I don't see the value in unikernel-as-a-process. Most of the syscalls save time by e.g. sending a bulk payload and having the kernel space TCP/IP implementation break that up into fragments and handle sending them to the interface. Moving the barrier halfway down now means you did all of the work and got negative performance benefits - seemingly under the guise of security... but isn't the whole point of unikernels to run hardware assisted VMs as your segmentation barrier instead of relying on software ferrying calls and data between hardware trust levels?
The value lies in security in this context. You also get a bit of performance as the "unikernels" are self-contained. So you can do most things, including the IP stack without switching into kernel mode.
I'm guessing this is mostly interesting for FaaS platforms or similar. You get isolation similar to hardware-assisted vms but with a lot less overhead and with phenomenal boot-times.
