When I am talking with people and reading articles about containers, I hear definition that docker container is isolated one from another, as well as from host machine.
However I wanted to ask, what is exactly isolation level in that case, is it totally isolated from host machine or its OS, or there is some shared resources? If is totally isolated, so how it is so relatively small and lightweight?
A docker container uses the host operating system (kernel) and you can see inside the containers from the host perspective. Usually containers can not see the host processes nor other containers.
Think of container like an isolated application process running, not like a virtual machine.
@Thomas is right but I would like to expand his answer a bit.
A Docker container is just a process / service that runs directly on your machine. It is slightly different than a regular process because the Docker daemon along with the Linux kernel do a few things to ensure it runs in total isolation.
And as already mentioned by @Thomas they are not a virtual machines. For more in-depth (but short) read I recommend this article: Comparing Virtual Machines vs Docker Containers.
This is a community wiki answer posted to give more info regarding this topic.
Please let me know if that helped.
