And yet the OS you’re using doesn’t support it.

It would, but Docker doesn’t support it. I’m not sure how this means that the OS was worse.

Sorry, I didn’t realise that these are FreeBSD-specific

They are, including its descendants (that includes the FreeBSD 4.8 fork DragonFly BSD).

Deployment.

How is “run this black box of arbitrary software, requiring a kernel module and numerous services” a superior deployment than tar xf application.tgz? Just because people do it, people could still do the wrong thing. Not every website is Facebook.

Sorry for the incorrect information.

No problem. I was genuinely curious.

Sure, Docker has had a few issues, but overall it’s more secure to run your apps in Docker containers.

Docker imposes additional attack vectors to the underlying system, a (for example) backdoored PHP application running inside an OpenBSD chroot (OpenBSD runs its built-in web server inside chroot by default, so web applications can never reach anything outside the web folder anyway) does not, if I understand you correctly. I know that you consider the 1979 technology chroot to be not modern, but I wonder which security feature is missing.

Since Dockers containers are immutable and all the actual data is stored elsewhere, it’s always safe to delete the container and replace it with a patched version.

What if nobody maintains the container anymore, although the software itself is still maintained?