[cbanek]

Shared libraries are just one part of it. Containers also have their own filesystem for handling things like configuration files, data files, helper binaries, etc. Being self-contained, you don't need to worry about namespace conflicts running multiple of these at the same time on the same machine. If you were doing processes, you'd have to specify different command lines, different paths, etc. With docker, you run multiple containers. Same for network ports - containers are on their own isolated network port space and network bridge.

[wandering-human]

Okay that make sense if you run multiple of a program on a single machine. Although, If I knew that was use case I could ensure any program I right would not conflict with its self.

Is it mainly used for existing applications? I am not sure what the benefits of isolation like this would be?

[cbanek]

Well you also can't be sure that they aren't running some other program that is conflicting with you - for example a lot of servers run on port 8080, or 8000, or 5555.

You can also just code in your sane default config and not have to worry about that.

Also let's say you're running two different applications, and they use conflicting versions of some library or binary (like python versions). Docker is like one step of virtualization above virtualenvs, but below virtual machines (since you're sharing the same kernel).

The benefits are subtle, but there's quite a few. For example, it allows for applications to easily move from one machine to another without complex deployments. This is exactly how kubernetes works - with containers. Otherwise you'd need something like puppet or ansible to do the installs before you move apps around, and clean up after themselves.

The other thing is cleaning things up - you just delete the container, you don't have to worry about uninstalling dependencies or cleaning up after yourself. You're just isolated. But the isolation is lighter than a virtual machine, allowing you to pack more containers than VMs on a host.