FreeBSD Jails or Docker instances
13
What are the main differences between jails on FreeBSD and Docker on Linux? Is one considerably more secure or more performant than the other? Jails are way older than Docker instances so the code itself could be considered more secure. But Jails never "catched on" so perhaps it's not as good as Docker instances? Or is that just because Linux is so much more popular than FreeBSD?
docker freebsd jail
asked Dec 14 '18 at 12:28
SimbaSimba
7210
add a comment |
13
What are the main differences between jails on FreeBSD and Docker on Linux? Is one considerably more secure or more performant than the other? Jails are way older than Docker instances so the code itself could be considered more secure. But Jails never "catched on" so perhaps it's not as good as Docker instances? Or is that just because Linux is so much more popular than FreeBSD?
docker freebsd jail
asked Dec 14 '18 at 12:28
SimbaSimba
7210
add a comment |
13
13
13
6
What are the main differences between jails on FreeBSD and Docker on Linux? Is one considerably more secure or more performant than the other? Jails are way older than Docker instances so the code itself could be considered more secure. But Jails never "catched on" so perhaps it's not as good as Docker instances? Or is that just because Linux is so much more popular than FreeBSD?
docker freebsd jail
asked Dec 14 '18 at 12:28
SimbaSimba
7210
What are the main differences between jails on FreeBSD and Docker on Linux? Is one considerably more secure or more performant than the other? Jails are way older than Docker instances so the code itself could be considered more secure. But Jails never "catched on" so perhaps it's not as good as Docker instances? Or is that just because Linux is so much more popular than FreeBSD?
docker freebsd jail
docker freebsd jail
asked Dec 14 '18 at 12:28
SimbaSimba
7210
asked Dec 14 '18 at 12:28
SimbaSimba
7210
edited Dec 14 '18 at 13:00
Simba
asked Dec 14 '18 at 12:28
SimbaSimba
7210
asked Dec 14 '18 at 12:28
SimbaSimba
7210
asked Dec 14 '18 at 12:28
SimbaSimba
7210
7210
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
20
I will address some of the aspects of FreeBSD jails and Linux Docker, of how they are similar and how they are different.
- both serve the same goal: it's an implementation of lightweight virtualization, when you run application in a separated and isolated compartment under same kernel, and here the similarities end, and differences begin
- Docker is a tool that is used mainly for running prepared binary images that one can get from various public or private repositories. Most people use it in this way. Fewer people construct their own ones and upload then into those repositories.
- FreeBSD jails are more like LXC in Linux: it's a method of creating your container from scratch. You create it, install the software into it, and that's pretty much all - it can be treated as a FreeBSD inside FreeBSD. There's no easy way to export that container as a single piece of software, like in Docker. So pretty much all the people that use FreeBSD, au contraire, always build their own piece of FreeBSD inside a container from scratch (i.e. from the base system installed), installing software from FreeBSD Ports system or from source. FreeBSD jails thus are less friendly, and have higher starting use cost.
- in the same way as the LXC containers are persistent, FreeBSD jails also are persistent. All the changes remain intact between the boots. As I said, it's just a piece of OS inside the same OS (though userland software versions may differ until the ABI is maintained in the FreeBSD kernel). This means you cannot commit the changes - they are commited once they are created.
- from all of the above it's obvious why FreeBSD containers cannot have their similar orchestration layer, like Docker does: there's no ports publishing, there's no volumes, there's no links or any meta-connections between different jails. Only the interfaces the networked OS gives you: network sockets, unix sockets, common mount points.
- there's no limitations, of course, about who can communicate with whom inside FreeBSD jails, as there are none in Docker.
- you can run native docker images in FreeBSD, because there's at least partial support of docker under FreeBSD, but, since Linux is free, I strongly advise against it (and I truly and deeply love FreeBSD), because they will be ran through Linux compatibility layer (provided with a FreeBSD kernel module) which provides some known limitations.
edited Dec 14 '18 at 13:50
Sven♦
87k10145199
answered Dec 14 '18 at 13:20
drookiedrookie
6,02411119
For more information about docker on FreeBSD. It used to work within a jail (imagine the double isolation :) ), it was made possible as a port by the FreeNAS' main dev as they wanted to use it on that distro. Here's one article from them talking about it and the old wiki page for it. Since then, they stopped maintaining it and it seems to not work anymore. More to follow in the next comment.
– Vrakfall
Dec 16 '18 at 13:29
Here is the currently last forum post talking about Docker's state in FreeBSD. Props to Phishfry there for some of the info I dropped here. It's still possible tho to use docker on FreeBSD by running it in a virtualized Linux (bhyve, virtualbox, etc...) and using the client-only port, which is still maintained and working, to connect to it. After all boot2docker was originally made to use docker that way on MacOS.
– Vrakfall
Dec 16 '18 at 13:40
And we know MacOS is a (shameful, cough, this is my opinionated bit) port of BSD. But all of that, of course, is only for a development environment and can in no way be used in production. This is for those who want to keep working on FreeBSD and be able to develop docker things for their job/hobby/whatever.
– Vrakfall
Dec 16 '18 at 13:43
Oh and I forgot to say, but you mentioned it, the olddocker-freebsdport was indeed using FreeBSD's Linuxulator.
– Vrakfall
Dec 16 '18 at 13:51
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f944354%2ffreebsd-jails-or-docker-instances%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
20
I will address some of the aspects of FreeBSD jails and Linux Docker, of how they are similar and how they are different.
- both serve the same goal: it's an implementation of lightweight virtualization, when you run application in a separated and isolated compartment under same kernel, and here the similarities end, and differences begin
- Docker is a tool that is used mainly for running prepared binary images that one can get from various public or private repositories. Most people use it in this way. Fewer people construct their own ones and upload then into those repositories.
- FreeBSD jails are more like LXC in Linux: it's a method of creating your container from scratch. You create it, install the software into it, and that's pretty much all - it can be treated as a FreeBSD inside FreeBSD. There's no easy way to export that container as a single piece of software, like in Docker. So pretty much all the people that use FreeBSD, au contraire, always build their own piece of FreeBSD inside a container from scratch (i.e. from the base system installed), installing software from FreeBSD Ports system or from source. FreeBSD jails thus are less friendly, and have higher starting use cost.
- in the same way as the LXC containers are persistent, FreeBSD jails also are persistent. All the changes remain intact between the boots. As I said, it's just a piece of OS inside the same OS (though userland software versions may differ until the ABI is maintained in the FreeBSD kernel). This means you cannot commit the changes - they are commited once they are created.
- from all of the above it's obvious why FreeBSD containers cannot have their similar orchestration layer, like Docker does: there's no ports publishing, there's no volumes, there's no links or any meta-connections between different jails. Only the interfaces the networked OS gives you: network sockets, unix sockets, common mount points.
- there's no limitations, of course, about who can communicate with whom inside FreeBSD jails, as there are none in Docker.
- you can run native docker images in FreeBSD, because there's at least partial support of docker under FreeBSD, but, since Linux is free, I strongly advise against it (and I truly and deeply love FreeBSD), because they will be ran through Linux compatibility layer (provided with a FreeBSD kernel module) which provides some known limitations.
edited Dec 14 '18 at 13:50
Sven♦
87k10145199
answered Dec 14 '18 at 13:20
drookiedrookie
6,02411119
For more information about docker on FreeBSD. It used to work within a jail (imagine the double isolation :) ), it was made possible as a port by the FreeNAS' main dev as they wanted to use it on that distro. Here's one article from them talking about it and the old wiki page for it. Since then, they stopped maintaining it and it seems to not work anymore. More to follow in the next comment.
– Vrakfall
Dec 16 '18 at 13:29
Here is the currently last forum post talking about Docker's state in FreeBSD. Props to Phishfry there for some of the info I dropped here. It's still possible tho to use docker on FreeBSD by running it in a virtualized Linux (bhyve, virtualbox, etc...) and using the client-only port, which is still maintained and working, to connect to it. After all boot2docker was originally made to use docker that way on MacOS.
– Vrakfall
Dec 16 '18 at 13:40
And we know MacOS is a (shameful, cough, this is my opinionated bit) port of BSD. But all of that, of course, is only for a development environment and can in no way be used in production. This is for those who want to keep working on FreeBSD and be able to develop docker things for their job/hobby/whatever.
– Vrakfall
Dec 16 '18 at 13:43
Oh and I forgot to say, but you mentioned it, the olddocker-freebsdport was indeed using FreeBSD's Linuxulator.
– Vrakfall
Dec 16 '18 at 13:51
add a comment |
20
I will address some of the aspects of FreeBSD jails and Linux Docker, of how they are similar and how they are different.
- both serve the same goal: it's an implementation of lightweight virtualization, when you run application in a separated and isolated compartment under same kernel, and here the similarities end, and differences begin
- Docker is a tool that is used mainly for running prepared binary images that one can get from various public or private repositories. Most people use it in this way. Fewer people construct their own ones and upload then into those repositories.
- FreeBSD jails are more like LXC in Linux: it's a method of creating your container from scratch. You create it, install the software into it, and that's pretty much all - it can be treated as a FreeBSD inside FreeBSD. There's no easy way to export that container as a single piece of software, like in Docker. So pretty much all the people that use FreeBSD, au contraire, always build their own piece of FreeBSD inside a container from scratch (i.e. from the base system installed), installing software from FreeBSD Ports system or from source. FreeBSD jails thus are less friendly, and have higher starting use cost.
- in the same way as the LXC containers are persistent, FreeBSD jails also are persistent. All the changes remain intact between the boots. As I said, it's just a piece of OS inside the same OS (though userland software versions may differ until the ABI is maintained in the FreeBSD kernel). This means you cannot commit the changes - they are commited once they are created.
- from all of the above it's obvious why FreeBSD containers cannot have their similar orchestration layer, like Docker does: there's no ports publishing, there's no volumes, there's no links or any meta-connections between different jails. Only the interfaces the networked OS gives you: network sockets, unix sockets, common mount points.
- there's no limitations, of course, about who can communicate with whom inside FreeBSD jails, as there are none in Docker.
- you can run native docker images in FreeBSD, because there's at least partial support of docker under FreeBSD, but, since Linux is free, I strongly advise against it (and I truly and deeply love FreeBSD), because they will be ran through Linux compatibility layer (provided with a FreeBSD kernel module) which provides some known limitations.
edited Dec 14 '18 at 13:50
Sven♦
87k10145199
answered Dec 14 '18 at 13:20
drookiedrookie
6,02411119
For more information about docker on FreeBSD. It used to work within a jail (imagine the double isolation :) ), it was made possible as a port by the FreeNAS' main dev as they wanted to use it on that distro. Here's one article from them talking about it and the old wiki page for it. Since then, they stopped maintaining it and it seems to not work anymore. More to follow in the next comment.
– Vrakfall
Dec 16 '18 at 13:29
Here is the currently last forum post talking about Docker's state in FreeBSD. Props to Phishfry there for some of the info I dropped here. It's still possible tho to use docker on FreeBSD by running it in a virtualized Linux (bhyve, virtualbox, etc...) and using the client-only port, which is still maintained and working, to connect to it. After all boot2docker was originally made to use docker that way on MacOS.
– Vrakfall
Dec 16 '18 at 13:40
And we know MacOS is a (shameful, cough, this is my opinionated bit) port of BSD. But all of that, of course, is only for a development environment and can in no way be used in production. This is for those who want to keep working on FreeBSD and be able to develop docker things for their job/hobby/whatever.
– Vrakfall
Dec 16 '18 at 13:43
Oh and I forgot to say, but you mentioned it, the olddocker-freebsdport was indeed using FreeBSD's Linuxulator.
– Vrakfall
Dec 16 '18 at 13:51
add a comment |
20
20
20
I will address some of the aspects of FreeBSD jails and Linux Docker, of how they are similar and how they are different.
- both serve the same goal: it's an implementation of lightweight virtualization, when you run application in a separated and isolated compartment under same kernel, and here the similarities end, and differences begin
- Docker is a tool that is used mainly for running prepared binary images that one can get from various public or private repositories. Most people use it in this way. Fewer people construct their own ones and upload then into those repositories.
- FreeBSD jails are more like LXC in Linux: it's a method of creating your container from scratch. You create it, install the software into it, and that's pretty much all - it can be treated as a FreeBSD inside FreeBSD. There's no easy way to export that container as a single piece of software, like in Docker. So pretty much all the people that use FreeBSD, au contraire, always build their own piece of FreeBSD inside a container from scratch (i.e. from the base system installed), installing software from FreeBSD Ports system or from source. FreeBSD jails thus are less friendly, and have higher starting use cost.
- in the same way as the LXC containers are persistent, FreeBSD jails also are persistent. All the changes remain intact between the boots. As I said, it's just a piece of OS inside the same OS (though userland software versions may differ until the ABI is maintained in the FreeBSD kernel). This means you cannot commit the changes - they are commited once they are created.
- from all of the above it's obvious why FreeBSD containers cannot have their similar orchestration layer, like Docker does: there's no ports publishing, there's no volumes, there's no links or any meta-connections between different jails. Only the interfaces the networked OS gives you: network sockets, unix sockets, common mount points.
- there's no limitations, of course, about who can communicate with whom inside FreeBSD jails, as there are none in Docker.
- you can run native docker images in FreeBSD, because there's at least partial support of docker under FreeBSD, but, since Linux is free, I strongly advise against it (and I truly and deeply love FreeBSD), because they will be ran through Linux compatibility layer (provided with a FreeBSD kernel module) which provides some known limitations.
edited Dec 14 '18 at 13:50
Sven♦
87k10145199
answered Dec 14 '18 at 13:20
drookiedrookie
6,02411119
I will address some of the aspects of FreeBSD jails and Linux Docker, of how they are similar and how they are different.
- both serve the same goal: it's an implementation of lightweight virtualization, when you run application in a separated and isolated compartment under same kernel, and here the similarities end, and differences begin
- Docker is a tool that is used mainly for running prepared binary images that one can get from various public or private repositories. Most people use it in this way. Fewer people construct their own ones and upload then into those repositories.
- FreeBSD jails are more like LXC in Linux: it's a method of creating your container from scratch. You create it, install the software into it, and that's pretty much all - it can be treated as a FreeBSD inside FreeBSD. There's no easy way to export that container as a single piece of software, like in Docker. So pretty much all the people that use FreeBSD, au contraire, always build their own piece of FreeBSD inside a container from scratch (i.e. from the base system installed), installing software from FreeBSD Ports system or from source. FreeBSD jails thus are less friendly, and have higher starting use cost.
- in the same way as the LXC containers are persistent, FreeBSD jails also are persistent. All the changes remain intact between the boots. As I said, it's just a piece of OS inside the same OS (though userland software versions may differ until the ABI is maintained in the FreeBSD kernel). This means you cannot commit the changes - they are commited once they are created.
- from all of the above it's obvious why FreeBSD containers cannot have their similar orchestration layer, like Docker does: there's no ports publishing, there's no volumes, there's no links or any meta-connections between different jails. Only the interfaces the networked OS gives you: network sockets, unix sockets, common mount points.
- there's no limitations, of course, about who can communicate with whom inside FreeBSD jails, as there are none in Docker.
- you can run native docker images in FreeBSD, because there's at least partial support of docker under FreeBSD, but, since Linux is free, I strongly advise against it (and I truly and deeply love FreeBSD), because they will be ran through Linux compatibility layer (provided with a FreeBSD kernel module) which provides some known limitations.
edited Dec 14 '18 at 13:50
Sven♦
87k10145199
answered Dec 14 '18 at 13:20
drookiedrookie
6,02411119
edited Dec 14 '18 at 13:50
Sven♦
87k10145199
edited Dec 14 '18 at 13:50
Sven♦
87k10145199
edited Dec 14 '18 at 13:50
Sven♦
87k10145199
87k10145199
answered Dec 14 '18 at 13:20
drookiedrookie
6,02411119
answered Dec 14 '18 at 13:20
drookiedrookie
6,02411119
answered Dec 14 '18 at 13:20
drookiedrookie
6,02411119
6,02411119
For more information about docker on FreeBSD. It used to work within a jail (imagine the double isolation :) ), it was made possible as a port by the FreeNAS' main dev as they wanted to use it on that distro. Here's one article from them talking about it and the old wiki page for it. Since then, they stopped maintaining it and it seems to not work anymore. More to follow in the next comment.
– Vrakfall
Dec 16 '18 at 13:29
Here is the currently last forum post talking about Docker's state in FreeBSD. Props to Phishfry there for some of the info I dropped here. It's still possible tho to use docker on FreeBSD by running it in a virtualized Linux (bhyve, virtualbox, etc...) and using the client-only port, which is still maintained and working, to connect to it. After all boot2docker was originally made to use docker that way on MacOS.
– Vrakfall
Dec 16 '18 at 13:40
And we know MacOS is a (shameful, cough, this is my opinionated bit) port of BSD. But all of that, of course, is only for a development environment and can in no way be used in production. This is for those who want to keep working on FreeBSD and be able to develop docker things for their job/hobby/whatever.
– Vrakfall
Dec 16 '18 at 13:43
Oh and I forgot to say, but you mentioned it, the olddocker-freebsdport was indeed using FreeBSD's Linuxulator.
– Vrakfall
Dec 16 '18 at 13:51
add a comment |
For more information about docker on FreeBSD. It used to work within a jail (imagine the double isolation :) ), it was made possible as a port by the FreeNAS' main dev as they wanted to use it on that distro. Here's one article from them talking about it and the old wiki page for it. Since then, they stopped maintaining it and it seems to not work anymore. More to follow in the next comment.
– Vrakfall
Dec 16 '18 at 13:29
Here is the currently last forum post talking about Docker's state in FreeBSD. Props to Phishfry there for some of the info I dropped here. It's still possible tho to use docker on FreeBSD by running it in a virtualized Linux (bhyve, virtualbox, etc...) and using the client-only port, which is still maintained and working, to connect to it. After all boot2docker was originally made to use docker that way on MacOS.
– Vrakfall
Dec 16 '18 at 13:40
And we know MacOS is a (shameful, cough, this is my opinionated bit) port of BSD. But all of that, of course, is only for a development environment and can in no way be used in production. This is for those who want to keep working on FreeBSD and be able to develop docker things for their job/hobby/whatever.
– Vrakfall
Dec 16 '18 at 13:43
Oh and I forgot to say, but you mentioned it, the olddocker-freebsdport was indeed using FreeBSD's Linuxulator.
– Vrakfall
Dec 16 '18 at 13:51
For more information about docker on FreeBSD. It used to work within a jail (imagine the double isolation :) ), it was made possible as a port by the FreeNAS' main dev as they wanted to use it on that distro. Here's one article from them talking about it and the old wiki page for it. Since then, they stopped maintaining it and it seems to not work anymore. More to follow in the next comment.
– Vrakfall
Dec 16 '18 at 13:29
For more information about docker on FreeBSD. It used to work within a jail (imagine the double isolation :) ), it was made possible as a port by the FreeNAS' main dev as they wanted to use it on that distro. Here's one article from them talking about it and the old wiki page for it. Since then, they stopped maintaining it and it seems to not work anymore. More to follow in the next comment.
– Vrakfall
Dec 16 '18 at 13:29
Here is the currently last forum post talking about Docker's state in FreeBSD. Props to Phishfry there for some of the info I dropped here. It's still possible tho to use docker on FreeBSD by running it in a virtualized Linux (bhyve, virtualbox, etc...) and using the client-only port, which is still maintained and working, to connect to it. After all boot2docker was originally made to use docker that way on MacOS.
– Vrakfall
Dec 16 '18 at 13:40
Here is the currently last forum post talking about Docker's state in FreeBSD. Props to Phishfry there for some of the info I dropped here. It's still possible tho to use docker on FreeBSD by running it in a virtualized Linux (bhyve, virtualbox, etc...) and using the client-only port, which is still maintained and working, to connect to it. After all boot2docker was originally made to use docker that way on MacOS.
– Vrakfall
Dec 16 '18 at 13:40
And we know MacOS is a (shameful, cough, this is my opinionated bit) port of BSD. But all of that, of course, is only for a development environment and can in no way be used in production. This is for those who want to keep working on FreeBSD and be able to develop docker things for their job/hobby/whatever.
– Vrakfall
Dec 16 '18 at 13:43
And we know MacOS is a (shameful, cough, this is my opinionated bit) port of BSD. But all of that, of course, is only for a development environment and can in no way be used in production. This is for those who want to keep working on FreeBSD and be able to develop docker things for their job/hobby/whatever.
– Vrakfall
Dec 16 '18 at 13:43
Oh and I forgot to say, but you mentioned it, the old
docker-freebsd port was indeed using FreeBSD's Linuxulator.– Vrakfall
Dec 16 '18 at 13:51
Oh and I forgot to say, but you mentioned it, the old
docker-freebsd port was indeed using FreeBSD's Linuxulator.– Vrakfall
Dec 16 '18 at 13:51
add a comment |
draft saved
draft discarded
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f944354%2ffreebsd-jails-or-docker-instances%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
