A good follow on after this would be looking at the source code for bocker. It's a clone of large parts of docker, but in about 100 lines of bash.
You'll see references to nsenter, cgcreate, cgdelete, cgexec, and so on. It's helpful to see how docker is mostly a veneer over things that are already in Linux. Not discounting docker, but a lot of the actual value is in things like Docker Hub and Docker Desktop versus the runtime itself.
Absolutely, the "secret sauce" is in the tooling and workflows. Other OSs have great container tech underneath - illumos zones and FreeBSD jails - but without the ease of use and ease of moving around images, they're a lot less useful.
You'll see references to nsenter, cgcreate, cgdelete, cgexec, and so on. It's helpful to see how docker is mostly a veneer over things that are already in Linux. Not discounting docker, but a lot of the actual value is in things like Docker Hub and Docker Desktop versus the runtime itself.
https://github.com/p8952/bocker/blob/master/bocker