Yes. Think of it like depending on a small kernel directly in your build step. So your application gets compiled with everything (including OS interface) that it needs and nothing more. The result is a bootable image that is only capable of running your app.
I think the value isn't in the containerization vs unikernel comparison. If you're using containerization you've accepted certain security risks. Where unikernels have a lot of potential IMO is in high security environments where the security risks of containerization are not acceptable.
I think the value isn't in the containerization vs unikernel comparison. If you're using containerization you've accepted certain security risks. Where unikernels have a lot of potential IMO is in high security environments where the security risks of containerization are not acceptable.