Sure - lets have a discussion about differences between security of FreeBSD Jails and Linux Podman containers.

Isolation: With rootless Podman it seems to be on the same level as Jails - but only if You run Podman with SELinux or AppArmor enabled. Without SELinux/AppArmor the Jails offer better isolation. When you run Podman with SELinux/AppArmor and then you add MAC Framework (like mac_sebsd/mac_jail/mac_bsdextended/mac_portacl) the Jails are more isolated again.

Kernel Syscalls Surface: Even rootless Podman has 'full' syscall access unless blocked by seccomp (SELinux). Jails have restricted use of syscalls without any additional tools - and that can be also narrowed with MAC Framework on FreeBSD.

Firewall: You can not run firewall inside rootless Podman container. You can run entire network stack and any firewall like PF or IPFW independently from the host inside VNET Jail - which means more security.

TL;DR: FreeBSD Jails are generally more secure out-of-the-box compared to Podman containers and even more secure if you take the time to add additional layers of security.

> How battle-tested are FreeBSD Jails?

Jails are in production since 1999/2000 when they were introduced - so 25 years strong - very well battle tested.

Docker is with us since 2014 so that means about 10 years less - but we must compare to Podman ...

Rootless support for Podman first appeared late 2019 (1.6) so only less then 6 years to test.

That means Jails are the most battle tested of all of them.

Hope that helps.

Regards, vermaden

Linux containers are also fairly secure, even though that isn’t their explicit purpose. Container escape bugs are CVEs and are fixed immediately.

The line is just tribalism shade.