The big difference is that for every system call in a virtual machine (leaving optimisations aside), the hypervisor has to intercept the mode-change and then attempt to emulate kernel mode for the guest operating system while leaving the processor actually running in user mode (this involves a lot of mode switching as the guest OS will typically be executing privileged instructions at this point).

In a container, the real (only) OS executes the system call and emulates nothing - big performance win there alone (never mind memory for multiple copies of operating system, page tables, competing attempts to manipulate the address translation lookaside, etc, etc).

The downside, of course, is that you can't run, say Windows + Linux on the same machine - but that's not really an issue except in development environments.

