Minecraft Server in FreeBSD Jails Container
24 comments
·April 5, 2025AceJohnny2
sneak
Linux containers are also fairly secure, even though that isn’t their explicit purpose. Container escape bugs are CVEs and are fixed immediately.
The line is just tribalism shade.
elwebmaster
It probably has its advantages but until the UX reaches what we get with “docker run” this technology will never achieve its potential. When developing we need to think not only about what is possible but also how people do things currently and how does that compare to what we are proposing in terms of ergonomics. How many commands to get from 0 to hero with incumbent solution? How many with proposed solution? You get the point.
Kimitri
I personally really like Bastille for jail management. It's way more ergonomic than creating jails by hand and allows you to focus on the stuff running in the jails rather than the jails themselves.
yjftsjthsd-h
I believe FreeBSD has podman running on top of jails now, so that should... exist? I mean, you can still run jails directly like this, but the days of `podman run` are either here or imminent.
benatkin
docker run is broken as of April 1, 2025
https://docs.docker.com/docker-hub/usage/
100 pulls per 6 hours. I think each base layer counts. Also may have troubles with ip4 reuse. It was bad enough they delayed it a month: https://www.theregister.com/2025/02/22/docker_hub_pull_limit... https://github.com/search?q=%22docker+pull%22+limit&type=iss...
Better to use podman and build your own containers from Containerfile/Dockerfile (your own or open source ones, there are a ton on GitHub/GitLab/Codeberg that you can build yourself) and base layers.
arcanemachiner
That's not "broken". Docker Inc. is just rate-limiting access to their service. A service which, for what it's worth, has been used to bootstrap the technology required to sustain a pile of money for a lot of people.
There are other container repositories, and as you said, you can build your own containers and run those.
benatkin
It's a dependency bottleneck that requires a pretty hefty amount of money ($9/mo) to get around
homebrewer
One can use Google as a proxy, it isn't rate limited afaik
https://cloud.google.com/artifact-registry/docs/pull-cached-...
null
gbraad
> Minecraft Server
Worthy to note here: Minecraft JAVA server. Not the Minecraft Bedrock server, which can run natively on Linux.
> but secure instead
Can you provide proof? It feels like an empty statement.
areyourllySorry
? why can't the java server run natively on linux?
Its_Padar
I would presume they are talking about how Java is executed by the Java language's Java VM while Bedrock is compiled C++ code?
Thaxll
Jail are not more secure than Linux containers.
UI_at_80x24
You will need to back that claim up with a long list of facts.
homebrewer
The article backed that claim with zero facts, the GP responded in kind. This seems to be pretty fair.
ggm-at-algebras
Not to be picky, but they could be on a par. There doesn't have to be a massive difference in this regard. Jails are well established, and well understood. I prefer BSD solutions and I run jails and Linux kvm.
beardedwizard
Jails have been around longer, but I'm not sure how much it really matters. Jails and containers both share the kernel across workloads. A kernel exploit is generally accepted as the barrier to break out (and of course implementation bugs). VMs don't share kernels across workloads, but do share a hypervisor which can also have breakout bugs. Both jails and containers depend on the kernel to be bug free.
VMs (depending on hypervisor) are easier to secure by default, you can't easily forget an overlay fs, or make other mistakes that expose some part of the host to containers.
DaSHacka
Wow, you sure convinced me
TaurenHunter
Why is the container jailed by the Minecraft server? How can something called Free BSD have a jail?
null
> This is kinda like Docker/Podman thing on Linux – but secure instead.
How true is this? I know jails have been around longer than Linux containers, which are explicitly not designed as "secure" isolation (which is why people like fly.io use VMs instead).
How battle-tested are FreeBSD jails?
In particular, I note we're talking FreeBSD, not OpenBSD, which is the one that's all about security.