Remix.run Logo
matheus-rr 5 hours ago

The jails vs containers framing is interesting but I think it misses why Docker actually won. It wasn't the isolation tech. It was the ecosystem: Dockerfiles as executable documentation, a public registry, and compose for local dev. You could pull an image and have something running in 30 seconds without understanding anything about cgroups or namespaces.

FreeBSD jails were technically solid years before Docker existed, but the onboarding story was rough. You needed to understand the FreeBSD base system first. Docker let you skip all of that.

That said, I've been seeing more people question the container stack complexity recently. Especially for smaller deployments where a jail or even a plain VM with good config management would be simpler and more debuggable. The pendulum might be swinging back a bit for certain use cases.

wolvoleo 4 hours ago | parent | next [-]

Jails were never going to 'win' because they're only on an OS with 0.1% marketshare.

But it's not a competition. FreeBSD does its thing and Linux does another. That's why I use FreeBSD.

aswanson 4 hours ago | parent [-]

What is your use case for BSD?

KronisLV 3 hours ago | parent | prev | next [-]

> the container stack complexity

I'm using either Docker Compose or Docker Swarm without Kubernetes, and there's not that much of it, to be honest. My "ingress" is just an Apache2 container that's bound to 80/443 and my storage is either volumes or bind mounts, with no need for more complexity there.

> The jails vs containers framing is interesting but I think it misses why Docker actually won. It wasn't the isolation tech. It was the ecosystem: Dockerfiles as executable documentation, a public registry, and compose for local dev. You could pull an image and have something running in 30 seconds without understanding anything about cgroups or namespaces.

So where's Jailsfiles? Where's Jail Hub (maybe naming needs a bit of work)? Where's Jail Desktop or Jail Compose or Jail Swarm or Jailbernetes?

It feels like either the people behind the various BSDs don't care much for what allowed Docker to win, or they're unable to compete with it, which is a shame, because it'd probably be somewhere between a single and double digit percent userbase growth if they decided to do it and got it right. They already have some of the foundational tech, so why not the UX and the rest of it?

jacquesm an hour ago | parent [-]

> I'm using either Docker Compose or Docker Swarm without Kubernetes, and there's not that much of it, to be honest.

On the outside. But that's a lot of complexity hidden from view there, easily a couple of million lines of code on top of the code that you wrote.

sthuck 5 hours ago | parent | prev | next [-]

I don't think article misses it, it's exactly the point it makes

chuckadams 4 hours ago | parent | prev | next [-]

Docker's client/server design also allowed for things like Docker Desktop, which made the integration seamless with non-linux systems. Jails have nothing like that, so the only system that will ever run jails is FreeBSD. Also, I'm not up to speed enough to know, but do jails even have a concept of container images?

Gud 2 minutes ago | parent [-]

It’s just files on the filesystem. So tar for imaging?

torstenvl 4 hours ago | parent | prev | next [-]

> Jails solve the isolation problem beautifully, but they don't have a native answer to shipping. That gap is real, and it's one of the main reasons the ecosystem around jails feels underdeveloped compared to Docker's world.

The link literally uses the term ecosystem. Several times actually.

user3939382 4 hours ago | parent | prev | next [-]

You can also run Linux containers on FreeBSD

https://youtu.be/HV-wUUzRCMo

sidkshatriya 6 minutes ago | parent [-]

I've tried this ... I've haven't got much mileage on this, sadly.

Many Linux syscalls are unemulated and things like /proc/<pid>/fd/NN etc are not "magic symlinks" like on Linux so execve on them fails (though there is rudimentary /proc support, its not full fleshed out).

TL;DR Linux containers on FreeBSD via the podman + linuxulator feel half baked.

For example, try using the alpine container... `apk upgrade` will fail due to the /proc issue discussed above. Try using the Fedora container `dnf upgrade` will fail due to some seccomp issue.

The future of containers on FreeBSD is FreeBSD OCI containers, not (emulated) Linux containers. As an aside, podman on FreeBSD requires sudo which kinda defeats the concept but hopefully this will be fixed in the future.

steve1977 4 hours ago | parent | prev | next [-]

Maybe FreeBSD doesn't want a jails "ecosystem"?

steve1977 4 hours ago | parent | prev [-]

> You could pull an image and have something running in 30 seconds without understanding anything

Fixed that for you ;)