> On performance: ... In particular I am thinking how there's a whole body of research of database buffer pool management

Why? The solution thus far has been to turn off what the kernel does, and, do those things in userspace, not move everything in the kernel? Where are these performance gains to be had?

> The Linux kernel is a general purpose utility optimizing for the entire range of "normal things" people do with their Linux machines.

Yeah, like logging and debugging. Perhaps you say: "Oh we just add that logging and debugging to the blob we run". Well isn't that now another thing that can take down the system, when before it was a separate process?

> That and startup times, big world of difference.

Perhaps in this very narrow instance, this is useful, but what is it useful for? Can't Linux or another OS be optimized for this use case without having to throw the baby out with the bathwater? Can't one snapshot a Firecracker VM and reach even faster startup times?

> On security, I don't think it's unreasonable or pure "security theatre" to go removing an attack surface entirely

Isn't perhaps the most serious problem removing any and all protection domains? Like between apps and the kernel and between the apps themselves?

I mean -- sure maybe remove the filesystem, but isn't no memory protection what makes it a unikernel? And, even then, a filesystem is usually a useful abstraction! When have I found myself wanting less filesystem? Usually, I want more -- like ZFS.

This is all just to say -- you're right -- there may be a use case for such systems, but no one has really adequately described what that actually is, and therefore this feels like systems autoeroticism.