Here's a presentation video from the very recent OpenStack Summit Vancouver 2018. The topic repeats what Dan Walsh was saying a couple of years ago. Again, this is talking about application containers using traditional kernel features like namespaces and cgroups... because as we all know, in the Linux kernel, containers are NOT a REAL thing.
Just to be clear, OpenVZ... which is a mature out-of-tree patch for system containers that has been around and maintained for well over 13 years... does contain... but the hype is all around application containers like Docker and its work-alikes.
Two companies have been working on two separate projects to contain containers by running them within very light-weight KVM virtual machines. A while ago those projects merged to become Kata Containers and they also had a we-released-1.0 presentation at the conference. Their tagline is, "The speed of containers, the security of VMs". It is still focused on application containers and perhaps not-so-oddly are implemented as an additional runtime for Docker and uses OCI container images rather than a more traditional KVM (qcow2 or raw) disk image. I will ask the question... can Kata be used to run system containers and if not, why not?