diff --git a/daemon/container.go b/daemon/container.go
index 7338514682..26faedfdf9 100644
--- a/daemon/container.go
+++ b/daemon/container.go
@@ -329,6 +329,10 @@ func (daemon *Daemon) verifyContainerSettings(platform string, hostConfig *conta
 		return nil, errors.Errorf("invalid restart policy '%s'", p.Name)
 	}
 
+	if !hostConfig.Isolation.IsValid() {
+		return nil, errors.Errorf("invalid isolation '%s' on %s", hostConfig.Isolation, runtime.GOOS)
+	}
+
 	// Now do platform-specific verification
 	return verifyPlatformContainerSettings(daemon, hostConfig, config, update)
 }
diff --git a/daemon/daemon_linux_test.go b/daemon/daemon_linux_test.go
index 36ef52e25a..e027b14dd0 100644
--- a/daemon/daemon_linux_test.go
+++ b/daemon/daemon_linux_test.go
@@ -157,3 +157,10 @@ func TestTmpfsDevShmSizeOverride(t *testing.T) {
 		t.Fatal("/dev/shm not found in spec, or size option missing")
 	}
 }
+
+func TestValidateContainerIsolationLinux(t *testing.T) {
+	d := Daemon{}
+
+	_, err := d.verifyContainerSettings("linux", &containertypes.HostConfig{Isolation: containertypes.IsolationHyperV}, nil, false)
+	assert.EqualError(t, err, "invalid isolation 'hyperv' on linux")
+}
diff --git a/daemon/daemon_test.go b/daemon/daemon_test.go
index 4044fad836..422be1fd77 100644
--- a/daemon/daemon_test.go
+++ b/daemon/daemon_test.go
@@ -4,6 +4,7 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"runtime"
 	"testing"
 
 	containertypes "github.com/docker/docker/api/types/container"
@@ -16,6 +17,7 @@ import (
 	"github.com/docker/docker/volume/local"
 	"github.com/docker/docker/volume/store"
 	"github.com/docker/go-connections/nat"
+	"github.com/stretchr/testify/assert"
 )
 
 //
@@ -302,3 +304,10 @@ func TestMerge(t *testing.T) {
 		}
 	}
 }
+
+func TestValidateContainerIsolation(t *testing.T) {
+	d := Daemon{}
+
+	_, err := d.verifyContainerSettings(runtime.GOOS, &containertypes.HostConfig{Isolation: containertypes.Isolation("invalid")}, nil, false)
+	assert.EqualError(t, err, "invalid isolation 'invalid' on "+runtime.GOOS)
+}