Back to FreeBSD – Part 2 – Jails

3/31/2026 at 11:56:56 PM

I think they understate the importance of accepting OCI and Dockerfile semantics as a path to an external "run one of these" and having it actually emerge as a jail based outcome.

I get saying "we don't need these additional layers/abstractions" but what it ignores is me saying "I want to run this code, and what I have is a suite of Docker based behaviour and I want a low friction path to use that Docker compose method, to get where I want"

They also haven't yet addressed how things re-scale sideways. Pods, and scaling is why people wind up behind traefik or caddy, fronting a service. It's not because the service lies in RFC1918 (how I wish they had written kubernetes to V6 native) it's because the service is being delivered by multiple discrete runtime states "inside" and scales horizontally.

by ggm

4/1/2026 at 5:54:53 PM

Isn’t podman already supported? I wouldn’t be surprised that there already exist tools that will jail-ify that as well.

by sharts

4/1/2026 at 2:45:27 AM

It's a different operating system. You can't point at a dockerfile, say "port this please from linux-such-and-such to FreeBSD" and expect it to work every time. There are nuances even with linux-compat.

Contrary to popular belief load-balance/scaleout is orthogonal to containers (and k8s is only one of the ways to go about it), so obviously it's not discussed in an article about containers.

by lstodd

4/1/2026 at 3:28:54 AM

Very often you can, or could, because the software is portable (e.g. Node or Python or Postgres), and / or platform-independent (e.g. written in JS, Python, bash, etc).

In my practice it was completely normal to build things inside a container to be deployed on Linux using the same sources and basically the same package names and versions as used on a developer macOS machine (which is BSD-like enough down below).

by nine_k

4/1/2026 at 9:23:43 AM

> macOS machine (which is BSD-like enough down below)

That's like saying an Ubuntu .deb will work on Gentoo because it's all Linux anyway. It's not that simple. There is dependencies and there are differences in the packages, package managers and surrounding system for a reason. It's not 1:1. Perhaps the naming scheme happened to line up for the packages you where using, but this should be considered not assumed.

It would be nice if there was some sort of translator that could handle "most common cases". I think it would improve the usability of Jails. Perhaps that would require someone to keep a list of packages mapping certain packages between operating systems.

Something like "apt install python3-serial" -> "pkg install py311-pyserial" may suffice.

For anyone that would use something like that, you should implement a prototype, publish it and perhaps someone else will build upon what you started!

by trashb

4/1/2026 at 10:08:47 AM

> It's not that simple.

It would tremendously benefit almost everyone if it were.

> There is dependencies and there are differences in the packages, package managers and surrounding system for a reason.

Yeah, the NIH syndrome. And sometimes, of course, there are decent technical reasons as well.

by Joker_vD

4/1/2026 at 11:04:57 PM

This is called https://brew.sh

by LoganDark

4/1/2026 at 5:17:46 AM

I'll bite: how do we take advantage of ZFS layering if not via the docker-style layering?

I find dockerfile layering to be unsatisfying because step 5 might depend on step 2 but not 3 or 4... the linearisation of a DAG makes them harder to maintain and harder to cache cleanly (with us also having monster single-line CMDs all in the main of image results).

So is there a better way that people are using?

by rtpg

4/1/2026 at 11:39:22 AM

FS layers are a poor replacement for a package manager, so maybe just don't use wrong tools for a job?

by lstodd

4/2/2026 at 6:21:30 AM

To note that HP-UX Vaults and Solaris Zones predate these efforts, where only BSD and Linux keep being discussed.

With IBM and Unisys big iron predating ever further in the historic evolution, outside UNIX based operating systems.

by pjmlp

4/1/2026 at 10:46:30 AM

one thing that bit me with LXC: anything that needs its own kernel module won't work. jails have the same limitation — shared host kernel. ran into this trying to run a VPN server (needs DKMS for a custom wireguard fork) in an LXC container — module can't load, period. ended up on a full KVM VM.

by bivlked

4/1/2026 at 9:51:09 AM

Remote kernel execution should not be the bitter problem of development i.e. the identification of "human" capitol.

Perhaps formalisation lends values, which deploy in the analysis of field research.

by rkrbaccord94f

4/1/2026 at 9:17:22 AM

The article is written by the people who created jail.run [0]

Ten years in with Docker and Linux containers I felt something was very wrong so I looked at how Solaris and FreeBSD were doing it and I saw the light (too).

I would agree with them: bringing the Dockerfile format to jails doesn't make any sense, unless you just want to attract curious Linux users.

Dockerfiles are useful and familiar but are also an abomination.

What we need is solid way to do configuration management. I guess this is what they are trying to do with their own configuration system [1] but I am not sold on it yet.

Anyway those people are doing some good work !

- [0] https://jail.run/

- [1] https://jail.run/reference/jail-config/

by sunshine-o

4/1/2026 at 5:57:39 PM

If said system also targets Linux then that would be cool. Otherwise we just get another new way to do something on one OS and doesn’t at all help bridge the gap.

by sharts

4/1/2026 at 9:44:34 AM

Would Daemonless[0] solve this problem, or is it at least a step in the right direction?

[0] https://daemonless.io/

by xinayder

4/1/2026 at 10:34:25 AM

Daemonless is a bit the linuxserver.io of FreeBSD to me. It is a collection of standardized images.

Behind each image you have a Containerfile [0] and a compose.yaml [1] And inside the Containerfile for Gitea you simply have a `RUN pkg install -y gitea` [2], so basically here it is the good old FreeBSD Gitea port [3]

I guess this is really a Linux/Docker users friendly wrapper on the 30 years old FreeBSD ecosystem?

When I came from Linux to FreeBSD, Gitea was one of the first service I ran in a jail to learn how it all works. What I was happy to discover is I just need to do `pkg -j mygiteajail install gitea` to install Gitea in the jail with all the rc scripts, etc.

The jail abstraction was just one option (`-y`) in pkg ! This is really the beauty of the all integrated FreeBSD. So to be honest the Daemonless have, in some case at least, made everything more complicated in my view...

- [0] https://github.com/daemonless/gitea/blob/main/Containerfile....

- [1] https://github.com/daemonless/gitea/blob/main/compose.yaml

- [2] https://github.com/daemonless/gitea/blob/9bb9151d31ae6574e5f...

- [3] https://cgit.freebsd.org/ports/tree/www/gitea

by sunshine-o

4/1/2026 at 12:23:19 PM

Some time ago I entertained the idea of a Terraform provider for jails. There's no API tho, but that's fixable.

by nesarkvechnep

3/31/2026 at 11:18:11 PM

The main drawback I saw on jails is that they are FreeBSD. The owner doesn’t mention, and I have not researched it, but can you run any Linux distribution in a FreeBSD jail?

by davidcollantes

3/31/2026 at 11:52:58 PM

FreeBSD has supported Linux emulation for a long time (https://docs.freebsd.org/en/books/handbook/linuxemu/). The emulation is at the syscall level but enough to run most apps.

by dgl

3/31/2026 at 11:54:31 PM

There is a significant investment in a linux compatible system call layer, and a linux compatible runtime link library suite.

It isn't a complete answer, but the position as I understand it (haven't had to care for a long time) is that a LOT of linux binaries can work.

by ggm

3/31/2026 at 11:44:41 PM

I believe you are asking about bhyve for running Linux on FreeBSD. Jails are for software isolation.

by assimpleaspossi

4/1/2026 at 3:10:06 AM

> can you run any Linux distribution in a FreeBSD jail

-ish. There's a compatibility layer that works at the libc level but not the syscall level. In practice anything open source that works in emulation almost certainly has a FreeBSD version and anything proprietary that actually needs Linux will work better in a VM.

by bandrami

4/1/2026 at 9:55:25 AM

If you mean an isolated linux instance _including a linux kernel_, that would be provided by a virtual machine running under the bhyve hypervisor on freebsd (https://docs.freebsd.org/en/books/handbook/virtualization/#v...). You probably could frankenkludge something like linux-userland-on-a-frebsd-kernel using jails but that certainly seems like the path less traveled, haha. :)

by volkadav

4/1/2026 at 7:57:03 AM

I would not worry about running a distro. Most things are similar, there are some minor differences between the GNU applications and the FreeBSD alternatives. But for most people there is nothing to worry about. Most applications runs fine on BSD. Bind, PowerDNS, Java Applications, PostgreSQL, Python, rsync and many more. Getting PyTorch to work with Nvidia and Cuda is most likely another story.

My main culprit with FreeBSD is that upgrading the kernel is not a simple dnf update command. But its still easier than upgrading RHEL from 9 to 10.

by olavgg

4/1/2026 at 2:53:42 AM

If I understand the question correctly: You want to run a Linux distribution like (say) Debian in a FreeBSD jail? With the Linux kernel and all?

by ssl-3

4/1/2026 at 8:55:07 AM

Yes what is confusing is it might be simpler than one might think.

To run a Linux distribution in jail you need 2 things:

- Enable "Linux Binary Compatibility"

- copy your Linux distribution base filesystem in the chroot or just pick on that is packaged in FreeBSD and do 'pkg install' (Rocky and Ubuntu if I remember correctly)

But you might not even need to "Run a Linux distribution". Just enabling "Linux Binary Compatibility" and executing the binary often works fine if it doesn't depends on a bunch of libraries.

It is really that simple.

by sunshine-o

4/1/2026 at 4:48:11 AM

Failed to verify your browser

Code 11

by NooneAtAll3

3/27/2026 at 7:07:09 PM

I would like to explore the interoperability/compatibility limits of LXC and OCI support in FreeBSD 15. Both with FreeBSD as an OCI container and Linux OCI containers within FreeBSD.

by evanjrowley

3/31/2026 at 10:31:39 PM

I would like to explore the interoperability/compatibility limits of Jails support in Linux.

by assimpleaspossi

4/1/2026 at 10:05:02 AM

Our report concludes SQL as "mostly" inept, pivoting to the following:

Identification of C++ develeopers

Compilation of C++ code into Python

Recursive .py scripts that are sector-enframings of the general "neural" framework deployment.

[1]:https://malus.sh/blog.html

by rkrbaccord94f