It would have been more interesting have they released something compatible with Open Container Initiative. Most people use Docker containers and having Docker compatible containers would have helped with improved adoption of BSDs.
It would have been more interesting have they released something compatible with Open Container Initiative. Most people use Docker containers and having Docker compatible containers would have helped with improved adoption of BSDs.
No thanks. I prefer my jails just the way they are and think Docker sucks.
The OCI work mentioned upthread is about interface, not implementation.
Most people who think "Docker sucks" are talking about it's somewhat questionable network layer on Linux and the poor security isolation of the daemon. Non-docker alternatives like Podman don't have that characteristic.
But no one (at least no one reasonable) thinks Dockerfile's building docker images for download from docker-compatible repositories are a bad thing. That stuff runs the world. And the FreeBSD refusal to make a real attempt at interoperability is a confusing wart on what otherwise is pretty good tech.
I believe it’s a “bad thing” and prefer my FreeBSD + jails setup and installing my packages using the FreeBSD package manager.
Docker sucks and only exists because after all these years, Linux STILL doesn’t have a great way to handle third party applications.
Unlike FreeBSD, which has both the excellent ports and package systems.
FWIW I am not married to FreeBSD. I use Arch Linux as well.
> Docker sucks and only exists because after all these years, Linux STILL doesn’t have a great way to handle third party applications.
That's... not at all a correct characterization of where Docker found its purchase or what it's used for. Easy containerization dead-to-rights solved the version hell problem of shipping software at scale from vendors and upstreams that can't agree on dependency management. That's not something you can fiat away with "excellent ports and package systems" unless you imagine a world where literally every tiny microservice or cloud backend gadget ends up as a port in a single tree.
Basically you're saying "Docker sucks because I don't do anything that needs containers for anything but security". Well... yeah. I guess it would seem that way.
No, but you can put them in independent jails.
You are fixating on security. I use jails to keep my softwares separated, for the identical reasons use docker. Except jails is both lighter and much more secure, and I believe, easier to configure.
I have used jails and I still say it is far easier to maintain, lighter and more secure that what Linux has. The only good thing I can say about docker is it is easier to setup.
Also the way I read the document, NetBSD's Jail is going to be very close to what FreeBSD does.
I’ve found Bastille really simple and great for creating and managing jails https://bastillebsd.org/
OCI is kinda layer above whatever solution is used for separation