Hacker News

FreeBSD now builds reproducibly and without root privilege

57 points by marcodiego ago | 15 comments

kevincox |next [-]

I'm curious why root was required. If I had to guess it was building some filesystem images where the in-kernel filesystem driver previously needed to be used?

frumplestlatz |root |parent [-]

“Building FreeBSD release artifacts no longer requires root access to create device files, set proper ownership, and mount file systems during the build process. ”

mikece |previous [-]

Now if only container support was ready it would be a viable option instead of Linux as the default base OS and container assumption.

vermaden |root |parent |next [-]

Container support is ready since year 2000 on FreeBSD while Linux needed to catch up the game and with Docker finally made it in 2013.

More here:

- https://vermaden.wordpress.com/2023/06/28/freebsd-jails-cont...

- https://vermaden.wordpress.com/2025/04/11/freebsd-jails-secu...

- https://vermaden.wordpress.com/2025/04/08/are-freebsd-jails-...

nesarkvechnep |root |parent [-]

You just don't want to accept that when people say containers, they don't mean jails or LXC...

piperswe |root |parent |next |previous [-]

Podman is available on FreeBSD...

mikece |root |parent [-]

Stable? I know it was in alpha a couple years ago.

doublerabbit |root |parent |next |previous [-]

> container support

you mean, docker? Everything you can do in docker, you can do with jails.

Jails can have Virtual Networks with their own interfaces, you can resource limit, host virtual machines and setup nested jails. As well run the Linux kernel. What more could you want?

nucleardog |root |parent |next [-]

> you mean, docker? Everything you can do in docker, you can do with jails.

Jails provide the same sort of primitive as cgroups et al wrapped up into the concept of an OCI container, yes. But lack the entire ecosystem of tooling and services that go around those.

Saying jails are a meaningful alternative to containers completely misses most of the ways in which people actually _use_ containers. The experience as-is is closer to a lightweight VM or LXC than what people associate with containers.

I say this as the kind of stubborn person that invested the time to spin up a cluster of FreeBSD machines running Hashicorp's nomad as a task orchestrator to manage running jails published to my "repository" across the cluster and recreate the general "container" experience. So my experience may be out-of-date, but this isn't from a place of ignorance or lack of love for FreeBSD, but from a place of "I've managed a colossal pile of bash scripts to recreate the container experience with jails and, no, for the average person it's not fair to call it the same thing.".

sundbry |root |parent |previous [-]

He means he wants to run FreeBSD inside the container environment, not as the host OS.

mikece |root |parent |next [-]

No, I'm talking about running FreeBSD on the metal and then running containers without a Linux VM to as the host for containerization.

doublerabbit |root |parent |previous [-]

The container environment has to sit on a kernel. Whether that being Linux or BSD; BSD has shown support where *nix has not.

crest |root |parent |previous [-]

Your ignorance is showing. Jails have been supported for a bit over 25 years.

etc-hosts |root |parent |next [-]

Current docker tooling is so much nicer than whatever I was messing around with in jails 16 years ago.

mikece |root |parent |previous [-]

Oh ffs... Jails is not Containers.

https://blog.jessfraz.com/post/containers-zones-jails-vms/