March 31, 2026

Jailhouse Rock or Docker Shock

Article URL →HN comments →

Back to FreeBSD – Part 2 – Jails

FreeBSD ‘Jails’ are back: fans swoon, pragmatists shout “Just make Docker work”

TLDR: The piece praises FreeBSD jails as a simpler, built‑in way to isolate apps compared to Linux’s many moving parts. Commenters erupt over practicality: some demand Docker/OCI compatibility and Linux images, others defend jails’ elegance, setting up a classic showdown of simplicity vs “will it run my stuff,” which matters to real-world teams.

FreeBSD’s old-school “jails” just walked back on stage, and the crowd is split. The article shows how Linux containers feel like a DIY kit—lots of parts glued together over time—while FreeBSD jails are a built‑in switch for running apps in their own mini‑system. The demo is peak contrast: on Fedora, you wire up bridges, tiny DHCP servers, and internet rules; on FreeBSD, you fetch a base system, copy DNS, add an extra IP, and you’re done. Cue the “Jailhouse Rock” memes and the author’s “my 2015 MacBook has a second life” line getting [upvotes].

But the comments turned it into a culture clash. Purists cheered the elegance (“one kernel feature, one command”), while the pragmatists yelled: Will it run my Docker stuff? One camp wants FreeBSD to embrace OCI—the way images and containers are standardized—and let Docker-style setups “just work.” Another asks the tough question: can a FreeBSD jail run any Linux distro, or are we locked into the BSD world? Meanwhile, a middle faction pleads for a translator: keep jails, but accept Docker and Dockerfiles as a front door that spits out jails under the hood. It’s elegance vs. convenience, with FreeBSD jails in the middle and the comments doing what they do best—start a friendly fire with GIFs and puns.

Key Points

  • Linux containers are built from multiple kernel primitives (namespaces, cgroups, seccomp) combined by tools like LXC.
  • LXC (released 2008) unified these primitives; early Docker used LXC until 2014, then moved to libcontainer.
  • OCI standardized container runtime interfaces, leading to tools such as runc and containerd.
  • An LXC setup on Fedora 40 requires lxc-net, a bridge (lxcbr0), dnsmasq for DHCP, iptables NAT, and veth for networking.
  • FreeBSD jails are a first-class kernel feature; creating one involves extracting the base system, copying resolv.conf, and assigning an IP alias without additional bridging/NAT.

Hottest takes

"interoperability/compatibility limits of LXC and OCI support in FreeBSD 15" — evanjrowley
"The main drawback I saw on jails is that they are FreeBSD" — davidcollantes
"accepting OCI and Dockerfile semantics as a path to an external 'run one of these' and having it actually emerge as a jail" — ggm

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.