FreeBSD features

More than a file system, ZFS is fundamentally different from traditional file systems. Combining the traditionally separate roles of software RAID, volume manager and file system provides ZFS with unique advantages.

ZFS has three main design goals:

A ZFS boot environment is a bootable clone/snapshot of specially preselected parts of a system.

Use cases include:

Jails originated with FreeBSD 4.X.

They build upon chroot(8), which changes the root directory. This creates a safe environment, separate from the rest of the system. Processes created in a jailed environment can not access files or resources outside of it.

Jails improve upon chroot in several ways. In a traditional chroot environment, processes are limited to a part of the file system. The rest of the system resources, system users, running processes, and the networking subsystem are shared by the chrooted processes and the processes of the host system. Jails further restrict access to the file system, the set of users, and the networking subsystem. Finer-grained access controls are available.

More than 30,000 applications and libraries are ported to FreeBSD. The architecture allows easy customization of compile time options of many of the ports.

bhyve: a BSD licensed, legacy-free hypervisor that runs all supported versions of FreeBSD, as well as other operating systems that support UEFI, including but not limited to OpenBSD, Windows® and Linux®, with the use of bhyve-firmware.

Linux binary compatibility, commonly referred to as Linuxulator, allows FreeBSD to run many unmodified Linux binaries. It does not involve virtual machines or emulation; instead, it provides the binaries with kernel interfaces identical to those provided by a real Linux kernel. Linuxulator is comparable to 32-bit FreeBSD binaries running on a 64-bit FreeBSD kernel.

DTrace, also known as Dynamic Tracing, was developed by Sun Microsystems™ to locate performance bottlenecks in production and pre-production systems. In addition, DTrace can help to investigate and debug unexpected behaviors in the kernel and in userland.

DTrace has an impressive array of features. It’s scriptable. Developers can use the DTrace D Language to create utilities for custom profiling.

The FreeBSD implementation provides full support for kernel DTrace and experimental support for userland DTrace. Userland DTrace allows users to perform function boundary tracing for userland programs using the pid provider, and to insert static probes into userland programs for later tracing.

Capsicum allows sandboxing of several programs that work within the "capabilities mode", such as:

VNET virtualizes the network stack. The basic idea is to change global resources most notably variables into per network stack resources and have functions, sysctls, eventhandlers, etc. access and handle them in the context of the correct instance. Each (virtual) network stack is attached to a prison, with vnet0 being the un-restricted default network stack of the base system. VIMAGE facilities can be used independently to create fully virtualized network topologies, and jail(8) can directly benefit from a fully virtualized network stack.