Docker Is Not a VM

Why containers aren’t virtual machines at all

One of the most common misconceptions about Docker is that it works like a tiny virtual machine. It doesn’t.

A virtual machine emulates an entire computer, complete with its own kernel, BIOS, and OS image. Docker, by contrast, doesn’t emulate anything. On Linux, it runs ordinary processes — only they’re wrapped with isolation features provided by the kernel:

Namespaces → isolate process IDs, networks, and filesystems.
cgroups → limit CPU and memory usage.
OverlayFS → stack filesystem layers so multiple images share common parts.

On Windows and macOS, Docker Desktop spins up a small Linux VM in the background, but even there, containers are just isolated Linux processes inside that VM.

So if you’re running Docker, you’re not spinning up a mini computer. You’re just running regular processes — fenced in by the Linux kernel.

Key Terms

Namespace
A Linux kernel feature that creates isolated views of resources like process IDs, networking, or filesystems.

cgroup (control group)
A Linux kernel mechanism for allocating and limiting system resources such as CPU, memory, and I/O for groups of processes.

OverlayFS
A union filesystem that stacks multiple read-only layers with a writable layer on top, creating the illusion of a single coherent filesystem.

Virtual Machine (VM)
A full software-emulated computer that runs its own kernel and operating system, independent of the host.