docker -- Linux 3.8

In general, a 3.8 Linux kernel is the minimum requirement for Docker,

The latest minor version (3.x.y) of the 3.10 (or a newer maintained version) Linux kernel is recommended.

Linux namespaces & cgroups Availability:

Linux 3.8
http://kernelnewbies.org/Linux_3.8

Linux 3.8 was released on Mon, 18 Feb 2013.

This Linux release includes support in Ext4 for embedding very small files in the inode, which greatly improves the performance for these files and saves some disk space. There is also a new Btrfs feature that allows to replace quickly a disk, a new filesystem F2FS optimized for SSDs, support of filesystem mounts, UTS, IPC, PIDs, and network stack namespaces for unprivileged users, accounting of kernel memory in the memory resource controller, journal checksums in XFS, an improved NUMA policy redesign and, of course, the removal of support for 386 processors. Many small features and new drivers and fixes are also available.

1. Prominent features in Linux 3.8
   1. Ext4 embeds very small files in the inode
   2. Btrfs fast device replacement
   3. F2FS, a SSD friendly file system
   4. User namespace support completed
   5. XFS log checksums
   6. Huge Pages support a zero page
   7. The memory resource controller supports accounting of kernel memory
   8. Automatic NUMA balancing
   9. Removal of support for 386 processors
2. Driver and architecture-specific changes
3. Various core changes
4. Filesystems
5. Block
6. Crypto/keyring
7. Security
8. Perf
9. Virtualization
10. Networking
11. Other news sites that track the changes of this release

1.4. User namespace support completed

Per-process namespaces allow to have different namespaces for several resources. For example, a process might see a set mountpoints, PID numbers, and network stack state, and a process in other namespace might see others. The per-process namespace support has been developed for many years: The command unshare(1), available in modern linux distros, allows to start a process with the mount, UTS, IPC or network namespaces "unshared" from its parent; and systemd uses mount namespaces for the ReadWriteDirectories, ReadOnlyDirectories or InaccessibleDirectories unit configuration options, and for systemd-nspawn. But the use of namespaces was limited only to root.
This release adds is the ability for unprivileged users to use per-process namespaces safely. The resources with namespace support available are filesystem mount points, UTS, IPC, PIDs, and network stack.
For more details about the Linux namespace support, what they are, how they work, details about the API and some example programs, you should read the article series from LWN

• Namespaces in operation, part 1: namespaces overview
  Namespaces in operation, part 2: the namespaces API
  Namespaces in operation, part 3: PID namespaces
  Namespaces in operation, part 4: more on PID namespaces
  

(The remaining namespaces will be covered in future LWN articles)

[..]

1.7. The memory resource controller supports accounting of kernel memory

The Linux memory controller is a control group that can limit, account and isolate memory usage to arbitrary groups of processes. In this release, the memory controller has got support for accounting two types uses of kernel memory usage: stack and slab usage. These limits can be useful for things like stopping fork bombs.
The files created in the control group are:

• memory.kmem.limit_in_bytes: set/show hard limit for kernel memory
  memory.kmem.usage_in_bytes: show current kernel memory allocation
  memory.kmem.failcnt: show the number of kernel memory usage hits limits
  memory.kmem.max_usage_in_bytes: show max kernel memory usage recorded
  

Recommended LWN article: KS2012: memcg/mm: Improving kernel-memory accounting for memory cgroups