Wheezy
A complete Debian GNU/kFreeBSD system should work within a jail, on a GNU/kFreeBSD or regular FreeBSD host system, with a few limitations.
Jails work a lot like Linux OpenVZ. On the host you can see all process running in all jails. Within a jail, you can only see processes that are running in that jail.
Limitations
Be aware that some files in /proc or /sys, such as /proc/mounts, are not partitioned per jail, and this may leak some (read-only) information about the host, or other guests' mountpoints.
Some features such as sysvipc are not namespaced for individual jails, so for security reasons they are disabled by default. As a result of this postgresql-server will not normally work in a jail.
The raw_sockets feature is normally disabled, to prevent IP spoofing from inside the jail. The ping tool will not work properly as a result.
Starting or stopping a jail
Assuming a debootstrap'd installation already exists in /srv/jail/$JID/, here is an example of how to start it up in a jail:
JID=101 # Linux-like /proc and /sys filesystems mount -t linprocfs linprocfs /srv/jail/$JID/proc mount -t linsysfs linsysfs /srv/jail/$JID/sys # Ramdisk required for /run mount -t tmpfs tmpfs /srv/jail/$JID/run # A restricted, read-only /dev filesystem mount -t devfs devfs /srv/jail/$JID/dev # Compatibility symlink from /dev/shm to /run/shm ln -s /run/shm /srv/jail/$JID/dev/ # Optionally enable networking HOSTNAME=jail$JID.example.com # The IP address must be assigned to an interface on the host IP=10.1.0.$JID mkdir -p /var/run/jail jail -J /var/run/jail/$JID.jid -c jid=$JID \ name=jail$JID \ path=/srv/jail/$JID \ host.hostname=$HOSTNAME \ ip4.addr=$IP \ command=/bin/sh -- "/etc/init.d/rc S && /etc/init.d/rc 2"
If openssh-server is installed within the jail, you should be able to SSH into it like a virtual private server.
The devd package may be removed as it will typically not work in a jail.
jls (to list running jails) is not available yet.
jexec is not available yet, but you can probably get by with jail -m jid=$JID command=/bin/bash
A jail stops 'running' when all processes within it exit. (Within the jail, /etc/init.d/rc 0 ; exec kill -1 might be a way to force a shutdown?)
Squeeze
The libjail package was not distributed with Squeeze.