Here's what it means to virtualize some other subsystems. A guest VM system would have some amount of memory assigned to it. Processes loaded into it would compete with each other for this memory, and their total memory usage would be limited to this pool.
The combination of a guest filesystem plus a guest VM system would limit the file caching to this pool, as well, making it a good compartment for something like updatdb.
A guest network stack would be a separate, independent network node. Processes confined to this would have access to a separate set of ports and its own IP address. They would share whatever filtering, QOS, TC, etc applied to the virtual interface in the host kernel.