Lxc has since 1.0 come with isolation and security as part of it's design and feature set. Docker started as a convenient approach to bundling up chroots - and AFAIK hasn't really made much of a real effort wrt security - other than somewhat ill-advised approach to tacking on (enabling) a feature here or there... (That's not counting external projects like rkt running images as vms etc).

Lxc is much closer to jails in that sense - but eg lxc/Lxd on Ubuntu is hardly (meant to be) a silver bullet.