March 5, 2026

Name wars and Docker drama!

Article URL →HN comments →

Jails for NetBSD – Kernel Enforced Isolation and Native Resource Control

New 'Jails' spark name wars, Docker dreams, and BSD bragging rights

TLDR: NetBSD unveiled “Jails,” a built-in way to safely run multiple apps with strict limits, without using Docker or full virtual machines. The crowd split: some want a new name or OCI compatibility, others praise the design and even whisper AI origins—basically, BSD drama in a box.

NetBSD just dropped “Jails,” a built-in way to run apps safely side by side on one machine—think clear walls, strict limits, and simple knobs for CPU and memory. It’s not Docker containers, and not full-blown virtual machines; it’s meant for predictable boundaries with host-side supervision, unified logs, and Prometheus-ready metrics. Even the network stays simple: no fancy virtual networks, just reserved ports enforced by the kernel. Sounds tidy… until the comments lit up. The community instantly split: some cheer the no-frills, OS-native approach; others say, “If it doesn’t speak OCI and Docker, who’s gonna use it?”

Naming drama stole the show. User ggm demanded a rename or a clear comparison to FreeBSD jails, while arcade79 snapped back that the hand-wringing is “just silly.” Another voice pitched “Zones” (a nod to Solaris) and claimed NetBSD’s permission system could even trump FreeBSD’s once features match. Meanwhile, DeathArrow insisted Docker-friendly standards would boost adoption. Then the spice: a commenter hinted the work was “made with AI,” turning the thread into a tech soap opera. The meme squad dropped “Jailhouse Rock” jokes and “Go to Jail” Monopoly riffs. Verdict: tidy tech, messy vibes, peak BSD theater. Everyone’s picking sides, popcorn everywhere. Bring snacks

Key Points

  • “Jails for NetBSD” provides kernel-enforced isolation and per-jail resource control on NetBSD.
  • It is not a container platform or virtualization; it fills the gap between chroot and platforms like Xen.
  • Architecture includes secmodel_jail (kernel model), jailctl (control interface), and jailmgr (orchestration), with optional svcmgr.
  • Features include process isolation, resource limits, security profiles, shared host networking with kernel-enforced port ownership.
  • Operational tooling offers supervised services, centralized logging via syslog, and Prometheus-compatible metrics.

Hottest takes

"Either document how it differs from FreeBSD jails or give it some other name" — ggm
"It would have been more interesting have they released something compatible with Open Container Initiative" — DeathArrow
"Having jails backed by kauth puts NetBSD's well above FreeBSD's, if NetBSD can reach feature parity" — 0x2b9fd814feb0

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.