> Has anyone done research on whether Illumos zones or FreeBSD jails really provide better security than Linux containers?
This is an ever changing property of both systems, and a little bit subjective, so a study is both difficult and outdated as soon as it's done.
What we can do is look at the number of published vulnerabilities over a timeframe, and compare the overall system designs and development philosophies. I don't know of a comparison of the numbers of vulnerabilities, but for a bit of history and why I would personally trust zones over containers I previously wrote this comment.
Your comment really speaks to the different philosophy of Linux vs FreeBSD.
FreeBSD is very much a single system - the kernel and userland are designed and built together. Linux, on the other hand, is a kernel which has multiple different userlands made up of different pieces that distributions pick and choose. Ubuntu, for example, is quite different from OpenSUSE, which is quite different from CentOS, but they're all still Linux.
Linux only being a kernel versus BSD a OS makes it easier to leverage with Android, ChromeOS, etc. Google uses the Linux kernel everywhere. From CC to Google home and wifi, etc. But then also their cloud
This is an ever changing property of both systems, and a little bit subjective, so a study is both difficult and outdated as soon as it's done.
What we can do is look at the number of published vulnerabilities over a timeframe, and compare the overall system designs and development philosophies. I don't know of a comparison of the numbers of vulnerabilities, but for a bit of history and why I would personally trust zones over containers I previously wrote this comment.
https://news.ycombinator.com/item?id=15179858