 a container is a couple of things. A container starts as a packaging format. This is the underrated side of a container. So we take an entire what looks like an operating system image, a whole system image, bundle it up into one file, one image format, and only put in there what is necessary to run whatever process that we're interested in running. So that's the first side of a container. The second side of the container is what you more typically think of. So this is a process running in Linux with boundaries around it. So we use Linux namespaces and use C groups to isolate that process or maybe a collection of processes from the rest of the system. So your process thinks it's PID-1, it gets its own networking, namespace, and other things like that, and it gets its own entire file system space, for example. So we start with that first side of the coin, that packaging format. We mount that using these kernel features and we end up with this process that's isolated. It feels like ownership of this whole system by itself, but at the end of the day, it's really just a process running on your Linux system. And you can go see it. You can run top, you can use PS with your favorite flags. You can see each of those container processes running on your system. Beautiful. That's a container.