Both containers and virtual machines provide ways of separating applications running on a host from the operating system itself. Understanding {op-system}, which is the operating system used by {product-title}, will help you see how the host systems protect containers and hosts from each other.
Additional resources