Thanks for pointing out virt-sandbox. I wasn't aware of it until now; it looks pretty interesting. Unfortunately the apps I would most like to sandbox, like pdf readers, don't seem likely to work with this approach, since it precludes interaction with X windows.
virt-sandbox does not seem to be available on my Linux distribution (SuSE), so, at least for me, it trivially can't replace jails :) On a more serious note, though, jails seem more appropriate for sandboxing daemon processes than for running one-off commands. I don't think virt-sandbox was designed for this role. In that sense, SELinux is more of a replacement for jails than virt-sandbox.
FYI: virt sandbox created containers are automatically locked down via SELinux[1] so you get the best of both worlds. I do not believe FBSD has a similar information assurance feature akin to SELinux.
Thanks for pointing out virt-sandbox. I wasn't aware of it until now; it looks pretty interesting. Unfortunately the apps I would most like to sandbox, like pdf readers, don't seem likely to work with this approach, since it precludes interaction with X windows.
virt-sandbox does not seem to be available on my Linux distribution (SuSE), so, at least for me, it trivially can't replace jails :) On a more serious note, though, jails seem more appropriate for sandboxing daemon processes than for running one-off commands. I don't think virt-sandbox was designed for this role. In that sense, SELinux is more of a replacement for jails than virt-sandbox.