A container is an isolated, packaged runtime environment for an application and its dependencies, running on a host kernel but with its own view of the filesystem, processes, network, and users. Unlike a virtual machine, a container does not include its own kernel—it shares the host's, and relies on kernel features (namespaces, cgroups, seccomp, capabilities) for isolation. This makes containers dramatically lighter than VMs, starting in milliseconds and adding negligible overhead.
Container technology predates Docker by years (Solaris Zones, FreeBSD jails, Linux-VServer, LXC), but it was Docker's 2013 user-friendly tooling and the OCI standards that followed which made containers mainstream. Today, container technology underlies Kubernetes, CI/CD pipelines, cloud deployments, and local development workflows across virtually every industry.
docker run -it ubuntu:22.04 bash
podman run -it --rm alpine:latest sh
docker ps # list running containers
docker images # list downloaded images
A container is created from an image: a read-only snapshot of a filesystem plus metadata about how to run it (default command, environment variables, exposed ports). Multiple containers can be started from the same image, each getting a writable layer on top. This layered model is efficient and composable.
Related terms: Docker, Container Image, Linux Namespace, cgroup, Kubernetes
Discussed in:
- Chapter 17: Containers and Virtualisation — Why Containers Won
Also defined in: Textbook of Linux