We don't think that's a defining characteristic no.
We keep the kernel/user cause otherwise you can very very easily change page permissions which means all security goes out the window. You could instantly make rwx on all pages with a few instructions.
If you rewind to ~ 2013 most unikernels were talking about trashing the context switch yet depending on the "context" that implies various things (kthread <> kthread, user proc <> user proc, user thread <> user thread, etc...) They all have different costs and while we definitely agree with the aggressive cost of various user process to user process the kernel <> user was one we felt was not worth trashing.
Clearly though, because of massive adoption, we see 200% extra throughput on GCP and up to 300% on AWS - so the performance and security remain.
We keep the kernel/user cause otherwise you can very very easily change page permissions which means all security goes out the window. You could instantly make rwx on all pages with a few instructions.
If you rewind to ~ 2013 most unikernels were talking about trashing the context switch yet depending on the "context" that implies various things (kthread <> kthread, user proc <> user proc, user thread <> user thread, etc...) They all have different costs and while we definitely agree with the aggressive cost of various user process to user process the kernel <> user was one we felt was not worth trashing.
Clearly though, because of massive adoption, we see 200% extra throughput on GCP and up to 300% on AWS - so the performance and security remain.