[danjc]

It's beyond an equivalent to a Docker container because it includes kernel isolation. This is a security distinction that isn't well understood.

[kritr]

At least on Windows, Hyper-V isolated containers are also a supported feature, which should also ensure kernel isolation. I assume Kata containers or any other virtualization backed solution would give you similar guarantees.

[vetinari]

It is a different thing.

They point of containers is that they do share the same kernel, and that each container is just a different namespace.

If each entity has a different kernel, they are VMs. VMs can be also pretty thin and have shared immutable store for their base image, but they are not containers anymore. Similarly, Xen DOM-Us are also VMs.