A mechanism that is used to isolate applications from each other within the context of a running operating system instance. In much the same way that a logical partition (LPAR) provides segmentation of system resources in mainframes, a computing environment employing containers segments and isolates the underlying system services so that they are logically sequestered from each other.