Jails build on top of chroot (which is also known on Linux) but do not only limit access to the file system but also other resources such as network or processes.
The FreeBSD handbook provides a good overview of the advantages and disadvantages of the different types of Jails. In short, the types are: Thick – Highest level of isolation, Thin – Reduced isolation, Service – No file system isolation.
Before we can create Jails, we need to enable them with “sysrc”.
It doesn’t matter where on disk you put the Jails, but it is recommend to create separate file systems for them.
The template for the new Jails is actually a ZFS snapshot.
All that needs to be done to create a new Jail is to clone this snapshot.
While it is recommended to manage a Jail from the host system, you can also jump into the Jail.
Pretty easy to setup and really lightweight.
In the next post we’ll build on this to create a simple PostgreSQL as a service platform.
FreeBSD has no native support for containers, but instead offers Jails, which provide isolation from the host system by limiting access to resources such as network, processes, and file system.