But processes - theoretically - are segregated. Own address space, running as different users, bound to a processor set, etc. The use of hypervisors is because processes in practice don't really do what they say on the tin, so you need to force another layer of protection and manageability in, and just eat the overhead.
I suppose I was thinking from the 'lazy throw up apache, mysql and wordpress' mindset. If example.com is in its own container with its own mysql database, I do not have to worry about www.test.com getting exploited and example.com's mysql data getting leaked into the wild. I'm also from the days when buffer overflows were on every daemon. Unauthorized remote shell access was always a threat back in those days.
