The model was originally: OS + processes. Due to security reasons (which are wrong) it changes to: hypervisor + OSs + processes. However, the hypervisor and the OS really do the same thing; they multiplex multiple programs onto a single piece of hardware. The unikernel people recognized that and decided to collapse the OS + processes so you now just have: hypervisor + (hypercall library/OS stub + process)s. The better model is just making a better OS so you can drop the hypervisor layer and return to OS + processes. This model has better performance, easier development, more observability, and is basically just better in every way.
Unfortunately, nobody wants to do this because everybody wrongly believes that hypervisors are magically more secure than operating systems for the reasons I stated in my previous comment. This is really the only thing propping up the hypervisor and, by extension, the unikernel concept. As soon as you no longer believe they are magically more secure there are hardly any reasons to prefer a hypervisor over a properly designed operating system beyond the one use case I mentioned in a sibling comment which is running a binary-only program targeting a different operating system.
