A Linux container is made up of several building blocks, the two most important of which are namespaces and control groups (cgroups). Both of these are Linux kernel features. Namespaces provide logical partitions of certain kinds of system resources, such as the mounting point (mnt), the process ID (PID), and the network (net). To further understand the concept of isolation, let's look at some simple examples on the pid namespace. The following examples are from Ubuntu 18.04.1 and util-linux 2.31.1.
When we type ps axf in our Terminal, we'll see a long list of running processes:
$ ps axf PID TTY STAT TIME COMMAND 2 ? S 0:00 [kthreadd] 4 ? I< 0:00 \_ [kworker/0:0H] 5 ? I 0:00 \_ [kworker/u2:0] 6 ? I< 0:00 \_ [mm_percpu_wq] ...