Docker is just namespaces and cgroups. You do not have separation between host and the containers on Linux - you need additional software for that - like AppArmor or SELinux. The FreeBSD Jails are secure and separated from the host on the contrary. FreeBSD Host can access Jails but Jails can not access Host resources - unless consciously configured to do so.
As for the usage ... FreeBSD Jails can have their OWN network stack (with own firewall and interfaces) while Docker can only use Linux network namespaces.
You can launch/start a single process Jail and a single process Docker - here they are similar. You can also unpack entire operating system userland in both and it will also run - with own packages database etc.
Okay, thanks for the information! Sounds like I would still prefer jails.
Managing Docker always sounded complicated compared to managing jails. It is literally just a configuration file and a copy of userland on the file system. If you are a little clever, you can share the userland and additionally create templates which are really just some directories on your file system with additional stuff you want to put in.
Docker is more on ease of use and distribution. Convince over all major parties (Windows, MacOS, Linux). Docker Compose for building interconnected services ( it even does dns resolution for you, so you can reach your services by short names not caring on IPs).
Then it become natural for teams to share dockerfiles as way for sharing environment setups in all the same way.
Using `docker run something` requires zero to none knowledge of the OS, Networks (nat included), packages. Everything will be auto downloaded.
Okay, interesting! I want to be in control of all those things(OS, Networks(nat included), packages).
I roll my own packages using poudriere that I then distribute using FreeBSDs binary package management system... to my jails. XD
That way I get a coherent well configured system everywhere.
And hundreds of thousands of devs [nowdays we say developer, really meaning web related developer like Javascript] don't care.
They want be in control of their API, but not boring sysadmins stuff.
Jails are targeting sysadmins, thus Docker wins the adoption.
Like cars with manual transmission.
> But the manual transmission is dying out. Just 41 out of the 327 new car models sold in the United States in 2020, or 13%, are offered with a manual transmission, according to data from Edmunds. That is a tremendous drop from less than a decade ago. In 2011, 37% percent came with manuals.
I don't think the analogy to manual transmission is correct - The way I have configured poudriere/pkg it's very rare I have to intervene, unlike with a manual transmission where the driver is directly involved in the control loop.
But since I am in charge of the control loop, I can change it any time I please.
Right now I am changing my poudriere configuration for the first time in years to build my packages using LibreSSL instead of OpenSSL. Sure, it requires some tinkering(not alot though) but that tinkering is completely optional on my part.
I find transmission sample in good correlation of decreased jails (manual, sysadmin way transmission) usage and increased docker usage (automated gearbox tooling).
Yet I have practical question for every Jails user, especially when I see "I did..." statements, like in yours:
>The way I have configured poudriere/pkg
How it works for _team_, how it works for "we", where common ground is expected. I have seen teams of 5-10 using Docker as base ground for their dev (local laptops with Windows, MacOS,Linux)/stage/prod envs, but I have not heard on any of such kind with Jails over last 10 years.
I hardly can imagine that without forcing everyone to switch to FreeBSD as daily driver. Can you share experience of your team?
