Too Long; Didn't Read
A container image, in its most basic form, is a collection of tarball files in charge of the following tasks: Provide a root filesystem for the container process and its children to build an isolated environment, restrict access to files and commands outside of the root.