Historically, the difference has been that VMs are easier to manage the resources that they use, since everything is virtual. With containers, nothing is virtual, there is simply a management layer that prevents you from doing certain things.

When you write a file on a VM, the virtual disk drive is called from the VM, the hypervisor eventually translates that into a write(2) call. When you write a file on a container, there is no intermediate step, the process in the container directly invokes write(2). The same applies to every syscall.

This directness is what makes containers so much more efficient than VMs, but it is also what prevented them from being used as much - with a VM, you can more closely constrain how much resource each VM uses, where as with early containers, a single container can easily use up all the resources on the box.

More modern containers like libcontainer and FreeBSD jails virtualise access to certain resources in order to allow controlling how much of that resource each container can use. This gives vastly less control than a VM would, eg in Docker and Jails you can control the cpuset and cpu shares that the processes in the container can see, and Docker can additionally control how much memory the container can see, but it cannot do things like ballooning or overallocation (iirc). Interestingly, Docker with LXC gives you far more resource controls than Docker with libcontainer.

Since the resource control is quite basic, the overhead of providing it is much less than on a VM. However, since the resource control is quite limited, you cannot do things like allocating a far share of IOPS, so if you have a container that uses all of your disk IOPS, you will still starve all your other containers. Hypervisors like KVM allow you to specify IOPS and throughput on virtual disk devices.

