There are 2 isolation modes for windows containers:
- Process
- Hyper-V
In case of Hyper-V isolation mode everything is clear:
each container runs inside of a highly optimized virtual machine and effectively gets its own kernel. The presence of the virtual machine provides hardware-level isolation between each container as well as the container host.
In case process isolation mode docs says the next:
With process isolation, multiple container instances run concurrently on a given host with isolation provided through namespace, resource control, and other process isolation technologies.
Linux uses namespaces to achieve containers isolation and it is Linux feature.
So how containers isolation is achieved in Windows since Windows actually doesn't have alternative to Linux namespaces? Which isolation technologies are being used in Windows case?