In this article, we are going to talk about three characteristics of the Linux kernel: Namespaces, group control and UnionFS.
Namespace is responsible for isolating and virtualizing system resources for a process, so that each process has its own resource, such as its own IP address, hostname, and so on. The system resources that can be virtualized are: mount [mnt], process ID [PID], network [net], Interprocess Communication [IPC], hostnames [UTS], and users [User IDs].
Using Namespace, we can isolate one process from another. As a container is a kernel process, we can also use this feature to isolate a container from another.
Another important feature that can be used with containers is group control. It is used to limit and isolate user resources, such as CPU, memory, disk, network, etc. And with UnionFS we can superimpose two or more directories and implement layered containers.
For more details, you can check this video.