A container isolation method for a netlink resource includes receiving, by a kernel executed by a processor, a trigger instruction from an application program. The method also includes creating, by the kernel according to the trigger instruction, a container corresponding to the application program, creating a netlink namespace for the container, and sending a notification to the application program indicating that the netlink namespace is created. The method further includes receiving, by the kernel, a netlink message from the container, wherein the netlink message comprises entries generated when the container runs. The method additionally includes storing, by the kernel, the entries based on an identifier of the netlink namespace for the container, to send an entry required by the container to user space of the container.