And FreeBSD Jails are still superior in the way they're a "first class citizen" in the kernel, vs. the "hacky" feel that Linux containers has.
I have no doubt that Linux containers are just as secure as FreeBSD Jails, but if the implementation and tooling is complex, there is a much higher risk of something being configured wrong.
And then there's the giant gorilla in the room, Docker, which probably has the best tooling of them all, and initially used Linux containers, but has since moved on to their own container implementation (runC, https://www.docker.com/blog/runc/).
I wouldn't be so hasty in saying that Jails implementation doesn't suffer either - there are dragons there too, it wasn't all just designed and written in one go, there are layers upon layers and it is not all pink and unicorns as it perhaps initially was ;)
RunC isn't "their own implementation" but rather an OCI (Open Containers Initiative) standard that world seems to be adopting and I wish FreeBSD Jails would be a part of it.
Jails has their share of problems, all i was saying is that when the tooling and implementation is complex, the risk of doing "something wrong" is bigger. ;)
I have no doubt that Linux containers are just as secure as FreeBSD Jails, but if the implementation and tooling is complex, there is a much higher risk of something being configured wrong.
And then there's the giant gorilla in the room, Docker, which probably has the best tooling of them all, and initially used Linux containers, but has since moved on to their own container implementation (runC, https://www.docker.com/blog/runc/).