No, it doesn't and this is where an initially "superior" technology (Jails existed years ago, I was using them at least 15 years back in time) gets overrun by "inferior" tech (Linux containers), because the latter gets a user oriented tooling, packaging and so on (no flame war intended at all). Now the Linux container is much more "superior" as it catch'd up and exceeded Jails in many areas, especially user oriented readiness and integration.
And FreeBSD Jails are still superior in the way they're a "first class citizen" in the kernel, vs. the "hacky" feel that Linux containers has.
I have no doubt that Linux containers are just as secure as FreeBSD Jails, but if the implementation and tooling is complex, there is a much higher risk of something being configured wrong.
And then there's the giant gorilla in the room, Docker, which probably has the best tooling of them all, and initially used Linux containers, but has since moved on to their own container implementation (runC, https://www.docker.com/blog/runc/).
I wouldn't be so hasty in saying that Jails implementation doesn't suffer either - there are dragons there too, it wasn't all just designed and written in one go, there are layers upon layers and it is not all pink and unicorns as it perhaps initially was ;)
RunC isn't "their own implementation" but rather an OCI (Open Containers Initiative) standard that world seems to be adopting and I wish FreeBSD Jails would be a part of it.
Jails has their share of problems, all i was saying is that when the tooling and implementation is complex, the risk of doing "something wrong" is bigger. ;)
I really like how jails get stuff like their own IP address and more. Indeed it seems like the underlying tech is superior. But your point is on target too, the tooling has brought the dev experience to the front with docker.
