← Back to Blog

January 22, 2026 · Comparison

Lochs vs Docker: What's Actually Different?

Lochs and Docker solve overlapping problems with fundamentally different architectures. Here's an honest comparison — including where Docker is better.

Architecture

Docker uses Linux namespaces and cgroups directly. The container runtime (containerd/runc) sets up isolation using native kernel primitives. Linux binaries run on a Linux kernel with no translation layer.

Lochs runs FreeBSD binaries on a Linux kernel through BSDulator's ptrace-based syscall translation. Every system call is intercepted, translated from FreeBSD's ABI to Linux's, and executed. Jail isolation uses Linux namespaces under the hood, but the interface exposed to FreeBSD binaries is the native jail(2) API.

Where Lochs Has an Edge

Security model: FreeBSD jails with VNET provide stronger default isolation than Docker containers. The jail security boundary is more mature and battle-tested (since 2000).

FreeBSD software: If you want to run FreeBSD packages (from the ports collection or pkg) on Linux infrastructure, Lochs is the only option short of a full VM.

Where Docker is Better

Performance: Docker has zero syscall translation overhead. Lochs intercepts every syscall via ptrace, which adds latency. For most workloads this is negligible, but for syscall-heavy applications (high-frequency I/O, rapid process creation) it matters.

Ecosystem: Docker Hub has millions of images. Lochs has... a FreeBSD base image. The tooling ecosystem (Docker Compose, Kubernetes, CI/CD integrations) is vastly more mature.

Binary compatibility: Docker runs any Linux binary. Lochs can run a subset of FreeBSD binaries — the ones whose syscall patterns are covered by our translation layer. Complex applications that use obscure FreeBSD syscalls may not work yet.

Stability: Docker is production-grade software used by millions. Lochs is an alpha-stage project.

When to Use Which

Use Docker if you're running Linux software in production. Use Lochs if you specifically want FreeBSD jail semantics, need to run FreeBSD software on Linux hosts, or are interested in the intersection of FreeBSD and Linux containerization.

We're not trying to replace Docker. We're trying to bring FreeBSD's security model to places it couldn't go before.

← Why FreeBSD Jails Deserve a Second Look