It can be MUCH more secure to run it in a jail; but IMHO that's not the point, but it could be.
There's also multiple types of security.
Running it in a jail allows you to do cool things, especially when coupled with ZFS.
This is about running & managing VM's.
Imagine you wanted to 'restore from day X', or restart each day with the same config (i.e. testing Windows boxes for exploits), or you wanted solid A/B tests and MS keeps installing updates and moving your goalposts, or some funky abandoned software only works if you have the calendar set to 1993, etc....)
You can do all of these things easily with JAILS + ZFS.
But IMHO the best reason to run something in a jail is to isolate services.
On my file-server right now I have the following running in different jails:
Plex
Windows10
WindowsXP
my Git server
my SAMBA server
DHCP
DNS/PiHole/ad-blocking
IRC server
Mumble server
4 different FAMP servers for friends & family
I like to isolate each jail into the task it'll be handling.
That how it stays organized in my mind.
ZFS send & receive + jails makes backups and restoring painless.
Interested. Now using LXD for the same setup more or less, but that needs the help of the host firewall with NAT forwards. Can you share or point to tutorials on having full network stacks in each jailed VM, that would be great.
There's also multiple types of security.
Running it in a jail allows you to do cool things, especially when coupled with ZFS. This is about running & managing VM's.
Imagine you wanted to 'restore from day X', or restart each day with the same config (i.e. testing Windows boxes for exploits), or you wanted solid A/B tests and MS keeps installing updates and moving your goalposts, or some funky abandoned software only works if you have the calendar set to 1993, etc....)
You can do all of these things easily with JAILS + ZFS.
But IMHO the best reason to run something in a jail is to isolate services.
On my file-server right now I have the following running in different jails:
Plex
Windows10
WindowsXP
my Git server
my SAMBA server
DHCP
DNS/PiHole/ad-blocking
IRC server
Mumble server
4 different FAMP servers for friends & family
I like to isolate each jail into the task it'll be handling. That how it stays organized in my mind.
ZFS send & receive + jails makes backups and restoring painless.