[pmontra]

See the other replies and if you're on Linux run

  ps -ef

on the host and you'll see the processes in the containers too. That doesn't happen if those processes run in a VM.

[mkdirp]

This is by design. The kernel still runs the processes inside the container. If you namespace the user running `ps`, it will not be able to see the container processes. The only reason you're seeing them is because you're in the default (root?) namespace.

The container on the other hand cannot see the host's processes or other things. At least not without an exploit.