What is the performance hit like? How does it compare to FreeBSD jails?

Specifically, is there a primer on how it handles security?

> performance hit

Should be negligible.

> compare to *bsd jails

Similar in many respects.

> primer on security

Still a little sketchy, but see:

https://www.stgraber.org/2014/01/01/lxc-1-0-security-feature...

http://www.slideshare.net/jpetazzo/linux-containers-lxc-dock...

LXC uses the same kernel for all containers, so containers/hosts will always be vulnerable to buggy syscalls.