> That's why cloud providers all use mini-VMs to run customer containers (e.g. AWS Fargate) or force the customer to manage their own VMs that run the containers.

This is only partially true. Google's runtime (gvisor) does not share a kernel with the host machine, but still runs inside of a container.