Absolutely, that reduces your surface area more than anything else, but at an enormous cost to ergonomics.

Some of us are still fighting for docker images to not include a vim install ("but it's so handy!") and here we've got madlads building their app as its own bootable machine image.

It’s not the best way to get low per-privilege domain overhead and fungible resource allocation. You’re ultimately limited by your hypervisor on those fronts. gVisor containers are ultimately a few Linux processes and mostly behave like one from a CPU and memory allocation perspective.

The last solution I looked at to do something like this was using tap / tun devices for networking. How does unikraft handle network isolation and virtualization?

not really, its just attack surface reduction

These people definitely do not understand security at all:

https://github.com/unikraft/unikraft/issues/414

Also - one needs to be careful cause many of the workloads they advertise on their site do not actually run under their kernel - it runs under linux which breaks a completely different type of trust barrier.

As for trust/full disclosure - I'm with nanovms.com