One way to understand threads, process, containers, and VMs is to look at what each level of abstraction provides for isolation.
| Â abstraction | stack & instructions | heap | process IDs,
filesystemn & network namespace |
kernel |
| thread | isolated | shared | shared | shared |
| process | isolated | isolated | shared | shared |
| container | isolated | isolated | isolated | shared |
| Virtual Machine | isolated | isolated | isolated | isolated |
I think of this as a hierarchy.
- A Process is a thread, but one that also provides heap isolation.
- A container is a process, but ont that also isolated the pid, network, and filesystem namespaces
- A virtual machine is a process that, beyond the isolation provided by a container, provides a completely different Kernel instace.