One thing I find so valuable about jails is the ability to jail a single command with no other userland than what that binary requires.
Here's an example from my personal name server:
/usr/sbin/jail /jails/www www 10.10.10.36 /lighttpd -f conf/lighttpd.conf
... and although this jail has a lot of content files in it, the actual UNIX userland is only what is required to run 'lighttpd': # find /jails/www/usr | wc -l
43
So it's an extremely lightweight environment with very little attack surface.You can also share a lightweight environment with multiple commands - here are two other jail commands:
/usr/sbin/jail /jails/dns ns1 10.10.10.30 /nsd/nsd -c /nsd/nsd.conf
/usr/sbin/jail /jails/dns dns 10.10.10.37 /unbound/unbound -c /unbound/unbound.conf
... see how both jailings of 'nsd' and 'unbound' point to the same '/jails/dns' userland ? Once again, that userland is very, very compact: # find /jails/dns/|wc -l
97
... so, 97 files total to run both name servers.No 'make world' necessary, no building and maintaining of a full FreeBSD system - just the lightest skeleton required for both 'nsd' and 'unbound'.
Totally feasible on Linux, btw.
Packaging an entire system is more about convenience than anything else. It's also pretty difficult to package just the libs one needs when you are dependent on libc and other C libs.
I suspect that if one was really ok with it, some tooling could be built to copy/link in system libs into the rootfs automatically from the host.
Exodus – relocation of Linux binaries–and all of their deps–without containers - https://github.com/intoli/exodus