A technical description of a Linux container is a sandboxed process or processes isolated on a VM or bare-metal server.

These processes are isolated using the tried and tested mechanisms of Linux Namespacing, CGroups, and SELinux contexts. A good way of imagining a container is a way of packaging up applications or services. The container will only contain the files and libraries required for that application or service and will share the underlying components such as the kernel. The package of files and libraries is known as a container image.

• Density – Containers allow greater utilisation of infrastructure with multiple containers able to run on singular VMs or bare-metal servers.
• Portability – The immutable container image can run in any environment that has the required container engine. This enables a hybrid cloud strategy.
• Speed – A container image starts up very quickly, in most cases less than a second, as opposed to multiple minutes if not longer for a traditional system to boot up.
• DevSecOps Enabler – Building an immutable container image allows for developers to develop only the application/service specific code while having the security team scan the image to ensure its compliance. Then the container image can be run by the operations team who will only require knowledge on running containers rather than application specific knowledge, thus enabling DevSecOps practices.

• Understanding Linux containers by Red Hat.