Namespaces in Linux derive from the Plan 9 operating system (the successor research project to Unix). It's a lightweight form of partitioning resources as seen by processes, so that they may, for example, have their own view of filesystem mounts or even the process table. This is not primarily a security feature, but is useful for implementing security. One example is where each process can be launched with its own, private /tmp directory, invisible to other processes, and which works seamlessly with existing application code, to eliminate an entire class of security threats.
The potential security applications are diverse. Linux Namespaces have been used to help implement multi-level security, where files are labeled with security classifications, and potentially entirely hidden from users without an appropriate security clearance.
On many systems, namespaces are configured via Pluggable Authentication Modules (PAM)--see the pam_namespace(8) man page.
---
When you use FreeBSD, you will find that you do not have /proc, and you do not have /sys . You only have /dev populated by devd and that's it.
And if you have a jail and use the default dev.rules, you may find only pseudo devices as /dev/zero and /dev/null, that's it.
You may have, furthermore, securelevel - see security(7): http://www.freebsd.org/cgi/man.cgi?query=security&sektion=7&apropos=0&manpath=FreeBSD+10.2-RELEASE
It is easy to use chflags(1) to harden a system so the /bin, /usr etc. directories (and files) are immutable.
(BTW: You can get around the patching issue inside jails with templates spinning up new jails when needed, if you configure them to replace the running instance).
These methods seem to me much simpler then the SELinux and all the systemd, udev, /proc, /sys, SELinux, dbus/polkit/hald.. "magic".
These much more complex approaches all scream "Just trust me, I have 2500 rules and they are all written well",
and they are, in real life, commonly ignored by administrators as well as providers of proprietary software.
Yes, security feels a lot like an afterthought of the "Linux environment".
Note, the tools above are there for many years, while the container security(e.g.) is still a lingering issue under Linux.
BTW: I am aware that I am not restricting myself to the Linux kernel only.
Also: FreeBSD is not the only *BSD environment, there is NetBSD, OpenBSD, DrangonFlyBSD, NextBSD - I mention FreeBSD because I chose it for a number of reasons a while ago and now best. But it does not ay, it is the only "cool BSD". Others are definitly worth checking out:-)
Russell asked me a while ago about a BSD talk. Apologies, life and work were in the way in many ways and my progress is "at glacial speed as OpenBSD" as the saying goes but I have a new toy (a dedicated server), am about polishing my older scripts to speed up deployments, and happy to talk about it (and others) in the not to distant future. I am accompany my activities with notes at the moment.
Regards
Peter