The boot2docker devs are running their build right now. The QA for that part is harder to automate (mac, windows, virtualbox etc). I think starting with the next release we'll need to pull in b2d builds as a gateway to the main release process to avoid this problem.
It's no longer supported. I use the standard Mac setup (boot2docker + Virtualbox) and it works quite well for me. It's my primary environment for developing Docker :)
It doesn't use Lxc (and hasn't for a while) but uses Cgroups and namespaces in a similar way to what Lxc does. This is even exposed as a library they call libcontainer.
Well, simplifying here, but Docker is more-or-less a fancy wrapper for LXC.
FreeBSD Jails do a lot more than just make applications portable -- they provide security and isolation between applications (like a super chroot). Jails can be used to safely provide application hosting for various clients while Docker should only be used for your applications (jails prevent clients from messing with the host system nor each other, while Docker applications can, making it not secure for a multiple-client hosted system -- but then again, it was not designed to do that).
So, no, it's not reasonable to want to "port" Docker to anything since Docker is it's own thing. It would be more reasonable to port docker to FreeBSD (it it weren't already) than to say to "port" it to a Jail, or request it operate like a Jail (unless you got those features into LXC first, which LXC isn't, and therefore it wont).
~
A better (but admittedly over-simplified) comparison would be Jails are closer to application virtualization and Docker is closer to application portability. Very different problems they are solving.
I don't think you are understanding what docker is doing.
Docker interfaces with the kernel to provide security and isolation via cgroups and namespaces. This is exactly what jails does, and is indeed on the list of things to be added. It's really a matter of someone taking the time to write the driver for it.
Docker also provides an image format and infrastructure for helping to make applications portable.
> I don't think you are understanding what docker is doing.
Seems like you actually are not understanding what docker is doing. Docker (and LXC for the matter) aren't about security -- they are about portability of the application and environment. Everything else is tertiary.
> It's really a matter of someone taking the time to write the driver for it.
It's a bit more complicated than that -- the two are different beasts with different goals.
> Docker also provides an image format and infrastructure for helping to make applications portable.
This is the main goal of Docker -- making applications and their environment portable.
> Docker interfaces with the kernel to provide security and isolation via cgroups and namespaces
Neither Cgroups nor Namspaces provide security in the same sense as a virtual machine or virtualized app (jails). Cgroups are about resources allocated from the host, and namespaces are about process isolation... but neither prevent different containers from interacting with each other nor the host. This is the security aspect - which Docker (and LXC) were not designed to provide. The problem they solve does not require it.
Use the right tool for the right job. If you are going to host a bunch of applications for different people -- go with virtualization, either via a hypervisor or jail. If you are going to deploy applications in an enterprise environment and need it to be consistent always, across all distros and version -- go with LXC/docker.
> I don't think you are understanding what docker is doing. Docker interfaces with the kernel to provide security and isolation via cgroups and namespaces.
If I were to nitpick I would say docker is doing none of those things. LXC is. Docker is just freeloading off LXC while providing almost no benefits.
I tried Docker, but quickly discovered it was a cumbersome interface on top of LXC, and if you wanted to get any real work done, you needed to manage LXC yourself anyway. So ... Why should I bother with Docker in the first place then?
Docker may be good enough for some people, but I feel LXC, which Docker is actually built on is getting no credit, when clearly they deserve 99% of it.
LXC and FreeBSD Jails are almost completely comparable[1]. LXC does indeed attempt to provide a security wrapper, in (very) roughly the same way jails do.
Indeed, dotcloud (ie, Docker before it was Docker) were using LXC as a security measure to isolate clients inside their PAAS (see pg 8 of [2])
It has long been speculated that it would be possible to port the Docker API to other container mechanisms.
Personally I don't think this should be a priority - I'd much prefer Docker put all their resources behind building the best experience possible on a single platform.
Nevertheless, asking about it is a valid question.
[1] http://en.wikipedia.org/wiki/LXC#Alternatives "LXC is similar to other OS-level virtualization technologies on Linux such as OpenVZ and Linux-VServer, as well as those on other operating systems such as FreeBSD jails, AIX Workload Partitions and Solaris Containers."