One way to understand threads, process, containers, and VMs is to look at what each level of abstraction provides for isolation.
|abstraction||stack & instructions||heap||process IDs,
I think of this as a hierarchy.
- A Process is a thread, but one that also provides heap isolation.
- A container is a process, but ont that also isolated the pid, network, and filesystem namespaces
- A virtual machine is a process that, beyond the isolation provided by a container, provides a completely different Kernel instace.