From a high-level point of view, containers look like lightweight virtual machines. You can install whatever you want in a container, independently from (and without affecting!) other containers or the host environment. Each container has its own network stack, process (PID) space, file system, etc. And their footprint is significantly smaller than VMs: containers start faster, and they require less memory and disk space. This is because from a low-level point of view, containers are just regular processes on the host machine, using kernel features like namespaces and control groups to provide the isolation. Starting a container is just starting a regular UNIX process; creating a container is just cloning a snapshot of a copy-on-write filesystem (which is extremely cheap nowadays, both in time and disk usage).