Comment by zozbot234

One key difference is that the equivalent to kernel syscalls on *nix generally involves userland-provided services, and this applies to a lot more than just ordinary file access. The local equivalents to arbitrary "containerization/namespacing" and "sandboxing" are just natively available and inherent to how the system works. You can't do this out of the box on *nix where every syscall directly involves kernel facilities, so the kernel must have special provisions to containerize, sandbox, delegate specific things to userland services etc.