The whole story is somewhat long and complicated - I think it was roughly openvz (patch-set, out-of-tree for Linux "jails" > lxc > [docker enters the picture] > as more features for isolation are merged in mainline (namespaces ++) it means docker is no longer based on the same subset of features that the lxc project uses.
I'm sure someone will chime in with an updated family tree of Linux chroots, capability frameworks and process isolation features.
[ed: i believe one source of confusion is that docker started with (userspace part of) lxc as its only driver, and now docker-the-binary makes system calls directly, and avoids lxc-the-userspace-toolset - but they employ a mish-mash of kernel features, many-of came from the lxc project (on the kernel side)?]
I'm sure someone will chime in with an updated family tree of Linux chroots, capability frameworks and process isolation features.
[ed: i believe one source of confusion is that docker started with (userspace part of) lxc as its only driver, and now docker-the-binary makes system calls directly, and avoids lxc-the-userspace-toolset - but they employ a mish-mash of kernel features, many-of came from the lxc project (on the kernel side)?]