Modern containers are a mix of cgroups, namespaces, pivot_root (like chroot but more appropriate for containers), and seccomp.

Some implementations (e.g. firecracker-containerd) also use SELinux and CPU virtualization support.

"containers are just chroot" is an oversimplification to the point it's misleading.