Peter Ross <Peter.Ross@bogen.in-berlin.de> writes:
Linux containers are not that new either [...] It just feels more like an "add-on".. You may use your SE Linux wizardry to increase security if you don't trust it enough.
I'm not sure where you get that impression. AFAICT, there was OpenVZ, maintained as a third-party fork of linux because it changed lots of little bits all over the shop, and it did a few pragmatic hacks to solve problems. Then there was LXC, which is basically where OpenVZ work is cleaned up and integrated back into the mainline kernel, and becomes a first-class part of the kernel like sysfs or the tcp stack or whatever. Incidentally, I was talking to an fbsd user a while back and he gave me the impression that lxc "containerized" more resources than fbsd jails -- I forget which ones, though.