"classic" Linux-like containers, and second, based on Hyper-V virtualization, more secure, and with slightly more overhead.
Google have internally used similar technology with Linux, and now have released this as open source tool "gVisor". Such technology, when done right, can significantly reduce need for using virtual machines. In fact Google is internally not using virtual machines, only containers.
Google Cloud Platform Blog: Open-sourcing gVisor, a sandboxed container runtime
google/gvisor: Container Runtime Sandbox
"gVisor is a user-space kernel, written in Go, that implements a substantial portion of the Linux system surface. It includes an Open Container Initiative (OCI) runtime called runsc that provides an isolation boundary between the application and the host kernel. The runsc runtime integrates with Docker and Kubernetes, making it simple to run sandboxed containers.
gVisor takes a distinct approach to container sandboxing and makes a different set of technical trade-offs compared to existing sandbox technologies, thus providing new tools and ideas for the container security landscape.
gVisor is a user-space kernel for containers. It limits the host kernel surface accessible to the application while still giving the application access to all the features it expects. Unlike most kernels, gVisor does not assume or require a fixed set of physical resources; instead, it leverages existing host kernel functionality and runs as a normal user-space process. In other words, gVisor implements Linux by way of Linux."
gVisor Demo - a new open source sandboxed container runtime - YouTube
Open Sourcing gVisor, a Sandboxed Container Runtime - YouTube
Container Isolation at Scale (Introducing gVisor) - Dawn Chen & Zhengyu He, Google - YouTube
Google open sources gVisor, a sandboxed container runtime | TechCrunch
Google Launches gVisor, an Open Source Sandboxed Container Runtime - The New Stack
Interview: Google gVisor and the Challenge of Securing Multitenant Containers - The New Stack
KubeCon + CloudNativeCon Europe 2018 - May 2-4
CNCF [Cloud Native Computing Foundation] - YouTube - YouTube
gVisor is written in GoLang, as most of other container related tools. Info from podcast:
Go Time #79: New Go branding strategy | News and podcasts for developers | Changelog