If you don't want to use the base system (which docker is NOT the base system on Linux) then Bastille offers a pretty much identical workflow to docker, but built on FreeBSD jails: https://github.com/BastilleBSD/bastille

> I don’t know why i keep hearing about jails being better

Jails have a significantly better track record in terms of security.

I can delegate a ZFS dataset to a jail to let the jail manage it.

Do Linux containers have an equivalent to VNET jails yet? With VNET jails I can give the jail its own whole networking stack, so they can run their own firewall and dhcp their own address and everything.

Sorry what? It's a 5 line configuration file to create a FreeBSD jail.