and check out our Code of Conduct.













                    Simba is a new contributor. Be nice, and check out our Code of Conduct.












                    Simba is a new contributor. Be nice, and check out our Code of Conduct.
















                    Thanks for contributing an answer to Server Fault!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.





                    Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                    Please pay close attention to the following guidance:


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f944354%2ffreebsd-jails-or-docker-instances%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Plaza Victoria

                    Puebla de Zaragoza

                    Musa