Current LXC uses the following kernel features to contain processes:
- Kernel namespaces (ipc, uts, mount, pid, network and user)
- Apparmor and SELinux profiles (eBPF stuff)
- Seccomp policies
- Chroots (using pivot_root)
- Kernel capabilities
- CGroups (control groups)