It works on slightly different layer (virtualisation, not process), but the threat model and capabilities are pretty much the same.