Your program don't see what else is running on the system. Also means that it removes possible conflicts for shared libraries and other system-wide dependencies.

This kind of isolation is not only good for app bundling as a developer, but even more important as an operator in a multi-tenant scenario. You throw in containers and they don't step on each other toes. Plus, system stay clean and it's easy to move things around.

Network namespace as in linux network namespace (http://man7.org/linux/man-pages/man8/ip-netns.8.html).

Each container has it's own IP stack.

Containers provide proper abstractions so you can then assemble all of this, pretty much like you use pipes on a unix shell.