Comment by nyrikki

Jails were explicitly designed for security, cgroups were more generalized as more about resource control, and leverages namespaces, capabilities, apparmor/SELinux to accomplish what they do.

> Jails create a safe environment independent from the rest of the system. Processes created in this environment cannot access files or resources outside of it.[1]

While you can accomplish similar tasks, they are not equivalent.

Assume Linux containers are jails, and you will have security problems. And on the flip side, k8s pods share UTM,IPC, Network namespaces, yet have independent PID and FS namespaces.

Depending on your use case they may be roughly equivalent, but they are fundamentally different approaches.

[1] https://freebsdfoundation.org/freebsd-project/resources/intr...