[marios]

The BSD jails / Solaris zones approach is not the same at the path taken by Linux. Linux gives you a facility to isolate network, a facility to isolate process views etc. You put them all together and you get a "container". The former starts off by having a container primitive that can't do much because, well, it's contained from everything. You then proceed to give it access to the network, the filesystem.

[takeda]

What do you mean? Isolating network and isolate processes view is what FreeBSD jail was always doing. The most common use of freebsd jails was providing VPS servers to users.

[marios]

No argument there. My point is that the default for FreeBSD jails is "isolate everything" and it's up to the user to open it up.

My post was in response to 'sayhello' that is wondering whether jails provide enough isolation.

[takeda]

I see, I misunderstood what you meant.