It would be nice to have a doc that defines the basics of containers and how to do some basic process isolation in Linux. This should eventually become a detailed doc of how we handle isolating potential malicious user code from the machine.

Document should include resources to good articles/DockerCon/KubeCon videos that are helpful.

• document describes lower level container implementation
• document links to learning resources
• document includes how to use basic linux syscalls (i.e. unshare, pivot_root)