Containers allow a developer to package up an application with all of the parts it needs, such as libraries and other dependencies, and ship it all out as one package. And they are designed to make it easier to provide a consistent experience as developers and system administrators move code from development environments into production in a fast and replicable way.
In short, Linux containers, contain applications in a way that keep them isolated from the host system that they run on.
In a way, containers behave like a virtual machines. To the outside world, they can look like their own complete system. But unlike a virtual machine, rather than creating a whole virtual operating system, containers don’t need to replicate an entire operating system, only the individual components they need in order to operate. This gives a significant performance boost and reduces the size of the application. They also operate much faster, as unlike traditional virtualization the process is essentially running natively on its host, just with an additional layer of protection around it.
And importantly, many of the technologies powering container technology are open source. This means that they have a wide community of contributors, helping to foster rapid development of a wide ecosystem of related projects fitting the needs of all sorts of different organizations, big and small.
Container add security by isolating applications from other applications on a host operating system, but simply containerizing an application isn’t enough to keep it secure.
the Docker open source project, a command line tool that made creating and working with containers easy for developers and sysadmins alike, similar to the way Vagrant made it easier for developers to explore virtual machines easily.
Containers provide an isolated view of the system resources to the applications. In order to provide this contained view to the applications, Containers use some of the kernel features called namespaces, cgroups and chroot to carve off a contained area. An end result is a virtual machine without the hypervisor. Containers are a smart method of attaining isolation and resource control.